G
Guest
In November, I got a new IBM ThinkPad R52 running XP Pro. Over time I
noticed that folders with 24-character random hexidecimal names were
periodically being added to my root C:\ drive. At first, a new folder
appeared
several times a day. Since 9 December, exactly one per day has been added,
always at 3 am.
Each folder contains a single file, always named msxml4-KB927978-enu.log.
The first line of each file, always the same except for the date, is: "===
Verbose logging started: 12/26/2006 3:00:36 Build type: SHIP UNICODE
3.01.4000.2435 Calling process: C:\WINDOWS\system32\msiexec.exe ===".
Following that are hundreds of log lines (the text of the first one is: "MSI
(c) (E0:30) [03:00:36:812]: Resetting cached policy values"). Many of these
entries imply to my untrained eye that scary things are being done to my
system.
This system has always had an up-to-date antivirus running on it.
I spoke to ThinkPad tech support, who speculated that it is all some kind of
virus and suggested that I get rid of everything with 'msxml' in the title.
Can you explain what is going on?
And what should I do to get it to stop?
~ Thanks
~ Ken Winter
noticed that folders with 24-character random hexidecimal names were
periodically being added to my root C:\ drive. At first, a new folder
appeared
several times a day. Since 9 December, exactly one per day has been added,
always at 3 am.
Each folder contains a single file, always named msxml4-KB927978-enu.log.
The first line of each file, always the same except for the date, is: "===
Verbose logging started: 12/26/2006 3:00:36 Build type: SHIP UNICODE
3.01.4000.2435 Calling process: C:\WINDOWS\system32\msiexec.exe ===".
Following that are hundreds of log lines (the text of the first one is: "MSI
(c) (E0:30) [03:00:36:812]: Resetting cached policy values"). Many of these
entries imply to my untrained eye that scary things are being done to my
system.
This system has always had an up-to-date antivirus running on it.
I spoke to ThinkPad tech support, who speculated that it is all some kind of
virus and suggested that I get rid of everything with 'msxml' in the title.
Can you explain what is going on?
And what should I do to get it to stop?
~ Thanks
~ Ken Winter