Sign in with
Sign up | Sign in
Your question

EXTRA BOGUS Temporary Internet Files, Cookies, & History f..

Last response: in Windows XP
Share
Anonymous
April 24, 2005 6:02:29 PM

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

First, let me be clear. I am not asking how to empty out the standard TIF
(Temporary Internet Files), History, and Cookies folders. I know how to
do that using Internet Properties.

The problem I have here is an EXTRA set of BOGUS folders with the same
names that get created in my Temp folder every time I boot up in normal
mode. They cannot be deleted in normal mode either. If I boot to Safe
Mode I can delete them and if I then reboot to Safe Mode again they do
not get created.

I have done some experiments and if I use MSConfig to disable all of my
Startup items the folders still get recreated when I boot to Normal Mode.
However, if I choose Diagnostic Startup in MSConfig then the files do not
get recreated when I boot to Normal Mode. This tells me that the issue is
most likely caused by some service but I can't figure out which. I am
certainly not in the mood to reboot my computer dozens more times today
just to figure out which service is causing this problem. I am guessing
it has something to do with the system for replacing protected files.

I have done some research in the newsgroups and the exact same issue has
been reported several times over the last few years. Usually there is no
response at all. In one thread some people suggested booting to the DOS
prompt and using the DELTREE command to remove the offending files and
they wouldn't come back after that. Unfortunately, I have tried booting
to Safe Mode with Command Prompt as well as booting off of a floppy to
delete the files. They just come right back when I boot to Normal Mode.

Along with the a fore mentioned folders a series of .tmp files get
created with file names such as "~DF8F55.tmp" and "~DFA943.tmp". These
two were created within a minute of booting up. Over time I often get
dozens more. None of these files can be deleted in Normal Mode. I get a
dialog saying the file is being used by another program.

This problem has been ongoing for months. I have no idea how long it had
been happening before I even noticed it.

I am now concerned that I may have some virus or spyware that is causing
this. Here's the deal. I am a professional computer consultant. Most of
what I do these days is clean up spyware off of PC's for people. I have
scanned the hell out of my machine and never find anything other than a
few tracking cookies. This has me completely stumped.

Does anyone have any idea what could be causing this issue?
Anonymous
April 25, 2005 3:09:14 AM

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

In article <9CE5DE22-6032-43A7-88B2-EAB5E7DEF5B2@microsoft.com>,
Terry@discussions.microsoft.com says...
> I had a Trojan worm that i spent 3 day tracking, but you wont have to spend
> that long. my Virus was the W32.Beagle.gen, I finally went to my registry and
> used find. when i found it. i deleted it.
>
So you had the exact same problem? How did you find the virus entry in
your registry? Surely it isn't entered under the name given to it by
antivirus software?

Searching my registry for a long list of trojans and viruses is something
I expect my antivirus software to do.
April 25, 2005 3:09:15 AM

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

"Grant Robertson" wrote:

> In article <9CE5DE22-6032-43A7-88B2-EAB5E7DEF5B2@microsoft.com>,
> Terry@discussions.microsoft.com says...
> > I had a Trojan worm that i spent 3 day tracking, but you wont have to spend
> > that long. my Virus was the W32.Beagle.gen, I finally went to my registry and
> > used find. when i found it. i deleted it.
> >
> So you had the exact same problem? How did you find the virus entry in
> your registry? Surely it isn't entered under the name given to it by
> antivirus software?
>
> Searching my registry for a long list of trojans and viruses is something
> I expect my antivirus software to do.
>
Grant,,
I was surprised too. all the antivirus program did not remove it. I was at a
loss.
but after 3 days of internet searches and trial & error, I was able to
figure it out.
The most inportant thing is to identify the virus that is affecting the
computer.
I found a reference in Norton info pages that some virus had to be manully
removed. They hid very successfully in the Registry. Yes the virus is under
the same name that the antivirus give. Here is the norton website that i used
to find the proper name.
http://securityresponse.symantec.com/avcenter/vinfodb.h...
but first thing is to run the msconfig to make sure that the start up
application are not being hampered by a bad program loaded in the start up
configuraton
follow this task in this website.
http://netsquirrel.com/msconfig/
if this does not load the msconfig as about then you must download the
applet below from Mike lin. "MIKE LIN ROCKS!!!"
http://www.mlin.net/StartupCPL.shtml
in the config startup applications use this site to identify any bad
applications
http://www.sysinfo.org/startuplist.php
after the system config is clear then go to the registry and do the 'FIND'
Go to START>RUN> enter "regedit" >click OK.
in the Registry editor go menu > edit>Find enter the proper virus name.
when it is found delete it and everything should be fine.
CIAO
Terry
P.S. my red harddrive light is very dim now. and the computer is very
silent. I think the virus was giving my system a work out. The computer is
twice as quiet, now. Before the red light on the harddrive was almost alway
bright. now it is hardly on. A lot less stress on the system. the computer is
a lot faster and smoother also.
Good luck!!!
Related resources
Can't find your answer ? Ask !
Anonymous
April 25, 2005 3:18:55 AM

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

On a hunch I went into MSConfig and disabled anything having to do with
Norton Internet Security. Deleted the files in Safe Mode and rebooted.
The bogus folders were not recreated. But after a few seconds a DF*.tmp
file was created. I could not delete it. So I opened Task Manager and
started killing processes. My second guess was Microsoft AntiSpyware's
gcasServ.exe process. I was able to delete the file. I left the process
dead for a while and no new files were created. As soon as I started up
Microsoft AntiSpyware it created two new files.

So it seems the cause of my problem is the software I use to protect
myself. Norton Internet Security creates the bogus IE cache folders and
Microsoft AntiSpyware creates the DF*.tmp files.

I don't mind them creating the files but I don't like them being
undeletable while the programs are running. This means I have to figure
out some way to empty out the Temp folder before these processes are
started so it doesn't eventually fill up and take over my whole hard
drive.
Anonymous
April 25, 2005 4:43:56 AM

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

"Grant Robertson" <BOGUS@BOGUS.com> wrote in message
news:o Ft3j3USFHA.3544@TK2MSFTNGP12.phx.gbl...
> On a hunch I went into MSConfig and disabled anything having to do with
> Norton Internet Security. Deleted the files in Safe Mode and rebooted.
> The bogus folders were not recreated. But after a few seconds a DF*.tmp
> file was created. I could not delete it. So I opened Task Manager and
> started killing processes. My second guess was Microsoft AntiSpyware's
> gcasServ.exe process. I was able to delete the file. I left the process
> dead for a while and no new files were created. As soon as I started up
> Microsoft AntiSpyware it created two new files.
>
> So it seems the cause of my problem is the software I use to protect
> myself. Norton Internet Security creates the bogus IE cache folders and
> Microsoft AntiSpyware creates the DF*.tmp files.
>
> I don't mind them creating the files but I don't like them being
> undeletable while the programs are running. This means I have to figure
> out some way to empty out the Temp folder before these processes are
> started so it doesn't eventually fill up and take over my whole hard
> drive.

If the file is in use, it's in use...you can't delete it. It would be like
deleting a program while it's running. Doesn't matter that it's in the temp
folder, if the program need it to run. You'd find the same thing if you
tried to delete MS Word files while Word was working on them. Or just about
any program that works that way.

Or is it creating *more* files each time? If it's the same ones (or if it
deletes old one and creates new) it shouldn't be anything to worry about,
but if they're growing in number/size, are you saying you can't delete any
of them, or just the new ones?

Instead of trying to delete them at startup, you might be better served by
deleting them at shutdown, after the program that created them has closed.
Create a batch file to delete them. But really, if the program needs them
and creates them at every startup, deleting them seems to be sort of futile.
!