Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Possible security intrusion or profiling? 1

Status
Not open for further replies.
vop

vop

Technical User
Mar 30, 2001
360
CA
Very recently, every time I boot I have been consistently getting an incremental suspicious looking pair of 0 K files in the C:\windows directory (WIN98). If I can immediately delete these files without consequence, then why would there be a legitimate explanation for these file pairs other than spyware potential.

I found them in my regular cleanup check for *.tmp files (using file>find).

They are of the pattern fffe*.tmp, consistently contain the substring '-11D8-96A2-00E0299E2939}' and each new pair of entries appear to be initialized only at startup. They do not appear to be recreated if deleted.

Might anyone have some idea as to what these files are or of their potential source? They look like registry type references. Couldn't find any hint of them in a Hijackthis log.


Potential phone home content holders?

Directory of C:\WINDOWS

FFFE10~1 TMP 0 03-06-04 11:08p fffe101f_{3403CDC0-6FC3-11D8-96A2-00E0299E2939}.tmp
FFFE10~2 TMP 0 03-06-04 11:08p fffe101f_{3403CDC1-6FC3-11D8-96A2-00E0299E2939}.tmp
FFFE2C~1 TMP 0 03-06-04 11:37p fffe2ce3_{4A2148E0-6FC7-11D8-96A2-00E0299E2939}.tmp
FFFE2C~2 TMP 0 03-06-04 11:37p fffe2ce3_{4A2148E1-6FC7-11D8-96A2-00E0299E2939}.tmp
FFFED6~1 TMP 0 03-07-04 12:06a fffed6c1_{3C7E8B40-6FCB-11D8-96A2-00E0299E2939}.tmp
FFFED6~2 TMP 0 03-07-04 12:06a fffed6c1_{3C7E8B41-6FCB-11D8-96A2-00E0299E2939}.tmp


I religiously update and run:
Norton Anti-Virus
SpyBlocker, SpyBot, Ad-aware, and PestPatrol
The Cleaner - trojan scanner
 
Sort by date Sort by votes
Thank you so much. It is releaving to be able to get some understanding or to identify the issues involved where suspect security issues could be at risk.

I still don't understand why MSOFFICE would initialize such files at start-up. Oh well, at least have a starting point to go on. Thanks again.
 
Upvote 0 Downvote
OK - things are now understandable.

I had recently started using (and fully activated) the Microsoft Script Editor environment (MSE.exe) for use in creating VBscripts.

THere we have it - cause and effect. At least annoying is a better and more acceptible explanation than possible vulnerabilty.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

SaltyTheFrog
  • Locked
  • Question
Nearby Share security exposure
Replies
3
Views
443
goombawaho
goombawaho
CDIV
  • Locked
  • Question
port 8080 monitoring -Trend micro deep security agent
Replies
0
Views
207
CDIV
CDIV
Olumighty
  • Locked
  • Question
BIOS PASSWORD WIPE OR CLEAR ON COMPUTER LAPTOP 1
Replies
1
Views
181
SamBones
SamBones
Macola10
  • Locked
  • Question
Kapersky Small Office Security
Replies
0
Views
120
Macola10
Macola10
dan2229
  • Locked
  • Question
McAfee Security Scan Plus
Replies
3
Views
210
dan2229
dan2229

Part and Inventory Search

Sponsor

Back
Top