• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 456
  • Last Modified:

All files and progams under current user profile deleted but folder structure remain

We had a issue in our company where roughly 10 PC were affected.

The user who's login to their PC had all their files deleted, excel, PDF, word, nsf and any files associated with this user were deleted. The folder create by this user were not delete but only files were deleted. We ran antivirus scan and no virus was found. We ran malware software and nothing was found. Some employee had full admin and some users right. Also, other profiles that existed on this PC were not deleted.

On one case, the user was using the PC and then all of sudden the files were deleted. I check the logs and found nothing unusual. Then I clean up the PC with a registry cleaner. Then I reinstall all the software again. I launched excel, adobe reader, word and other programs. I reinstalled and every program open as expected. Then last thing I ran was Lotus Notes. When setting up the Lotus Notes, usually it will take you immediately to the wizard to setup the user ID file. I waited but Lotus Notes never open. Then I check the PC again and all the programs I reinstalled and files were deleted again. This happen on four out of ten PC. Not sure if all the other PC had similar events since we had several staff supporting the 10 PC.

Wondering if anyone experienced this before or could think of other possibilities how this might occur. Virus, malware, command line, etc.

Thanks in advance.
1 Solution
Lukasz ChmielewskiCommented:
do not setup lotus notes, reinstall programs and leave the user to work for a day to see if this causes the problem
When you trying to delete user profile, if there any open file handle in any sub folders, the directory structure will not delete while file is open.
netsys_neuisdAuthor Commented:
We did some analysis on a PC that had this issue and seems like its relating to smart upgrade which is a feature to upgrade Lotus notes clients. When the user executes the lotus notes icon to start the program, it runs the notes.ini file. Within the notes.ini file, there's the parameter below. If the "SU_FILE_CLEANUP=C:\" , then files on the C drive will be deleted. If the "SU_FILE_CLEANUP=C:\DOCUME~1\PATRIC~1\LOCALS~1\Temp\smkits" then the files are OK.
We duplicated this problem on a test PC and it wipe out all files with delete rights but files that are locked by lotus notes were not deleted.

SU_NEXT_UPDATE=07/24/2009 10:41:48 AM
SUT_NEXT_UPDATE=07/24/2009 10:41:48 AM

At one time the smart upgrade policy in notes were apply to person document of each employee's email account but has been removed for about two years now but seems like the entry remain in the ini file.
The smart upgrade feature in notes has not been confirm if its still active on the domino server or not.


Wow..... Kinda speechless...... Cant believe that the app would attempt that....

Great find though.....
netsys_neuisdAuthor Commented:
thanks...its very strange that this would occur but any program should never have the authority to do this type of deletion..if anything installation files should be added without delete option with the temp folder or the feature to delete the installation files from smartupgrade policy should be removed...
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

How do you know if your security is working?

Protecting your business doesn’t have to mean sifting through endless alerts and notifications. With WatchGuard Total Security Suite, you can feel confident that your business is secure, meaning you can get back to the things that have been sitting on your to-do list.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now