Scheduled tasks in C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-

[Ian Emery]

I am running a windows 2000 server and there were thousands of files in
C:\Documents and Settings\All Users\Application
Data\Microsoft\Crypto\RSA\S-1-5-18

I deleted all the files in this directory on Friday. I have 14 scheduled
tasks running on the server and expected 14 files to come back This morning
there were thousands of files again in this directory, so I deleted all the
scheduled tasks and stopped the task scheduler service and still files are
being placed in this directory, can anyone help??

The server has Mcaffee on it, its task scheduler is disabled

What could be putting files in this directory??

 

[Torgeir Bakken \(MVP\)]

I am running a windows 2000 server and there were thousands of files in
C:\Documents and Settings\All Users\Application
Data\Microsoft\Crypto\RSA\S-1-5-18

I deleted all the files in this directory on Friday. I have 14 scheduled
tasks running on the server and expected 14 files to come back This morning
there were thousands of files again in this directory, so I deleted all the
scheduled tasks and stopped the task scheduler service and still files are
being placed in this directory, can anyone help??

The server has Mcaffee on it, its task scheduler is disabled

What could be putting files in this directory??

Hi,

A couple of options on how to try to find the culprit:


1)
Temporarily enable auditing of the folder:

How To Set, View, Change, or Remove Auditing for a File or Folder
in Windows 2000
http://support.microsoft.com/kb/301640


2)
Use Sysinternals FileMon utility to try to find which process that
creates those files.

FileMon is available for free here:
http://www.sysinternals.com