i usually peek inside system volume information once in awhile to see whats in there.
i have 8, yes 8 hard drives.
today on the 7 after the "C" drive i found a folder called EFA DATA. inside the folder i found a file called efadata.db
since i have never seen this file in all my days of computing i tried to delete it. what a surprise that i couldnt. i went to safe mode and could only delete it after i changed permissions.
has anyone else seen this name before?
Download Filemon.exe from Microsoft (was Sysinternals) and see if you can find out what process is using. The boot from a Linux live CD and see if you can delete it. If neither goes well start breaking out the rootkit detection software.
Usually google is your friend when finding "odd" files... but this time around, there is only one hit, and that is your own thread. Keep us posted.
as you say i cant find any reference to efadata.db on the web, i have never seen them before or since. as i said i deleted them in safe mode.
the only thing i have did this weekend that i have never done was to go into the regedit and force a name change for one of my hard drives. windows had for whatever reason picked the letter "J:" for the system drive. this led to numerous problems with windows update. so i forced the name change and ended up doing a reformat (again). i also elected to put service pack 3 on and all other high priority windows updates.
i think either the name change or the service pack 3 had something to do with it.
i scan nightly with updated spybot and norton. i am also behind 3 software and 1 hardware firewalls. i also have norton set to scan continuously for virus like activities. for years now i have removed system volume information from the exceptions list. i do not think it was an infection. probably some new thing from microsoft.
in any case the files have not reappeared.
will continue to look for info
Just a shot in the dark, but is it possible that it's tracking information for the drive letter change? (i.e. program X tries to access something on "j" drive, XP redirects it to "c" drive and writes a report for registry to automatically redirect the query).
Yeah, if you do not have one disk with one partition on it then Windows installer can do weird things.
|All times are GMT -7. The time now is 03:53 AM.|