troubleshooting Question

Strange names applied to downloaded files from links

Avatar of BillDL
BillDLFlag for United Kingdom of Great Britain and Northern Ireland asked on
Web BrowsersWindows Live MailWindows XP
9 Comments3 Solutions686 ViewsLast Modified:
Hi Experts

I have just noticed some strange behaviour with my Windows XP SP3 IE7 system with regard to the names applied to downloaded files.

I had looked back at another EE question that prompted me to download a program again.
http://www.medical-dictionary.ro/download.html
A Right-Click > Copy Shortcut on the "Version 2.0" link pastes as this:
http://www.medical-dictionary.ro/download/xt2installer1.exe
but Right-Click > Save Target As downloads the file as: "xt2installer1CAX7JBQU.exe"

So, it has added on "CAX7JBQU" to the file name, and that at first glance matches the names of the files here:
C:\Documents and Settings\Bill\Local Settings\Bill\Temporary Internet Files\Content.IE5\

The thing is that none of the sub-folders there has that name:
55VSLUVQ, 65K93GTA, 7V9X2QCS, JQ18NKJP, ON08ZNU8, SK3CE7JA, SPOMD3SH, U07EKR1E

This is not isolated to that page, eg. maybe a PHP Script has modified the file name as it is fetched from source.  I first noticed this with the following link that I was pasting in another question this morning.  You will see the link to "ntfsext.exe" in the comment ID 34129989 in this question:
https://www.experts-exchange.com/Q_26600910.html

That saves as "ntfsextCA7ZZZZD.exe" even though the shortcut's target is to "ntfsext.exe", and I have no temporary internet files sub-folders named "CA7ZZZZD".

The file is actually downloaded to the temporary internet files folders as "ntfsextCA7ZZZZD.exe" before it copies to my specified download destination, so it doesn't appear to be something applied after the download.

Note, the same applies when I paste the link into a new Outlook Express message, show the "preview" tab, and click or right-click the link.

This behaviour seems so far to be isolated to links Internet Exlorer and Outlook Express.
It DOES NOT occur with links in Firefox, Google Chrome, Opera, or from a Windows shortcut to a target file.

Deleting the temporary internet files does not change the behaviour.

Has anybody else experienced this behaviour?
Perhaps it is a Windows Update at work?
Malicious behaviour?

As far as I can determine this computer is currently free from malware.

The only recent changes I made to this system are that I installed the free ZoneAlarm firewall and upgraded my AVG Free AntiVirus application.  It is hard to know when it occurred in relation to those applications, but I will try to test with ZoneAlarm disabled.  It's a bit harder to completely disable AVG though.

Thanks

Bill
ASKER CERTIFIED SOLUTION
dbrunton
Quid, Me Anxius Sum? Illegitimi non carborundum.

Our community of experts have been thoroughly vetted for their expertise and industry experience.

Join our community to see this answer!
Unlock 3 Answers and 9 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 3 Answers and 9 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros