Windows Client TechCenter >
Windows 7 Forums
>
Windows 7 Security
>
Weird folder always been created
Weird folder always been created
- Hi all,
since i had that problem with MSE ive noticed this folder being created in the C:\
herss the name of the folder :
ae9ec92e4242e80bcde387b2624b6b
it has read only attributes and clicking onj the advanced tab, the only option is applied is this :
allow files in this folder to have contents indexed....
when i click on security tab the owner is unkn own and at every part of security i only have the Continue option...
i suspect my computer is being Owned by hckz...
looking by the date and hour looks like it created today when i first connected to internet and updated MSE...
any help?
thanks in advance,
RR
PS: when i click on security options for C:\local disc besides my admin permissions and users and system,it also has the authenticated users which have special permissions and 2 permissions allowed in the advanced button..
help help hehe
Answers
Hi,
For this question, since Microsoft Security Essentials is suspected, it is better go to our Microsoft Security Essentials forum to confirm this:
Microsoft Security Essentials Forums
You can go to the forum above and post a new thread for this question. If there is any update, please also let us know.
Thanks.
Nicholas Li - MSFT- Marked As Answer byDdos_Evader Tuesday, November 10, 2009 1:21 AM
- Ok Folks,
Fortunatly now i have the answers for this "issue" which is actually something related to virus database updates and stuff..
so for those who's going through the same situation here are the resources :
http://social.answers.microsoft.com/Forums/en-US/mseupdate/thread/63d01661-fec4-4a0d-a5d4-8daa62ca6718
http://social.answers.microsoft.com/Forums/en-US/mseupdate/thread/1dc4e8b9-094b-4017-bb31-dc620068de89
http://social.answers.microsoft.com/Forums/en-US/mseupdate/thread/9ab83631-3adc-459b-acca-fa0259042ffd
http://social.answers.microsoft.com/Forums/en-US/mseupdate/thread/6d2932ae-ba76-4e26-9595-8002da50a297
hope this helps and lets wait till this harmless folder gets fixed by MSE...Till then keep deleting lol
Kind regards,
RR- Marked As Answer byNicholas LiMSFT, ModeratorTuesday, November 10, 2009 1:34 AM
All Replies
- i removed the authenticated users and it looks much safer prompting for credentials when u try to delete or create a folder in the C:\ and also when copying and paste files ,but its kind of annoying for me that i have 128bit length password,was thinking of leaving it in that way and then save my admin pass in a txt file and put it into my pendrive so considering now we can copy and paste when the prompt window pops up and then it would be in theory safer...but i decided to add the authenticated users again to my C:\ permissions,for what i remember it had a special permission and the other was something like Append... but the thing is i cant separatly set those permissions for the same user,so special permission happens when u set more than one attribute right? oka i managed a way to give the less as possible attributes to just let write\execute\read so in the permissions i only set the create folder etc\append and another one that i cant remember right now!
did i take the right decision?
and im still waiting for the weird folder reply!!!
thanks in advance,
RR- Edited byDdos_Evader Sunday, November 01, 2009 1:39 PMtypo
- I've been trying to narrow it down and have noticed the folder appears after running 16-bit programs whilst MSE is running real-time protection.
I just delete the folders now. - I found 4 of these folders on my F: drive. The creation date/time matches the MSE definition updates date/time found in Windows Update. These appear to be temp folders that should be deleted by MSE. The question is why are they not being deleted ?
- Exactly i deleted already and so far no more has been created!
Burr i wonder why when running 16bit app that happens cuz i restricted 16 bit apps so it aint possible to run ,unless i havent noticed that the GPO has been hacked so i have to switch back to Prevent that...will check that later!
Thanks to all and will be expecting more opnions here!
Kind regards,
RR After reading more about the problem, I have changed my mind about the 16-bit programs. A popular startup for me is to run some regular DOS systems, which must clash with internet connection downloading MSE updates. The interesting thing is that this happens on 32-bit XP, Vista and Windows 7 but so far not on Windows 7 64-bit, which, of course, will not run any 16-bit programs.
- I just wonder why MSE is creating that folder which has to do only with the latest version coz the same never happened with beta and rc1 versions....
i honestly think that it might be a bug that i hope MSFT is already seeing this post and taking measures to fix it...
my guess is that it might a something related to a temp folder that MSE creates which was supposed to be working in hidden attributes and right after that deletes,so what it does is creates in a visibe way and dont delete...
OR my last thought is my pc is being hijacked hehe,and its not so hard to believe on that hypothesis,if i post my event log here ppl would be like : Wow thats ruff man...
in GPO i set auditions for dropped connections and many others such as priviledges stuff,by looking at that u can see the source of the port ,target port,protocol number,ip and other details much relevant!!
Regards,
RR Hi,
For this question, since Microsoft Security Essentials is suspected, it is better go to our Microsoft Security Essentials forum to confirm this:
Microsoft Security Essentials Forums
You can go to the forum above and post a new thread for this question. If there is any update, please also let us know.
Thanks.
Nicholas Li - MSFT- Marked As Answer byDdos_Evader Tuesday, November 10, 2009 1:21 AM
- Hi
I dont thing it is MSE. I have these folders written to my f drive and I thought they were being added when I used the packaged software with my lightscribe dvd writer. one was LG burning program and the other was LG power tools. Both these program names are for the oem versions of nero essentials and cyberlink power tools and I think it was the label printer that wrote the files.
all the best
malc - Again!!!
i let 2 days without updating the MSE just for testing purposes and then yesterday i manually updated and the D** folder was there again..ill report in the MSE forum now...
thanks to all,
RR - Ok Folks,
Fortunatly now i have the answers for this "issue" which is actually something related to virus database updates and stuff..
so for those who's going through the same situation here are the resources :
http://social.answers.microsoft.com/Forums/en-US/mseupdate/thread/63d01661-fec4-4a0d-a5d4-8daa62ca6718
http://social.answers.microsoft.com/Forums/en-US/mseupdate/thread/1dc4e8b9-094b-4017-bb31-dc620068de89
http://social.answers.microsoft.com/Forums/en-US/mseupdate/thread/9ab83631-3adc-459b-acca-fa0259042ffd
http://social.answers.microsoft.com/Forums/en-US/mseupdate/thread/6d2932ae-ba76-4e26-9595-8002da50a297
hope this helps and lets wait till this harmless folder gets fixed by MSE...Till then keep deleting lol
Kind regards,
RR- Marked As Answer byNicholas LiMSFT, ModeratorTuesday, November 10, 2009 1:34 AM
