Mystery files on HD

[neillm2001]

I have noticed that a series of mystery files appear on my HD Windows
directory whenever i boot normally. They are not present when I boot
into safe mode. There are 11 files named as follows: 1, 5, A, E, F,
G, I, L, P, S, Y. Each file is 1.49GB in size. The files have no
extensions. Under normal circumstances my C drive would contain about
12GB. This drive only contains the XP Pro OS and those programs I feel
are needed to support the OS and the Applications installed on the D
drive. The presence of these files has sure messed up my daily
imaging routine. When I try to move the files t test system operation
without their being present, I get an error dialog that the files are
in use by some unspecified program. Does anybody have any idea on
what is going on?

 

[Gerry Cornell]

Jim

Are they files or folders?

Go to Start, Control Panel, Folder Options, View, Advanced Settings
and verify that the box before "Show hidden files and folders" is
checked and "Hide protected operating system files " is unchecked. You
may need to scroll down to see the second item. You should also make
certain that the box before "Hide extensions for known file types" is
not checked. Next in Windows Explorer make sure View, Details is
selected and then select View, Choose Details and check before Name,
Type, Total Size, and Free Space.

Are you now able to see a file extension?

--

Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~

 

[Guest]

Jim

Are they files or folders?

Go to Start, Control Panel, Folder Options, View, Advanced Settings
and verify that the box before "Show hidden files and folders" is
checked and "Hide protected operating system files " is unchecked. You
may need to scroll down to see the second item. You should also make
certain that the box before "Hide extensions for known file types" is
not checked. Next in Windows Explorer make sure View, Details is
selected and then select View, Choose Details and check before Name,
Type, Total Size, and Free Space.

Are you now able to see a file extension?

--

Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~

Adding to Gerry advice and what the Path for this Files/Folders?.
Do you have Ebook installed and you got some stuff from the internet?.
Are they here:
C:\Windows|System32\<MysteryFiles>
C:\Windows\<MysteryFiles>
C:\<MysteryFiles>
Read this:
http://starbase.jpl.nasa.gov/archiv.../vg_0014/browse/jupiter/c1547xxx/c1547308.ibg
Tell us the exact path and the whole name, what Anti-virus you have
installed, Anti-spyrwaes and the Performance of your Computer is it slow more
than before, I mean very slow?.

Right click on one of them and select properties and see the Details of the
date created in and what program it belong to if it been listed on the
Details.
HTH.
nass

 

[neillm2001]

Gerry, I checked your suggestions and they were as you said they
should be. Still no extensions. I also checked to make sure that
Remote assistance is disabled. It appeared to be; however, when I
checked the advanced tab I found it to be enabled. I disabled it and
rebooted. Wheb the system came back up I found the remote assistance
to be enabled again. I ran the Boot log option on my last reboot and
will now start checking on the files that have loaded during boot up.
The mystery files are also files, not folders, residing in the root of
the windows directory.

One thing I have noticed during Boot up of my 2 systems. The one with
the mystery files Boots at least twice as fast as my other system.
The problem system is using the other system as an internet gateway
and that may account for some of the boot time diferences. However, I
am getting the impression that generating 16GB of files should take
quite a bit of time. I am beginning to believe that they are some
kind of dummy file.

Another responder, nass, asked about my system and if it has been
really slow. Sometimes file transfers are slow. But not always.The
system is an Athlon 64X2 4200 on an ECS NForce4M-A motherboard. I use
the Kerio Personal Firewall and NOD32 Antivirus. The file path is C:
\windows\1 and so on. I have right clicked the file and no Opens with
program is listed. It's file type is a system file. The hidden
attribute box is checked and dimmed. I checked the URL referenced in
your response and am not sure of what it means.

I am going to start through the boot log in a few hours.

 

[Gerry Cornell]

Jim

What program are you using for imaging? What are you imaging?

You refer to boot of my two systems. What two systems? Are you merely
comparing boot times for two computers?

If you are using two computers are they networked or merely sharing a
router? Are files shared?

Have you looked in the System and Application logs in Event Viewer for
Warning and Error Reports? Please post copies. No Information Reports
please.

