Solved

"Mystery folders" created on mapped drive

Posted on 2011-03-08
11
436 Views
Last Modified: 2012-05-11
I have a customer that has a mapped drive and "mystery folders" are being created on a windows pc with no content in them.  Does anyone have any ideas why this is happening? i would be appreciate any input.
0
Comment
Question by:hwgtech
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
  • 2
11 Comments
 
LVL 2

Accepted Solution

by:
Brano254 earned 250 total points
ID: 35070986
Where are the mystery folders created?
He has mapped drive from other PC or he shares his own folder/drive??

"Mystery" folders are usually created when OS or some apps can't delete their temporary installation folders, for example Windows Updates, device driver installers....

If you share your drive with full permissions for anyone in your network, mystery folders can be created by virus or other malware coming from infected PC in local network.
0
 
LVL 19

Assisted Solution

by:deroode
deroode earned 250 total points
ID: 35081255
What are the names of the mystery folders?
Windows update can create folders which aren't automatically removed with names like 564db27e34331b661f4a35fcb1df86a6
0
 

Author Comment

by:hwgtech
ID: 35082418
They are in Japanese and symbols with nothing inside the folders. Thank you all for your help.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 2

Assisted Solution

by:Brano254
Brano254 earned 250 total points
ID: 35082748
Run Process Monitor (http://technet.microsoft.com/sk-sk/sysinternals/bb896645.aspx), set it to show only File system activity (last 5 icons on top), and find out which process is creating these mystery folders (recent events are shown at the bottom of the event list).
0
 
LVL 19

Assisted Solution

by:deroode
deroode earned 250 total points
ID: 35082902
You could look at the properties of the folder / Advanced / owner. It will tell you which account creates these folders, so then you probably know from which computer these folders are created.
0
 

Author Closing Comment

by:hwgtech
ID: 35100297
Thank you all for your help regarding this issue
0
 

Author Comment

by:hwgtech
ID: 35263048
Sorry - I spoke too soon. About a week later, this started happening again. We checked all comptuers, cleaned any virus / spyware issues - and it's still happening.
0
 
LVL 19

Expert Comment

by:deroode
ID: 35274545
What did you find, and what did you do to resolve it in the first place? Did you find a pc or person who created these folders? (in other words, why did you close the question?)
0
 

Author Comment

by:hwgtech
ID: 35277222
We found one user who was shown as the creator / owner on each folder, scanned her PC and found malware, removed and the folders didn't show up for a few days. They did again a few days later - I closed the question after they didn't show up for a day or two.

I did find that the user in question is a Windows 7 machine, she's getting a few different errors, but no malware. She originally was a local admin on the PC, we changed that. We also found that folders are being created inside of other "good" folders as well. The server drive that the shared drive is on IS compressed but nothing else.  
0
 
LVL 19

Expert Comment

by:deroode
ID: 35278758
When your user has been admin and the system has been malware infected you can consider that machine compromised. With 60,000 new pieces of malware identified every day there is no way any antimalware program can get a machine clean. Consider reinstalling the machine.
0
 

Author Comment

by:hwgtech
ID: 35278942
That's a good poitn deroode. I appreciate the feedback. At this point, I think that is the best solutions - especially since weve got about 10 hours into it!
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is in response to a question (http://www.experts-exchange.com/Networking/Network_Management/Network_Analysis/Q_28230497.html) here at Experts Exchange. The Original Poster (OP) requires a utility that will accept a list of IP addresses …
The Need In an Active Directory enviroment, the PDC emulator provide time synchronization for the domain. This is important since Active Directory uses Kerberos for authentication.  By default, if the time difference between systems is off by more …
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Suggested Courses

622 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question