Random created files on our DC

You can delete them but they come right back. I have no idea what they are. System has been scanned nothing detected. Windows 2003 domain controller. Doesn't serve any other purpose except as our file server, application server
asdfasdf.JPG
LVL 2
stlhostAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Brad GrouxSenior Manager (Wintel Engineering)Commented:
Where on the DC are the files being created?
0
stlhostAuthor Commented:
Root folder of the C drive
0
Lee W, MVPTechnology and Business Process AdvisorCommented:
First, I'd open on in notepad for clues.
Second, I'd review all running processes.
Third, I'd probably try to use Resource monitor or the Sysinternals tool Process Monitor to figure out what process is writing them.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

Pramod UbheCommented:
what is the path these files are getting created?

these type of folders are usually created at - \\domain.com\SYSVOL\domain.com\Policies which is nothing but your SYSVOL share on DC (& those folders contain your group policies).

those are coming back because your AD (frs) replication are copying then from diff DC.
those needs to be there in order to have GPOs work properly.
0
stlhostAuthor Commented:
If I open up the C drive in Windows Explorer I can see them. These are files, not folders. They have no extension on them and if I open them with notepad++ is garbled info.
0
Lee W, MVPTechnology and Business Process AdvisorCommented:
Repeating:

Second, I'd review all running processes.
Third, I'd probably try to use Resource monitor or the Sysinternals tool Process Monitor to figure out what process is writing them.
0
stlhostAuthor Commented:
Process monitor doesn't show me anything any different than a normal 2003 domain controller would show that is what is baffling me. All the processes are normal, I'm not sidelining that option just that I haven't found anything yet. Thanks
0
Lee W, MVPTechnology and Business Process AdvisorCommented:
Are you sure you're using Process monitor and not Process explorer or task manager - http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx
0
Lee W, MVPTechnology and Business Process AdvisorCommented:
Run it, then delete these files, then when they start appearing, stop it, filter on writes (you may have to filter out a lot of different things, and see what is creating them.
0
stlhostAuthor Commented:
Something to do with symantec submissions.idx. I was using Process monitor yes just haven't had time to sit thru it all and study it seemed to all look normal. But thanks for pointing me in the right direction
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.