Jump to content

Does anyone recognize these files?

Guest Elaine F.

By Guest Elaine F.
in Windows 2003 Server

 Share

Recommended Posts

Guest Elaine F.

Guest Elaine F.

Posted
Posted

We have recently discovered the existence of some very strange files on 2 of

our many Windows 2003 servers. The files contain no legible information, just

many, many lines of short, random strings. Some of the files are actually

empty. The files appeared at the root of the D: drive which makes me suspect

some application other than Windows, however when we asked the vendor of the

1 app that is running on the servers, they claimed these files were not

related. Our virus scanner did not pick up these files as being infected so I

have to believe they are somehow legitimate.

 

The naming convention of these files are similar to:

 

s1us.8v

s1us.48

s3mc.e2

s2fo.bb

 

Does anybody have any ideas on how I can troubleshoot this?

 

Thanks.

  • Replies 3
  • Created
  • Last Reply

Popular Days

Popular Days

Guest SBS Rocker

Guest SBS Rocker

Posted
Posted

Re: Does anyone recognize these files?

 

Can you rename them? Moved them? If you can then try that and monitor any

ramifications. If it does effect anything you can always put them back.

Personally I would back them up to a tape (dedicated) or CD or any other

removable device just to get them off the system.

 

 

"Elaine F." <Elaine F.@discussions.microsoft.com> wrote in message

news:574952A0-D137-4C4C-A84A-4ED3894E9FC3@microsoft.com...

> We have recently discovered the existence of some very strange files on 2

> of

> our many Windows 2003 servers. The files contain no legible information,

> just

> many, many lines of short, random strings. Some of the files are actually

> empty. The files appeared at the root of the D: drive which makes me

> suspect

> some application other than Windows, however when we asked the vendor of

> the

> 1 app that is running on the servers, they claimed these files were not

> related. Our virus scanner did not pick up these files as being infected

> so I

> have to believe they are somehow legitimate.

>

> The naming convention of these files are similar to:

>

> s1us.8v

> s1us.48

> s3mc.e2

> s2fo.bb

>

> Does anybody have any ideas on how I can troubleshoot this?

>

> Thanks.

>

Guest Elaine F.

Guest Elaine F.

Posted
Posted

Re: Does anyone recognize these files?

 

Thanks for the response...We have had no problem moving the files, so we know

that they are not "open" or in use. The server continued to function normally

after we had deleted the files so I don't think they are related to any

critical system functions. Even though ,we were able to delete them, new ones

are being created at random. Not very many, just 1 or 2. Since the files are

encrypted , we have no clue as to what process or action is forcing their

creation. There are no correlating entries in the event or audit logs. This

is only happenning on 2 of our servers. The weird thing is that these files

are being created on the D: drive (not C:). The only application we have on

these servers is ServiceDesk, which is a Computer Associates product, but

their support tech says these files do not belong to that application

(although they ARE looking into further).

 

Thanks again.

 

"SBS Rocker" wrote:

> Can you rename them? Moved them? If you can then try that and monitor any

> ramifications. If it does effect anything you can always put them back.

> Personally I would back them up to a tape (dedicated) or CD or any other

> removable device just to get them off the system.

>

>

> "Elaine F." <Elaine F.@discussions.microsoft.com> wrote in message

> news:574952A0-D137-4C4C-A84A-4ED3894E9FC3@microsoft.com...

> > We have recently discovered the existence of some very strange files on 2

> > of

> > our many Windows 2003 servers. The files contain no legible information,

> > just

> > many, many lines of short, random strings. Some of the files are actually

> > empty. The files appeared at the root of the D: drive which makes me

> > suspect

> > some application other than Windows, however when we asked the vendor of

> > the

> > 1 app that is running on the servers, they claimed these files were not

> > related. Our virus scanner did not pick up these files as being infected

> > so I

> > have to believe they are somehow legitimate.

> >

> > The naming convention of these files are similar to:

> >

> > s1us.8v

> > s1us.48

> > s3mc.e2

> > s2fo.bb

> >

> > Does anybody have any ideas on how I can troubleshoot this?

> >

> > Thanks.

> >

>

>

>

Guest Mike

Guest Mike

Posted
Posted

Re: Does anyone recognize these files?

 

sysinternals - filemon or proccessmon

 

 

 

"Elaine F." <ElaineF@discussions.microsoft.com> wrote in message

news:8C34E4CD-E6A4-4DE8-AA3C-A3F8B7FEC95E@microsoft.com...

> Thanks for the response...We have had no problem moving the files, so we

> know

> that they are not "open" or in use. The server continued to function

> normally

> after we had deleted the files so I don't think they are related to any

> critical system functions. Even though ,we were able to delete them, new

> ones

> are being created at random. Not very many, just 1 or 2. Since the files

> are

> encrypted , we have no clue as to what process or action is forcing their

> creation. There are no correlating entries in the event or audit logs.

> This

> is only happenning on 2 of our servers. The weird thing is that these

> files

> are being created on the D: drive (not C:). The only application we have

> on

> these servers is ServiceDesk, which is a Computer Associates product, but

> their support tech says these files do not belong to that application

> (although they ARE looking into further).

>

> Thanks again.

>

> "SBS Rocker" wrote:

>

>> Can you rename them? Moved them? If you can then try that and monitor any

>> ramifications. If it does effect anything you can always put them back.

>> Personally I would back them up to a tape (dedicated) or CD or any other

>> removable device just to get them off the system.

>>

>>

>> "Elaine F." <Elaine F.@discussions.microsoft.com> wrote in message

>> news:574952A0-D137-4C4C-A84A-4ED3894E9FC3@microsoft.com...

>> > We have recently discovered the existence of some very strange files on

>> > 2

>> > of

>> > our many Windows 2003 servers. The files contain no legible

>> > information,

>> > just

>> > many, many lines of short, random strings. Some of the files are

>> > actually

>> > empty. The files appeared at the root of the D: drive which makes me

>> > suspect

>> > some application other than Windows, however when we asked the vendor

>> > of

>> > the

>> > 1 app that is running on the servers, they claimed these files were not

>> > related. Our virus scanner did not pick up these files as being

>> > infected

>> > so I

>> > have to believe they are somehow legitimate.

>> >

>> > The naming convention of these files are similar to:

>> >

>> > s1us.8v

>> > s1us.48

>> > s3mc.e2

>> > s2fo.bb

>> >

>> > Does anybody have any ideas on how I can troubleshoot this?

>> >

>> > Thanks.

>> >

>>

>>

>>

 Share
Go to topic listing
×
×
  • Create New...