Suspicious looking folder

[quote=http://www.file-extension.com/files/DS/]Detailed information for file extension DS

Category: Executable Files
File format: Open-Source
Open with Windows: Adobe Photoshop or any TWAIN compliant Image Editing software
Open with Linux: TWAIN compliant Image Editing software
The DS file extension adheres to the architectural layer of TWAIN where each delivers a distinct functionality in the image transfer process. The Application Layer focuses on the particular program executed by the user for retrieving the image from the capture device. This application facilitates the request for an image to send instruction to the TWAIN Data Source. This Data Source represented by the DS file extension is the software component which was developed by the hardware vendor specifically for the bundled device. This translates the commands between TWAIN and the device drivers. A dialog box may be displayed by the data source depending on the application being run by the user. Normally, the DS file extension is responsible for requiring user input in terms of hardware device setting selections. The Device Driver is the recipient of the commands issued by the DS file extension and passes it on to the device to accurately test its status and initiate the image capture process. The last layer is the Still Image Device represented by the physical device like a digital camera or scanner that is used for image capturing.[/quote]

Try seeing what those files contain. If you see anything that looks like something you did, then it means you’ve got some weird-ass key-logger that saves screenshots on your own computer. Other than that, try and recall if you tried any key-loggers or not on your own PC. If needed, ask people with access to that computer if they did. As last resort, you can always back your files and clean the drive :P I suggest you check the creation date of some of those files/folders, see if that gives you any hints…

Okay those sites are all friendly sites but here’s the thing. If it were an attack and you feel so, and these were incoming connections then the sites servers could have been used as a proxy or vpn to assist in the attack. Now, .ds is used for imaging capturing software associated with files, printers, cameras, etc. .dsa is used for 3d modeling software associated for daz studio which is a 3d modeling software, and .dsf is used for corel designer. In conclusion these files all have to be handled by another software. So I don’t know much about your system or if your computer is running any of these software. Where is the E; drive coming from? is it a usb, external harddrive, virtual drive, partition, or what? So if this were an attack or virus I’m thinking that there was an exploit written for these software and you’ve fallen victim. Not only that, but probably pissed someone off in someway.

Here’s what I’d do! If you know your system and what you are doing I reccomend taking these files and zipping them up, get ahold of some anti-virus company and submit this attack to them and have them look into it. Whether you hear from them or not idk but oh well now others can be safe to this attack. Now as I said, if you know your system and what you are doing, get rid of the files, look at the time they were created, and your using windows so maybe even throw in a system restore. If this is an attack it looks pretty well written. Like it can handle breaking encryption, opening closing connections and such, just by the file names. If anything looks like it’d be a RAT. So if you know what you’re doing. Burn them….

[quote=you]
Next I naturally got some virus scans running:
AVG pulled up nothing[/quote]

Anti-virus use a database of previous used attacks. If someone wants something from you and wrote their own exploits using scripts in these software, they are more than likely not going to be in the databases.

AVG is pretty shitty

and I recommend getting a firewall in place if you don’t have one.

I close and open ports when I need them (when I used win7 anyways).

Comodo Firewall is pretty good. Take time to set it up and use their anti-virus too. Their whole setup is badass.

So yeah looks like @Fireshard and I are on the same page.

A RAT usually is what handles tasks such as screenshots, keyloggers, accessing other hardware, etc.

Ok thanks for the responses.
-My E:/ drive is a second hard drive I got for my laptop..
-I don’t use any of the software you mentioned for the .ds files.
-Can’t think how or why I could have pissed anyone off :D
-I haven’t downloaded any key loggers and since this is a personal laptop which no-one else uses neither will anybody else.

Another website it seems to be connecting to is delta5security.com which looks to be some Miami based security company to do with anything from armed security to police escorts! Very strange :/

You may be hosting a bigger attack and out of the 7.046 billion people in this world you are one of the unlucky ones so I’d say if it doesn’t look like it’s all your stuff and you know this, I’d get rid of the files and folders for sure. A system restore and writing to the empty space as well would be a good idea.

Ok thanks for the help. Will definitely get rid of these folders, would permanently shredding with AVG be better than just deleting?

I doubt it’s going to be anything catastrophic but never take security lightly

Of course, thank you very much for the help. It is appreciated :)

-Shadowman

Not neccessarily… I mean if you delete them they aren’t going to resurrect themselves from the grave but the problem is if there’s another virus going to check if the files still exist and if not then create new ones. If you want to permanently get rid of data I would try understanding, just for the sake of knowledge not really your situation, how deleted data works. Here’s a good video.

I reccomend system restore since there could be the chance the virus is still waiting to write new files once it has been discovered and deleted or any registry changes.

Also, search your drives for common files or duplicates, system restore best option. Check the dates the files were created. I reccomend a day prior to the creation of the files.

no problem mate

System restore seems like my best bet.
Thanks for the video it was very interesting (got to love vsauce) :D