Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

"Mystery folders" created on mapped drive

Posted on 2011-03-08
11
Medium Priority
?
438 Views
Last Modified: 2012-05-11
I have a customer that has a mapped drive and "mystery folders" are being created on a windows pc with no content in them.  Does anyone have any ideas why this is happening? i would be appreciate any input.
0
Comment
Question by:hwgtech
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
  • 2
11 Comments
 
LVL 2

Accepted Solution

by:
Brano254 earned 1000 total points
ID: 35070986
Where are the mystery folders created?
He has mapped drive from other PC or he shares his own folder/drive??

"Mystery" folders are usually created when OS or some apps can't delete their temporary installation folders, for example Windows Updates, device driver installers....

If you share your drive with full permissions for anyone in your network, mystery folders can be created by virus or other malware coming from infected PC in local network.
0
 
LVL 19

Assisted Solution

by:deroode
deroode earned 1000 total points
ID: 35081255
What are the names of the mystery folders?
Windows update can create folders which aren't automatically removed with names like 564db27e34331b661f4a35fcb1df86a6
0
 

Author Comment

by:hwgtech
ID: 35082418
They are in Japanese and symbols with nothing inside the folders. Thank you all for your help.
0
Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

 
LVL 2

Assisted Solution

by:Brano254
Brano254 earned 1000 total points
ID: 35082748
Run Process Monitor (http://technet.microsoft.com/sk-sk/sysinternals/bb896645.aspx), set it to show only File system activity (last 5 icons on top), and find out which process is creating these mystery folders (recent events are shown at the bottom of the event list).
0
 
LVL 19

Assisted Solution

by:deroode
deroode earned 1000 total points
ID: 35082902
You could look at the properties of the folder / Advanced / owner. It will tell you which account creates these folders, so then you probably know from which computer these folders are created.
0
 

Author Closing Comment

by:hwgtech
ID: 35100297
Thank you all for your help regarding this issue
0
 

Author Comment

by:hwgtech
ID: 35263048
Sorry - I spoke too soon. About a week later, this started happening again. We checked all comptuers, cleaned any virus / spyware issues - and it's still happening.
0
 
LVL 19

Expert Comment

by:deroode
ID: 35274545
What did you find, and what did you do to resolve it in the first place? Did you find a pc or person who created these folders? (in other words, why did you close the question?)
0
 

Author Comment

by:hwgtech
ID: 35277222
We found one user who was shown as the creator / owner on each folder, scanned her PC and found malware, removed and the folders didn't show up for a few days. They did again a few days later - I closed the question after they didn't show up for a day or two.

I did find that the user in question is a Windows 7 machine, she's getting a few different errors, but no malware. She originally was a local admin on the PC, we changed that. We also found that folders are being created inside of other "good" folders as well. The server drive that the shared drive is on IS compressed but nothing else.  
0
 
LVL 19

Expert Comment

by:deroode
ID: 35278758
When your user has been admin and the system has been malware infected you can consider that machine compromised. With 60,000 new pieces of malware identified every day there is no way any antimalware program can get a machine clean. Consider reinstalling the machine.
0
 

Author Comment

by:hwgtech
ID: 35278942
That's a good poitn deroode. I appreciate the feedback. At this point, I think that is the best solutions - especially since weve got about 10 hours into it!
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Enterprise networks where VoIP phones have been deployed frequently use port configurations that allow both a computer and an IP phone to be plugged into the same switch port but use different VLANs. On Cisco equipment I'm referring to the "native V…
We recently endured a series of broadcast storms that caused our ISP to shut us down for brief periods of time. After going through a multitude of tests, we determined that the issue was related to Intel NIC drivers on some new HP desktop computers …
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…

704 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question