Strange names applied to downloaded files from links
Hi Experts
I have just noticed some strange behaviour with my Windows XP SP3 IE7 system with regard to the names applied to downloaded files.
I had looked back at another EE question that prompted me to download a program again.
http://www.medical-dictionary.ro/download.html
A Right-Click > Copy Shortcut on the "Version 2.0" link pastes as this:
http://www.medical-dictionary.ro/download/xt2installer1.exe
but Right-Click > Save Target As downloads the file as: "xt2installer1CAX7JBQU.exe
So, it has added on "CAX7JBQU" to the file name, and that at first glance matches the names of the files here:
C:\Documents and Settings\Bill\Local Settings\Bill\Temporary Internet Files\Content.IE5\
The thing is that none of the sub-folders there has that name:
55VSLUVQ, 65K93GTA, 7V9X2QCS, JQ18NKJP, ON08ZNU8, SK3CE7JA, SPOMD3SH, U07EKR1E
This is not isolated to that page, eg. maybe a PHP Script has modified the file name as it is fetched from source. I first noticed this with the following link that I was pasting in another question this morning. You will see the link to "ntfsext.exe" in the comment ID 34129989 in this question:
https://www.experts-exchange.com/questions/26600910/Move-seems-to-have-lost-some-of-my-files-in-WIN-XP-PRO-and-Outlook-Express-does-not-like-my-recovered-DBX-files.html
That saves as "ntfsextCA7ZZZZD.exe" even though the shortcut's target is to "ntfsext.exe", and I have no temporary internet files sub-folders named "CA7ZZZZD".
The file is actually downloaded to the temporary internet files folders as "ntfsextCA7ZZZZD.exe" before it copies to my specified download destination, so it doesn't appear to be something applied after the download.
Note, the same applies when I paste the link into a new Outlook Express message, show the "preview" tab, and click or right-click the link.
This behaviour seems so far to be isolated to links Internet Exlorer and Outlook Express.
It DOES NOT occur with links in Firefox, Google Chrome, Opera, or from a Windows shortcut to a target file.
Deleting the temporary internet files does not change the behaviour.
Has anybody else experienced this behaviour?
Perhaps it is a Windows Update at work?
Malicious behaviour?
As far as I can determine this computer is currently free from malware.
The only recent changes I made to this system are that I installed the free ZoneAlarm firewall and upgraded my AVG Free AntiVirus application. It is hard to know when it occurred in relation to those applications, but I will try to test with ZoneAlarm disabled. It's a bit harder to completely disable AVG though.
Thanks
Bill
I have just noticed some strange behaviour with my Windows XP SP3 IE7 system with regard to the names applied to downloaded files.
I had looked back at another EE question that prompted me to download a program again.
http://www.medical-dictionary.ro/download.html
A Right-Click > Copy Shortcut on the "Version 2.0" link pastes as this:
http://www.medical-dictionary.ro/download/xt2installer1.exe
but Right-Click > Save Target As downloads the file as: "xt2installer1CAX7JBQU.exe
So, it has added on "CAX7JBQU" to the file name, and that at first glance matches the names of the files here:
C:\Documents and Settings\Bill\Local Settings\Bill\Temporary Internet Files\Content.IE5\
The thing is that none of the sub-folders there has that name:
55VSLUVQ, 65K93GTA, 7V9X2QCS, JQ18NKJP, ON08ZNU8, SK3CE7JA, SPOMD3SH, U07EKR1E
This is not isolated to that page, eg. maybe a PHP Script has modified the file name as it is fetched from source. I first noticed this with the following link that I was pasting in another question this morning. You will see the link to "ntfsext.exe" in the comment ID 34129989 in this question:
https://www.experts-exchange.com/questions/26600910/Move-seems-to-have-lost-some-of-my-files-in-WIN-XP-PRO-and-Outlook-Express-does-not-like-my-recovered-DBX-files.html
That saves as "ntfsextCA7ZZZZD.exe" even though the shortcut's target is to "ntfsext.exe", and I have no temporary internet files sub-folders named "CA7ZZZZD".
