-1

I don't know why w64.exe files are getting generated in various location in my laptop. Quick Heal puts them in quarantine files. Are these files generated by Microsoft? How can I be sure regarding this? Or are these some sort of virus because I have been deleting such files since morning but they keep coming in different location.

enter image description here

Edit: After my conversation with @Gantendo virus-total is showing no virus but Quick Heal Paid Application shows it as a virus file.

Improve this question
8
  • Upload one of the files to virustotal.com/gui/home/upload
    – Gantendo
    Commented Nov 23, 2021 at 8:01
  • Last time I turned PC restart then it came but now when I shut down my system and on it currently that file hasn't came. If it comes I will upload it to the website. Thanks @Gantendo
    – Jitendra Singh
    Commented Nov 23, 2021 at 8:09
  • Shows this after scanning @Gantendo
    – Jitendra Singh
    Commented Nov 23, 2021 at 8:24
  • Though virustotal is showing no virus but Quick Heal is showing it as virus here (I just got to know we can see virus of quarintine files)
    – Jitendra Singh
    Commented Nov 23, 2021 at 8:26
  • I do not trust Quick Heal. I have never used it or even heard of it. Install malwarebytes from malwarebytes.com and let that scan the computer. Quick Heal detects it as a generic malware file so it may be a false positive. In which other locations did the w64.exe file show up? You have shortcuts to w64 on your desktop and it seems to be some kinda python thing.
    – Gantendo
    Commented Nov 23, 2021 at 12:19

1 Answer 1

Reset to default
0

From Python's Documentation for venv Module:

The venv module provides support for creating lightweight “virtual environments” with their own site directories, optionally isolated from system site directories

Now, further on the same site:

usage: venv [-h] [--system-site-packages] [--symlinks | --copies] [--clear][--upgrade] [--without-pip] [--prompt PROMPT] [--upgrade-deps] ENV_DIR [ENV_DIR ...]

Here, I wouldn't say I know exactly what's happening, but I see a certain pattern — Python's lib folder have been copied back and again to C:\users\jatin\venv and to folders having the name of the arguements like C:\users\jatin\[-h] etc. (As a matter of fact \Lib\site-packages\pip\_vendor\distlib does have a w64.exe and this is the only w64.exe in the python folder.)

Now, possibilities in order of decreasing probabilty are:

  1. One of the OP's experiment with python created these wierd looking directories instead of creating a Virtualenv — Solution for this would be to simply delete those files created in C:\users\jatin
  2. Python's programs got messed up — Solution for this would be to Reinstall python.
  3. Some wierd malware is doing wierd things for wierd purposes: Scan your computer through. (As already said this is highly improbable.)

Although I would suggest you to start with a fresh installation of python and deleting those directories, just to make sure everything works like it should.

As for QuickHeal marking it as a malware, Many antiviruses sometimes mark python files as malwares. Also, the copied versions are still signed by microsoft. Long things short, there's no reason for you to worry.

Improve this answer
2
  • For your last paragraph yes the files are signed by Microsoft but QuickHeal does shows them virus even with their name so do I need to worry?
    – Jitendra Singh
    Commented Nov 24, 2021 at 2:20
  • Nope. To me, QuickHeal isn't reliable anymore. Rather use Malwarebytes or Bitdefender. And, they are signed by Microsoft, which actually means that they are the exact unedited copies of files present in python.
    – Saaransh Garg
    Commented Nov 24, 2021 at 3:28

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .