Re: Default User folder temp IE files

Minor progress report.

The temp files in question all show a time attribute of 1600
hours plus or minus 1 min during summer time and 1700 hours
plus or minus 1 min during winter months - that is always at
1700 GMT, intriguing but could be a red herring...

So I trundled through everything that could be running (or
happening) at that time, my own log book (server with
firebrick and network have been in nearly 2 years now) - no,
event logs - nothing, VSS - nope, backup - no chance,
software updates - no, system updates - no, AVG updates -
no.

Reran virus scan - clear, ran spybot S&D - clear.

Got this feeling it could be a weird user file synch issue
or something messing with IE somewhere on the network but no
evidence. Mustn't jump to conclusions.

Forced a full virus scan for all workstations from AVG admin
centre.

Don't plan on creating any new users in the short term so
have renamed index.dat and sub folders in \default user\etc
.... etc\temp ie files\ and we'll see if any error msgs pop
up anywhere.

Loads of googleing and searching msft support with
inconclusive results.

Next step - go onsite make sure virus scans run on all
workstations and ss&d them one by one.

And I've got this nagging feeling I'm missing something...

--
Nick Coe (UK)
http://www.alphacos.co.uk/




In news:uQm8Q0p8IHA.4928@xxxxxxxxxxxxxxxxxxxx,
Al Williams typed:
Post back if you figure it out because I haven't heard of
any
recent virus that puts files in there (some back in 2006
google up, but that's all).
Good luck from Canada.


"Nick Coe (UK)" <classicnickNOSPAMAT@xxxxxxxxxxxxxxxxxx>
wrote
in message news:uj2rxJp8IHA.1200@xxxxxxxxxxxxxxxxxxxxxxx
Thanks Al.

Thats pretty much what I thought, had hoped I was wrong
as
you do.... Have now run full AVG scan of C drive with no
negative
result. Will be deploying S S & D tomorrow.

I actually suspect one of the workstations and either
some
bad setting or an infection... They'll be getting
scanned
asap. Have been very carefull about enforcing internal
network
hygiene; blocking chat clients, web mail, software
installs
all the usual suspects. Be interesting to see where I've
missed something 'cause if it's infected then I must have
by
default. --
Nick Coe (UK)
http://www.alphacos.co.uk/




In news:eKSfUal8IHA.4820@xxxxxxxxxxxxxxxxxxxx,
Al Williams typed:
The Default User folder is the template used when
creating
new users. It is essentially copied to create a new
users's
folder. The folders within it should be essentially
static
except for changes made to customize it.
Files in the temp internet files inside it do not sound
good,
it sounds like virus or trojan activity to me (there
have
been some in the past that store files in there).
Hopefully
I'm wrong...

"Nick Coe (UK)" <classicnickNOSPAMAT@xxxxxxxxxxxxxxxxxx>
wrote in message
news:%23FrXlAi8IHA.1200@xxxxxxxxxxxxxxxxxxxxxxx
G'day,

SBS2k3 standard fully patched. Internally - XP Pro
workstations joined to domain plus MACS using OWA.
Externally Windows Mobile device and one XP laptop
currently both using
OWA. Questions:
Should the \Docs and Settings\Default User\.....
\temp
internet files\xxxxx\ folders on the server fill up
with
temp files? That is - where are they coming from?
What purpose does that Default User folder serve?

Context:
Backup to LTO Ultrium drive using bog standard sbs
macro
created backup routine failed on one locked file in one
of
the above folders. Found the file was locked by AVG
and was
infected. Moved to virus vault. Noticed that there
were a
lot of temp files in that folder
dating back from yesterday to about feb 07 and all
timed
within a few minutes either side of 1600 hours brit
summer
time or 1700 hours GMT. Odd - but don't want to jump
to
conclusions. Puzzled - I checked through my WFilter
logs to
see what internet activity there was about that time -
nothing conclusive... So I double checked the security
event log
wondering if someone had used the server to browse the
web
- nothing unusual there either. Double checked the
Application log -
nothing unusual.

Am remotely admininistering the server.

Not sure where to fault find next, any help much
appreciated. --
Nick Coe (UK)
http://www.alphacos.co.uk/


.

Relevant Pages

  • Re: Default User folder temp IE files
    ... The temp files in question all show a time attribute of 1600 hours plus or ... Forced a full virus scan for all workstations from AVG admin centre. ... The folders within it should be essentially static ... Files in the temp internet files inside it do not sound good, ...
    (microsoft.public.windows.server.sbs)
  • Re: Temp Internet Files
    ... window to browse to the temporary internet explorer folders to delete the ... redirected to your own local temp internet folder, ... out the temp internet file folders through Internet explorer via the login ... PS you would have the same problem with the Temp files as well, ...
    (microsoft.public.security)
  • Default User folder temp IE files
    ... workstations joined to domain plus MACS using OWA. ... the above folders. ... Noticed that there were a lot of temp files in that folder ... internet activity there was about that time - nothing ...
    (microsoft.public.windows.server.sbs)
  • Invisible temorary internet files
    ... I keep my temporary internet files in E:\Temporary Internet Files\. ... check shows that I have a virus in a file with the path E:\Temporary Internet ... Can anyone exlain how to see these invisible folders. ...
    (microsoft.public.windowsxp.general)
  • Re: Can these be deleted?
    ... As a safety net I burned these folders to a CD before deleting them. ... Take a look at CCleaner as a tool to remove Internet history info, cookies, ... temp files, ...
    (microsoft.public.windowsxp.general)