View Single Post
Old 02. Oct 2014, 05:23 AM   #4 (permalink)
Join Date: Feb 2014
Location: South of the North Pole, North of Antarctica
Posts: 8

Originally Posted by Remah View Post
Zero byte files are not necessarily empty even if Windows Explorer thinks they are.

One of the main reasons is that they may require a specific driver or application to view them correctly:
  • they are probably encrypted or hashed in some way, ie. what you see requires a key to convert it to the correct file name
  • they can be metadata, in other words, descriptions stored in the file names which can be used for other purposes. In this case this appears unlikely but it remains a possibility.

I don't recognize the filenames. You might be able to work out the software that did this by:
  • remembering what happened at that date and time.
  • search for other files modified or created on that same date
  • check the installed programs list to see if there is a program which could have done this. You can also check the installed date to see if it matches or is near.
  • checking the Windows logs if they go back to that date and time to see what was happening then.
  • find if their was a program that has since been uninstalled by running a registry cleaner check that will list all the possible changes without actual cleaning the registry. This should show you any left-over entries from programs (including drivers) that have been uninstalled.
Thank you very much for your quick response, Remah. Out of your suggestions, the only one that provided info, it seems, was the Windows Logs. On the date them files were created and around the same time, something was going on with Norton Anti-Virus. Norton did something at 3:26 AM and then again at 5:12 AM. The files can't be from Norton, though. Can they? Each file name seems to be the same length and after copy & paste one of the file names into a character counter it came out to 220 characters. One long stream of letters, numbers and symbols. An example of one of the file names: ]'516b {U0NesbFN2]wDXUDXMYGNu}DFPwIKcDCN`N]~m(CHXETdh-8No(Bde__p)'rN7jRaEQshKdy9hl98mHo~(FTj'2h6aAiV(e{C W~L)5q8,vyHaFE2'vgzbAcN8yY(dv(RxQ-7vJ2+w4cNF(~_NLgdDg6hkz=1!VaQDvd[SM2Kp(4teA5R5 [rKrZ!M85AWy4kPl`Z60W(IITJBCU,1MZN

Honestly, looking at all the files after right click > View > Details, it looks like code. Like military or alien code you'd see in movies.

I was wondering if I cut and pasted the folder and files onto an external harddrive, maybe the program that's using them will present an error prompt? The only thing wrong with that is if they are .net install files like Burn-IT said, it might cause serious issues.

Do you happen to know of any site where I could upload one of these files to find out exactly what it is? Some anti-virus companies allow you to upload potentially harmful files.

Originally Posted by Burn-IT View Post
I think you will find that they are MS install files for .net
I had loads of them and I deleted mine with no bad effects - but check first as I may be wrong.
Thank you for your response. If they were MS files, wouldn't they be in the Windows folder? Do you know how I would be able to check to see if they're MS files? They couldn't have been from a Windows Update since this comp's OS is XP and support ended on April 8th and the files are from April 15th. Since support has ended, the only updates have been the Spyware Removal Tool.
Anablephobia is offline   Reply With Quote