Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 443
  • Last Modified:

"Mystery folders" created on mapped drive

I have a customer that has a mapped drive and "mystery folders" are being created on a windows pc with no content in them.  Does anyone have any ideas why this is happening? i would be appreciate any input.
0
hwgtech
Asked:
hwgtech
  • 5
  • 4
  • 2
4 Solutions
 
Brano254Commented:
Where are the mystery folders created?
He has mapped drive from other PC or he shares his own folder/drive??

"Mystery" folders are usually created when OS or some apps can't delete their temporary installation folders, for example Windows Updates, device driver installers....

If you share your drive with full permissions for anyone in your network, mystery folders can be created by virus or other malware coming from infected PC in local network.
0
 
deroodeSystems AdministratorCommented:
What are the names of the mystery folders?
Windows update can create folders which aren't automatically removed with names like 564db27e34331b661f4a35fcb1df86a6
0
 
hwgtechAuthor Commented:
They are in Japanese and symbols with nothing inside the folders. Thank you all for your help.
0
Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
Brano254Commented:
Run Process Monitor (http://technet.microsoft.com/sk-sk/sysinternals/bb896645.aspx), set it to show only File system activity (last 5 icons on top), and find out which process is creating these mystery folders (recent events are shown at the bottom of the event list).
0
 
deroodeSystems AdministratorCommented:
You could look at the properties of the folder / Advanced / owner. It will tell you which account creates these folders, so then you probably know from which computer these folders are created.
0
 
hwgtechAuthor Commented:
Thank you all for your help regarding this issue
0
 
hwgtechAuthor Commented:
Sorry - I spoke too soon. About a week later, this started happening again. We checked all comptuers, cleaned any virus / spyware issues - and it's still happening.
0
 
deroodeSystems AdministratorCommented:
What did you find, and what did you do to resolve it in the first place? Did you find a pc or person who created these folders? (in other words, why did you close the question?)
0
 
hwgtechAuthor Commented:
We found one user who was shown as the creator / owner on each folder, scanned her PC and found malware, removed and the folders didn't show up for a few days. They did again a few days later - I closed the question after they didn't show up for a day or two.

I did find that the user in question is a Windows 7 machine, she's getting a few different errors, but no malware. She originally was a local admin on the PC, we changed that. We also found that folders are being created inside of other "good" folders as well. The server drive that the shared drive is on IS compressed but nothing else.  
0
 
deroodeSystems AdministratorCommented:
When your user has been admin and the system has been malware infected you can consider that machine compromised. With 60,000 new pieces of malware identified every day there is no way any antimalware program can get a machine clean. Consider reinstalling the machine.
0
 
hwgtechAuthor Commented:
That's a good poitn deroode. I appreciate the feedback. At this point, I think that is the best solutions - especially since weve got about 10 hours into it!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

  • 5
  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now