If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.
File Name Renaming
Is this an indication that I have a virus or something? Has my server been hacked, I'm running windows server 2012 R2.
Who is Participating?
Experts Exchange Solution brought to you by
Enjoy your complimentary solution view.
Get every solution instantly with Premium.
Start your 7-day free trial.
I wear a lot of hats...
"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.
LVL 64
It's simply a backwards compatibility warning. Because "program files" is a default folder on windows, some older programs that still use DOS style 8.3 names can cough up furballs if another folder exists that is just called "program" ...it is better to use something more unique. Even adding a "1" does that.
somewhere, somehow, malware, installed program, task schedule the probable cause is missing quotation marks around c:\program files\blah which then creates the folder c:\program and then errors out.
check with Explorer if such a folder exists
it can be caused by other software - or malware; if so run http://www.malwarebytes.org/mbam.php
it can be caused by other software - or malware; if so run http://www.malwarebytes.org/mbam.php
the same message appeared now on a 2nd server, this is strange. I'll run for malware, but I doubt it's that.
Check for suspects. your Startup folder, and Task Scheduler, and registry keys:
C:\Users\username\AppData\
C:\ProgramData\Microsoft\W
HKCU\Software\Microsoft\Wi
HKCU\Software\Microsoft\Wi
HKLM\Software\Microsoft\Wi
HKLM\Software\Microsoft\Wi
HKLM\Software\Microsoft\Wi
HKLM\Software\Microsoft\Wi
C:\Users\username\AppData\
C:\ProgramData\Microsoft\W
HKCU\Software\Microsoft\Wi
HKCU\Software\Microsoft\Wi
HKLM\Software\Microsoft\Wi
HKLM\Software\Microsoft\Wi
HKLM\Software\Microsoft\Wi
HKLM\Software\Microsoft\Wi
C:\Users\username\AppData\
(Nothing here, empty) But it could be in other profiles, as there's a lot of other account profiles on this server
C:\ProgramData\Microsoft\W
(Nothing here, empty) But it could be in other profiles, as there's a lot of other account profiles on this server
I've attached what's in msconfig.
HKCU\Software\Microsoft\Wi
(The only thing here is my symantec backup exec exe file)
HKCU\Software\Microsoft\Wi
(nothing here)
HKLM\Software\Microsoft\Wi
(everything.exe is here, which is I know what it is, but then I don't know what this is,
it's MtxHotPlugService.exe v) It's in the system32 directory, so I'm assuming it's part of the OS.
HKLM\Software\Microsoft\Wi
(Nothing here)
HKLM\Software\Microsoft\Wi
(That folder does not exist)
HKLM\Software\Microsoft\Wi
(That folder does not exist)
(Nothing here, empty) But it could be in other profiles, as there's a lot of other account profiles on this server
C:\ProgramData\Microsoft\W
(Nothing here, empty) But it could be in other profiles, as there's a lot of other account profiles on this server
I've attached what's in msconfig.
HKCU\Software\Microsoft\Wi
(The only thing here is my symantec backup exec exe file)
HKCU\Software\Microsoft\Wi
(nothing here)
HKLM\Software\Microsoft\Wi
(everything.exe is here, which is I know what it is, but then I don't know what this is,
it's MtxHotPlugService.exe v) It's in the system32 directory, so I'm assuming it's part of the OS.
HKLM\Software\Microsoft\Wi
(Nothing here)
HKLM\Software\Microsoft\Wi
(That folder does not exist)
HKLM\Software\Microsoft\Wi
(That folder does not exist)
> everything.exe is here, which is I know what it is, but then I don't know what this is,
??
If possible, note down then temporarily disable those msconfig items. Then logoff and logon to see the effect.
??
If possible, note down then temporarily disable those msconfig items. Then logoff and logon to see the effect.
Experts Exchange Solution brought to you by
Your issues matter to us.
Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.
Start your 7-day free trial
Thanks guys, I should have remembered about autoruns, I used to use it frequently.
I found that my AV program, Webroot was trying to create a folder called program in the rot of C.
I escalated the issue with webroot.
I found that my AV program, Webroot was trying to create a folder called program in the rot of C.
I escalated the issue with webroot.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
PC
From novice to tech pro — start learning today.
Experts Exchange Solution brought to you by
Enjoy your complimentary solution view.
Get every solution instantly with Premium.
Start your 7-day free trial.