You can access Event Viewer by selecting Start, Control Panel,
Administrative Tools, and Event Viewer. When researching the meaning
of the error, information regarding Event ID, Source and Description
are important.

HOW TO: View and Manage Event Logs in Event Viewer in Windows XP
http://support.microsoft.com/kb/308427/en-us

Part of the Description of the error will include a link, which you
should double click for further information. You can copy using copy
and paste. Often the link will, however, say there is no further
information.
http://go.microsoft.com/fw.link/events.asp
(Please note the hyperlink above is for illustration purposes only)

A tip for posting copies of Error Reports! Run Event Viewer and double
click on the error you want to copy. In the window, which appears is a
button resembling two pages. Click the button and close Event
Viewer.Now start your message (email) and do a paste into the body of
the message. Make sure this is the first paste after exiting from
Event Viewer.


--

Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~

 

[neillm2001]

Gerry,

I am using Norton Ghost to image my C drive, the OS drive, and D
drive, The Application drive. I did have it set up to image the C & D
drive on two of my computers to an external USB HD plugged into the
system on which the problem exists. I have had scheduled images made
weekly with differential backups made daily for the past 2 years.
However, the last scheduled backups were made just before the Old
Motherboard went bad. I replaced the MB, the CPU and the memory.
Because the hardware changes were so radical I had to reload Windows
and all of the Applications again. Since then Ghost has not worked
and these mystery files have showed up. The 2 computers are networked
with a GB network between the 2 systems with a switch and the switch
outputs to a router (10/100MB) to a cable modem for internet access.

I tried to run the XP installation in upgrade mode but it failed.

I am getting ready to try to reinstall XP and the applications again.
I am hoping that will solve the problem. I have checked the MB BIOS
for anything that may remotely cause this problem with no success.

Thanks for your help in this matter. jim

 

[cquirke (MVP Windows shell/user)]

Gerry, I checked your suggestions and they were as you said they
should be. Still no extensions. I also checked to make sure that
Remote assistance is disabled. It appeared to be; however, when I
checked the advanced tab I found it to be enabled. I disabled it and
rebooted. Wheb the system came back up I found the remote assistance
to be enabled again.

Smells a bit malware-ish, unless something else (such as a domain
controller) is "pushing" settings.

One thing I have noticed during Boot up of my 2 systems. The one with
the mystery files Boots at least twice as fast as my other system.

That's odd...

The problem system is using the other system as an internet gateway
and that may account for some of the boot time diferences. However, I
am getting the impression that generating 16GB of files should take
quite a bit of time. I am beginning to believe that they are some
kind of dummy file.

I would NEVER want to expose the rich exploitable surface of Windows
directly to the Internet, i.e. use Windows as a "router" via Internet
Commection Sharing host. I'd want to use a router in NAT mode,
ideally with WiFi disabled.

I really hope you are not full-sharing C:, and are not using XP Pro
with a weak password (as that exposes hidden admin shares c$ etc. to
network access).

--------------- ---- --- -- - - - -

Saws are too hard to use.
Be easier to use!

 

[Gerry Cornell]

Jim

I do not know enough about Norton Ghost to help you further.



--

Regards.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~

 

[neillm2001]

I do use a router between the gateway and the modem. I used to use a
DLink and it has been replaced with a Netgear. Then each of the
computers have Kerio firewall installed. I agree with you doubys about
not subjecting any microsoft OS directly to the internet. I am
hesttant to install Vista snce MS seems to be forcing us to use their
anti malware/virus/firewall stuff. So far they haven't demonstrated
any competency in these areas. I can't believe that they have learned
enough overnight. I still think their motto is "do your best to make
it secure". A lofty goal! But they have no real idea of what the
user needs. Focus groups are not the way to find out what is needed.
They only address what is there. Not necessarily what the user wants.
I was in one of their evaluations once. The product doesn't matter.
The fact that they thought I was too qualified to comment did bother
me. The people behind the mirror seemed to want someone to give the
GeeWiz act and not an opinion. The fact that I thought they were
lagging other developers by about a year wasn't appreciated either. I
learned something about MS right then. I also began to see why they
can't seem to get a solid product. They have many profitable
products. But few are solid.

I agree it sounds like malware. I can't find out what kind though. I
will go back to the drawing board on that.