?
Solved

Files in temp directory

Posted on 2016-11-18
16
Medium Priority
?
350 Views
Last Modified: 2016-11-22
I have a user whose temp directory has thousands of files that start with ioc and end in .tmp (ioc9772.tmp, iocE98.tmp) etc. I cannot figure out what program is generating these. Anyone know? We do have kaspersky anti-virus and I suspect that;s it, but not positive
0
Comment
Question by:jsgrosskopf
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
  • 3
  • +3
16 Comments
 
LVL 97

Expert Comment

by:Experienced Member
ID: 41893031
I see files like wct19EF.tmp in my temp folder. I clear out my temp folder once or twice a week and only see a few new ones. Mine come from OneNote. Open one with Notepad (I use Ultra Edit) and see if you can determine the source.

Delete the files, run Disk Cleanup and then check in a day or so.
0
 
LVL 20

Expert Comment

by:n2fc
ID: 41893117
Check and see if they are using GroupWise software... they are known to cause those tmp files, and never cleanup!
0
 

Author Comment

by:jsgrosskopf
ID: 41893122
Not using groupwise. And I cannot open any files because they are all in use...all 65,000. Right-click and properties tells nothing
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 97

Accepted Solution

by:
Experienced Member earned 2000 total points
ID: 41893132
Close all Office applications and try again. If all still busy, then in all likelihood it is a virus.

Scan will your own AV tool and then follow with a scan using Malwarebytes.

Look in Processes (Task Manager is fine to start with) and look for rogue processes.
0
 
LVL 4

Expert Comment

by:Mumbai Tech
ID: 41893243
Is Oracle installed on this ?
0
 

Author Comment

by:jsgrosskopf
ID: 41893346
No. This is a desktop with windows 7. I rebooted to safe mode, cleaned out temp dir. Nothing so far after reboot. Going to do a full malware bytes scan to be sure
0
 
LVL 38

Expert Comment

by:BillDL
ID: 41893932
For future reference, a handy way of investigating the contents and source of files that are locked when booted into Windows is to instead boot the system to a Linux Live CD like Knoppix (https://livecdlist.com/knoppix).  There are hundreds of Live CDs around and every expert has their favourite.  Mine is Linux Mint (https://livecdlist.com/linux-mint).  Most Linux CDs/DVDs have the option of booting into "live" mode rather than installing the operating system.  Just be sure not to select the "Install" option.  When the computer is booted to the alternative operating system the files will not be locked and you can copy them out to another folder where you can investigate them after rebooting to Windows again.
0
 
LVL 56

Expert Comment

by:McKnife
ID: 41894089
Temp folders can be full of garbage, many programs never clean up. Say, why would you think there's a connection to malware? There was no indication, yet.

Simple solution: delete the temp folder (maybe keep the files for future analysis, if you like) and setup auditing on the temp folders (if "strange" files start reappearing), so that you can easily see what process creates them.
https://technet.microsoft.com/en-us/library/cc771070(v=ws.11).aspx describes file/folder auditing.
0
 
LVL 97

Expert Comment

by:Experienced Member
ID: 41894134
why would you think there's a connection to malware?   Because all 65,000 were in use. I do not see that on any of my own or client machines.
0
 
LVL 56

Expert Comment

by:McKnife
ID: 41894143
With a clean installation, no. But who knows what software does that. Speculation is never the professional approach. Auditing would reveal it instantly.
0
 
LVL 38

Expert Comment

by:BillDL
ID: 41894153
I'm curious to know how you knew that all 65,000 files were in use.  Usually when you do a multiple select of files and choose "delete", it will halt the process on the first file it finds in use and won't delete those after it.  You then have to take note of the one found to be in use, select the rest, and try to delete them.  This can happen until you eventually get past the ones in use and the rest then delete.  The alternative is to use the "DOS" DEL *.* command.
0
 

Author Comment

by:jsgrosskopf
ID: 41895783
I tried to copy all the files to and external drive. It skips files that it cannot copy, I got 3 files and they were all 0KB. It's all good. I did a combofix, removed and re-installed kaspersky and nothing is appearing in the temp drive now. Thanks for all your input
0
 
LVL 56

Expert Comment

by:McKnife
ID: 41895801
Look, you need to understand a thing or two about deleting files. Did you read BillDL's comment? That is the reason. These files won't have been in use, not every file, maybe just a few. Don't just select some solution when you still don't understand what is going on - we are here to help.
0
 

Author Comment

by:jsgrosskopf
ID: 41895815
I'll probably just unsubscribe to this group since it seems to be nothing but pompous comments from know-it-alls who just want to show everyone else how smart they are. I picked the solution to scan for malware and it seemed to be a virus. This issue had nothing to do with files being in use or how many are in use and the comments regarding that were taking this off onto a tangent that was not needed. Read the beginning issue and don't comment on a comment or comment or after the solution is closed, probably upset that I didn't pick your solution.
0
 
LVL 56

Expert Comment

by:McKnife
ID: 41895822
You are getting me wrong. I read the comments and I see no solution yet. If you see one, fine, but based on the comment you selected as solution and the comments on that one - no, still don't find any indication until your latest comment came up, that it was a virus, actually. About " I picked the solution to scan for malware and it seemed to be a virus. " - did you find one?

Sorry, but I tend to do more then authors may be looking for, but not for showing off.
0
 
LVL 38

Expert Comment

by:BillDL
ID: 41897124
I hope you didn't think that my comments were pompous.  If so, you completely misunderstood my comments and their intentions.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Assume you have an outside contractor who comes in seasonally or once a week to do some work in your office, but you only want to give him access to the programs and files he needs and keep all other documents and programs private. Can you do this o…
There are many software programs on offer that will claim to magically speed up your computer. The best advice I can give you is to avoid them like the plague, because they will often cause far more problems than they solve. Try some of these "do it…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…
Suggested Courses
Course of the Month9 days, 8 hours left to enroll

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question