"Mystery folders" created on mapped drive

I have a customer that has a mapped drive and "mystery folders" are being created on a windows pc with no content in them.  Does anyone have any ideas why this is happening? i would be appreciate any input.
hwgtechAsked:
Who is Participating?
 
Brano254Connect With a Mentor Commented:
Where are the mystery folders created?
He has mapped drive from other PC or he shares his own folder/drive??

"Mystery" folders are usually created when OS or some apps can't delete their temporary installation folders, for example Windows Updates, device driver installers....

If you share your drive with full permissions for anyone in your network, mystery folders can be created by virus or other malware coming from infected PC in local network.
0
 
deroodeConnect With a Mentor Systems AdministratorCommented:
What are the names of the mystery folders?
Windows update can create folders which aren't automatically removed with names like 564db27e34331b661f4a35fcb1df86a6
0
 
hwgtechAuthor Commented:
They are in Japanese and symbols with nothing inside the folders. Thank you all for your help.
0
Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

 
Brano254Connect With a Mentor Commented:
Run Process Monitor (http://technet.microsoft.com/sk-sk/sysinternals/bb896645.aspx), set it to show only File system activity (last 5 icons on top), and find out which process is creating these mystery folders (recent events are shown at the bottom of the event list).
0
 
deroodeConnect With a Mentor Systems AdministratorCommented:
You could look at the properties of the folder / Advanced / owner. It will tell you which account creates these folders, so then you probably know from which computer these folders are created.
0
 
hwgtechAuthor Commented:
Thank you all for your help regarding this issue
0
 
hwgtechAuthor Commented:
Sorry - I spoke too soon. About a week later, this started happening again. We checked all comptuers, cleaned any virus / spyware issues - and it's still happening.
0
 
deroodeSystems AdministratorCommented:
What did you find, and what did you do to resolve it in the first place? Did you find a pc or person who created these folders? (in other words, why did you close the question?)
0
 
hwgtechAuthor Commented:
We found one user who was shown as the creator / owner on each folder, scanned her PC and found malware, removed and the folders didn't show up for a few days. They did again a few days later - I closed the question after they didn't show up for a day or two.

I did find that the user in question is a Windows 7 machine, she's getting a few different errors, but no malware. She originally was a local admin on the PC, we changed that. We also found that folders are being created inside of other "good" folders as well. The server drive that the shared drive is on IS compressed but nothing else.  
0
 
deroodeSystems AdministratorCommented:
When your user has been admin and the system has been malware infected you can consider that machine compromised. With 60,000 new pieces of malware identified every day there is no way any antimalware program can get a machine clean. Consider reinstalling the machine.
0
 
hwgtechAuthor Commented:
That's a good poitn deroode. I appreciate the feedback. At this point, I think that is the best solutions - especially since weve got about 10 hours into it!
0
All Courses

From novice to tech pro — start learning today.