The file is actually downloaded to the temporary internet files folders as "ntfsextCA7ZZZZD.exe" before it copies to my specified download destination, so it doesn't appear to be something applied after the download.
Note, the same applies when I paste the link into a new Outlook Express message, show the "preview" tab, and click or right-click the link.
This behaviour seems so far to be isolated to links Internet Exlorer and Outlook Express.
It DOES NOT occur with links in Firefox, Google Chrome, Opera, or from a Windows shortcut to a target file.
Deleting the temporary internet files does not change the behaviour.
Has anybody else experienced this behaviour?
Perhaps it is a Windows Update at work?
Malicious behaviour?
As far as I can determine this computer is currently free from malware.
The only recent changes I made to this system are that I installed the free ZoneAlarm firewall and upgraded my AVG Free AntiVirus application. It is hard to know when it occurred in relation to those applications, but I will try to test with ZoneAlarm disabled. It's a bit harder to completely disable AVG though.
Thanks
Bill
Wow, BillDL is asking a question? :)
Did you already check the add-ons? And what's wrong with IE8? :)
Did you already check the add-ons? And what's wrong with IE8? :)
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for your suggestions and comments so far guys.
Actually, there are a few things that have begun to go a bit wonky with this system and I've started backing up recent stuff in case I need to reinstall from fresh.
I believe that Lavasoft Ad-Aware has actually been the original cause of the problem, or has certainly contributed to it. I decided to give Ad-Aware a try out again just about the time this issue with the downloaded file names started, or rather the issue started just after Ad-Aware froze my system during a scan and I uninstalled it in disgust as I had done last year when a previous version screwed up.
Uninstalling it did not remove the registry values for a low level driver/service ("LBD.SYS" - Ad-Aware mini-filter driver) and this is what has been hanging other services and drivers at boot time, including the AVG Drivers and Services. I think it may also have been hampering various attempts at deleting certain things like "index.dat" files "on reboot".
I'll get back later with more details, because I now have an issue that my display is screwed up at 32-bit colour setting whereby it shows a ghosted duplication of desktop and start menu content. Desktop and start menu content in the bottom 8th of the screen gets ghosted up in the top 8th of the screen and vice-versa. Reinstalling graphics drivers and deleting the Icon Cache *.db file hasn't helped either.
I can't help but think that the two issues are related, but I need to try a few more things.
Bill
Actually, there are a few things that have begun to go a bit wonky with this system and I've started backing up recent stuff in case I need to reinstall from fresh.
I believe that Lavasoft Ad-Aware has actually been the original cause of the problem, or has certainly contributed to it. I decided to give Ad-Aware a try out again just about the time this issue with the downloaded file names started, or rather the issue started just after Ad-Aware froze my system during a scan and I uninstalled it in disgust as I had done last year when a previous version screwed up.
Uninstalling it did not remove the registry values for a low level driver/service ("LBD.SYS" - Ad-Aware mini-filter driver) and this is what has been hanging other services and drivers at boot time, including the AVG Drivers and Services. I think it may also have been hampering various attempts at deleting certain things like "index.dat" files "on reboot".
I'll get back later with more details, because I now have an issue that my display is screwed up at 32-bit colour setting whereby it shows a ghosted duplication of desktop and start menu content. Desktop and start menu content in the bottom 8th of the screen gets ghosted up in the top 8th of the screen and vice-versa. Reinstalling graphics drivers and deleting the Icon Cache *.db file hasn't helped either.
I can't help but think that the two issues are related, but I need to try a few more things.
Bill
ASKER
OK Guys, both issues now resolved.
Firstly the actual question, ie. the additional "cache-type" 8-character content being injected into the names of downloaded files.
Thanks for the info and links, farjadarshad, but I had mentioned already mentioned: "As far as I can determine this computer is currently free from malware". It's the first thing I do when I see odd behaviour, but I nevertheless did so again with negative results.
orangutang: Add-Ons were already verified to be the "standard" ones, but good suggestion. IE8? That comes next. I had to sort out the display issue first.
dbrunton, orangutan and johnb6767:
Certainly the additional characters matched the format of the Content.IE5 sub-folders, but each time I had the issue none of those folder names matched the extra characters in the file names I was downloading. So yes, it looked like "index.dat" was holding leftovers and was corrupt, but which one?
