Re: Default User folder temp IE files

How are the files named? Also have a look at the permissions as you might
be able to tell who created them.

--
Allan Williams



"Nick Coe (UK)" <classicnickNOSPAMAT@xxxxxxxxxxxxxxxxxx> wrote in message
news:uEHjcQv8IHA.1592@xxxxxxxxxxxxxxxxxxxxxxx
Minor progress report.

The temp files in question all show a time attribute of 1600 hours plus or
minus 1 min during summer time and 1700 hours plus or minus 1 min during
winter months - that is always at 1700 GMT, intriguing but could be a red
herring...

So I trundled through everything that could be running (or happening) at
that time, my own log book (server with firebrick and network have been in
nearly 2 years now) - no, event logs - nothing, VSS - nope, backup - no
chance, software updates - no, system updates - no, AVG updates - no.

Reran virus scan - clear, ran spybot S&D - clear.

Got this feeling it could be a weird user file synch issue or something
messing with IE somewhere on the network but no evidence. Mustn't jump to
conclusions.

Forced a full virus scan for all workstations from AVG admin centre.

Don't plan on creating any new users in the short term so have renamed
index.dat and sub folders in \default user\etc ... etc\temp ie files\ and
we'll see if any error msgs pop up anywhere.

Loads of googleing and searching msft support with inconclusive results.

Next step - go onsite make sure virus scans run on all workstations and
ss&d them one by one.

And I've got this nagging feeling I'm missing something...

--
Nick Coe (UK)
http://www.alphacos.co.uk/




In news:uQm8Q0p8IHA.4928@xxxxxxxxxxxxxxxxxxxx,
Al Williams typed:
Post back if you figure it out because I haven't heard of any
recent virus that puts files in there (some back in 2006
google up, but that's all).
Good luck from Canada.


"Nick Coe (UK)" <classicnickNOSPAMAT@xxxxxxxxxxxxxxxxxx> wrote
in message news:uj2rxJp8IHA.1200@xxxxxxxxxxxxxxxxxxxxxxx
Thanks Al.

Thats pretty much what I thought, had hoped I was wrong as
you do.... Have now run full AVG scan of C drive with no negative
result. Will be deploying S S & D tomorrow.

I actually suspect one of the workstations and either some
bad setting or an infection... They'll be getting scanned
asap. Have been very carefull about enforcing internal network
hygiene; blocking chat clients, web mail, software installs
all the usual suspects. Be interesting to see where I've
missed something 'cause if it's infected then I must have by
default. --
Nick Coe (UK)
http://www.alphacos.co.uk/




In news:eKSfUal8IHA.4820@xxxxxxxxxxxxxxxxxxxx,
Al Williams typed:
The Default User folder is the template used when creating
new users. It is essentially copied to create a new users's
folder. The folders within it should be essentially static
except for changes made to customize it.
Files in the temp internet files inside it do not sound good,
it sounds like virus or trojan activity to me (there have
been some in the past that store files in there). Hopefully
I'm wrong...

"Nick Coe (UK)" <classicnickNOSPAMAT@xxxxxxxxxxxxxxxxxx>
wrote in message
news:%23FrXlAi8IHA.1200@xxxxxxxxxxxxxxxxxxxxxxx
G'day,

SBS2k3 standard fully patched. Internally - XP Pro
workstations joined to domain plus MACS using OWA.
Externally Windows Mobile device and one XP laptop currently both
using
OWA. Questions:
Should the \Docs and Settings\Default User\..... \temp
internet files\xxxxx\ folders on the server fill up with
temp files? That is - where are they coming from?
What purpose does that Default User folder serve?

Context:
Backup to LTO Ultrium drive using bog standard sbs macro
created backup routine failed on one locked file in one of
the above folders. Found the file was locked by AVG and was
infected. Moved to virus vault. Noticed that there were a
lot of temp files in that folder
dating back from yesterday to about feb 07 and all timed
within a few minutes either side of 1600 hours brit summer
time or 1700 hours GMT. Odd - but don't want to jump to
conclusions. Puzzled - I checked through my WFilter logs to
see what internet activity there was about that time -
nothing conclusive... So I double checked the security event log
wondering if someone had used the server to browse the web
- nothing unusual there either. Double checked the Application log -
nothing unusual.

Am remotely admininistering the server.

Not sure where to fault find next, any help much
appreciated. --
Nick Coe (UK)
http://www.alphacos.co.uk/




.

Relevant Pages

  • Re: Default User folder temp IE files
    ... The temp files in question all show a time attribute of 1600 ... Reran virus scan - clear, ... The folders within it should be essentially ... Files in the temp internet files inside it do not sound ...
    (microsoft.public.windows.server.sbs)
  • Re: Temp Internet Files
    ... window to browse to the temporary internet explorer folders to delete the ... redirected to your own local temp internet folder, ... out the temp internet file folders through Internet explorer via the login ... PS you would have the same problem with the Temp files as well, ...
    (microsoft.public.security)
  • Default User folder temp IE files
    ... workstations joined to domain plus MACS using OWA. ... the above folders. ... Noticed that there were a lot of temp files in that folder ... internet activity there was about that time - nothing ...
    (microsoft.public.windows.server.sbs)
  • Invisible temorary internet files
    ... I keep my temporary internet files in E:\Temporary Internet Files\. ... check shows that I have a virus in a file with the path E:\Temporary Internet ... Can anyone exlain how to see these invisible folders. ...
    (microsoft.public.windowsxp.general)
  • Re: Can these be deleted?
    ... As a safety net I burned these folders to a CD before deleting them. ... Take a look at CCleaner as a tool to remove Internet history info, cookies, ... temp files, ...
    (microsoft.public.windowsxp.general)