netsys_neuisd
asked on
All files and progams under current user profile deleted but folder structure remain
We had a issue in our company where roughly 10 PC were affected.
The user who's login to their PC had all their files deleted, excel, PDF, word, nsf and any files associated with this user were deleted. The folder create by this user were not delete but only files were deleted. We ran antivirus scan and no virus was found. We ran malware software and nothing was found. Some employee had full admin and some users right. Also, other profiles that existed on this PC were not deleted.
On one case, the user was using the PC and then all of sudden the files were deleted. I check the logs and found nothing unusual. Then I clean up the PC with a registry cleaner. Then I reinstall all the software again. I launched excel, adobe reader, word and other programs. I reinstalled and every program open as expected. Then last thing I ran was Lotus Notes. When setting up the Lotus Notes, usually it will take you immediately to the wizard to setup the user ID file. I waited but Lotus Notes never open. Then I check the PC again and all the programs I reinstalled and files were deleted again. This happen on four out of ten PC. Not sure if all the other PC had similar events since we had several staff supporting the 10 PC.
Wondering if anyone experienced this before or could think of other possibilities how this might occur. Virus, malware, command line, etc.
Thanks in advance.
The user who's login to their PC had all their files deleted, excel, PDF, word, nsf and any files associated with this user were deleted. The folder create by this user were not delete but only files were deleted. We ran antivirus scan and no virus was found. We ran malware software and nothing was found. Some employee had full admin and some users right. Also, other profiles that existed on this PC were not deleted.
On one case, the user was using the PC and then all of sudden the files were deleted. I check the logs and found nothing unusual. Then I clean up the PC with a registry cleaner. Then I reinstall all the software again. I launched excel, adobe reader, word and other programs. I reinstalled and every program open as expected. Then last thing I ran was Lotus Notes. When setting up the Lotus Notes, usually it will take you immediately to the wizard to setup the user ID file. I waited but Lotus Notes never open. Then I check the PC again and all the programs I reinstalled and files were deleted again. This happen on four out of ten PC. Not sure if all the other PC had similar events since we had several staff supporting the 10 PC.
Wondering if anyone experienced this before or could think of other possibilities how this might occur. Virus, malware, command line, etc.
Thanks in advance.
Lukasz Chmielewski
do not setup lotus notes, reinstall programs and leave the user to work for a day to see if this causes the problem
When you trying to delete user profile, if there any open file handle in any sub folders, the directory structure will not delete while file is open.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
""SU_FILE_CLEANUP=C:\""
Wow..... Kinda speechless...... Cant believe that the app would attempt that....
Great find though.....
Wow..... Kinda speechless...... Cant believe that the app would attempt that....
Great find though.....
ASKER
thanks...its very strange that this would occur but any program should never have the authority to do this type of deletion..if anything installation files should be added without delete option with the temp folder or the feature to delete the installation files from smartupgrade policy should be removed...