I went wild and deleted all of them, but that still didn't fix the issue on reboot UNTIL I:
1. Disabled Virtual Memory to delete "C:\pagefile.sys"
2. Removed the "LBD.SYS" - Ad-Aware mini-filter driver registry values using SysInternals "autoruns"
3. Deleted the index.dat files
4. Rebooted
5. Enabled Virtual Memory again
6. Rebooted.
Mysteriously that's also when my display issues resolved themselves and I could change to 32-bit colour mode without the screen artefacts. I had wasted a lot of time deleting the icon cache, testing on another monitor, uninstalling programs like RealVNC and Skype, (which allow screen sharing and could potentially have caused issues), plus deleting various registry MRU keys, etc.
Incidentally, Disabling AVG Free 2011's "Identity Protection" component has speeded up the boot process to ther "ready" state. With it enabled it took ages to load the desktop and become ready in the system tray, and before it did so it was blocking other services from launching and showing there. That didn't help to resolve the specific issues, but made the 20 or so reboots at least tolerable!
I really don't know which of the actions fixed the issue, or if they were linked, but I'm glad it's fixed and I'm thankful for the suggestions. My guess is still that the leftover Ad-Aware drivers/services were preventing a real cleanup by hanging the system boot process.
PS, don't touch Ad-Aware. Their software has twice screwed up my system in two successive years after running it only once on each occasion.
Thanks again.
Bill
Firstly the actual question, ie. the additional "cache-type" 8-character content being injected into the names of downloaded files.
Thanks for the info and links, farjadarshad, but I had mentioned already mentioned: "As far as I can determine this computer is currently free from malware". It's the first thing I do when I see odd behaviour, but I nevertheless did so again with negative results.
orangutang: Add-Ons were already verified to be the "standard" ones, but good suggestion. IE8? That comes next. I had to sort out the display issue first.
dbrunton, orangutan and johnb6767:
Certainly the additional characters matched the format of the Content.IE5 sub-folders, but each time I had the issue none of those folder names matched the extra characters in the file names I was downloading. So yes, it looked like "index.dat" was holding leftovers and was corrupt, but which one?
I went wild and deleted all of them, but that still didn't fix the issue on reboot UNTIL I:
1. Disabled Virtual Memory to delete "C:\pagefile.sys"
2. Removed the "LBD.SYS" - Ad-Aware mini-filter driver registry values using SysInternals "autoruns"
3. Deleted the index.dat files
4. Rebooted
5. Enabled Virtual Memory again
6. Rebooted.
Mysteriously that's also when my display issues resolved themselves and I could change to 32-bit colour mode without the screen artefacts. I had wasted a lot of time deleting the icon cache, testing on another monitor, uninstalling programs like RealVNC and Skype, (which allow screen sharing and could potentially have caused issues), plus deleting various registry MRU keys, etc.
Incidentally, Disabling AVG Free 2011's "Identity Protection" component has speeded up the boot process to ther "ready" state. With it enabled it took ages to load the desktop and become ready in the system tray, and before it did so it was blocking other services from launching and showing there. That didn't help to resolve the specific issues, but made the 20 or so reboots at least tolerable!
I really don't know which of the actions fixed the issue, or if they were linked, but I'm glad it's fixed and I'm thankful for the suggestions. My guess is still that the leftover Ad-Aware drivers/services were preventing a real cleanup by hanging the system boot process.
PS, don't touch Ad-Aware. Their software has twice screwed up my system in two successive years after running it only once on each occasion.
Thanks again.
Bill
ASKER
Thank you guys. The suggestions kept me looking in the right direction.
i stopped using it years ago. used to be a real good product.....
glad u r fized though.....
glad u r fized though.....
https://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Windows/XP/A_3627-Computer-System%27s-Preventive-Maintenance-Guidelines.html