Solved

AVLog Folder

Posted on 2010-08-23
11
472 Views
Last Modified: 2013-12-04
I have several pc's on our network that all of a sudden now have a folder at the root of C that is called
AVLog

C:\AVLog

In this folder are many files like RXI3223.08

Any idea what this is or what is causing it?

We use McAfee for antivirus.

Thanks
0
Comment
Question by:Wildone63
  • 6
  • 5
11 Comments
 
LVL 37

Expert Comment

by:Neil Russell
ID: 33505613
I suspect that you MAY have an infection. Download and install and run Malwarebytes.
http://www.malwarebytes.org/
0
 
LVL 1

Author Comment

by:Wildone63
ID: 33505647
I have Malwarebytes. Used it for along time now. It comes up clean.
0
 
LVL 37

Expert Comment

by:Neil Russell
ID: 33505750
How many files exist in this folder? how frequently are they created? have you looked at there contents at all?
0
 
LVL 1

Author Comment

by:Wildone63
ID: 33505759
some have only a few some have hundreds. Can't look at the contents.
0
 
LVL 37

Expert Comment

by:Neil Russell
ID: 33505797
Why cant you?
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 
LVL 1

Author Comment

by:Wildone63
ID: 33505804
they seem to be binary files. So if you open it in note pad it is just jibberish
0
 
LVL 37

Expert Comment

by:Neil Russell
ID: 33505817
and the frequency of creation?
Can you rename the folder to C:\AVLog.old ?
 
0
 
LVL 1

Author Comment

by:Wildone63
ID: 33505831
The frequency seems to be different on different machines. some once an hour some once every other day and everything in between,

Yes I can rename, and or delete, it comes back
0
 
LVL 37

Expert Comment

by:Neil Russell
ID: 33505850
Ok if you can rename it you should be able to alter permissins on it. Change the security permissions and make it READ ONLY for every account listed on the security tab. Leave the PC to run for a while and see if you either get any errors on screen or recorded in the eventlog. Might give away whats using it.
0
 
LVL 37

Accepted Solution

by:
Neil Russell earned 500 total points
ID: 33511503
Any feedback?
0
 
LVL 1

Author Closing Comment

by:Wildone63
ID: 33512375
Well as you suggested I made the folder read only. I have two errors in the event log from this am. They are from my McAfee AV-Diagnostics. So.... I am assuming that the AVLog folder is something from McAfee. The errors are very cryptic and do not mean anything to me. But it does look like part of it is an error opening. (the read only folder I am assuming.)

So I will go down that track and see if I can find anything from Mcafee.

Thanks for your help.
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

In today's information driven age, entrepreneurs have so many great tools and options at their disposal to help turn good ideas into a thriving business. With cloud-based online services, such as Amazon's Web Services (AWS) or Microsoft's Azure, bus…
For both online and offline retail, the cross-channel business is the most recent pattern in the B2C trade space.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now