July 6th, 2005, 03:38 AM
random files on temp folder
I noticed that there are a lot of .dat files with random names that appeared on:
C:\Documents and Settings\%Username%\Local Settings\Temp
Some file name examples are: bpjh.dat, kcic.dat, mooo.dat, kgld.dat, pnjm.dat, etc...
I ran Trend Micro's Housecall and found nothing, spybot, adaware and no malware was found. I tried to google some of those file names and found nothing. One can conclude that this is propably nothing... But I had to go into safe mode to delete those files.
Has anybody seen anything like this? What's going on?
Running winxp pro, kerio PF, avast AV.
Any help will be highly appreciated.
July 6th, 2005, 03:55 AM
More info is needed.
File create date, modified date, accessed date.
What is in these .dat files? You can open them with notepad. (.dat is not an executable)(or, if you don't feel comfortable opening them, you can run a program like strings against it to pull out any strings and ignore all the garbage.)
Do they appear after running any certain application?
Temp files are just that... temporary files that are used by some application when it is running. Sometimes the programs they clean up after themselves, sometimes they don't. Sometimes program files will put their cache there (like browsers do) to speed up the next time you run the same task.
If you try to delete them, do they go away? Or, do you get an access denied like they are in use?
is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.
July 6th, 2005, 04:41 AM
There is only a creation date for each file, no access or modification date, and they were all created on different dates (same date for groups of 2 or 3 files.). Different sizes 88, 92 and 96 KB only.
I cannot link them to any specific app because I do not remember.
When I opened them with notepad I got unreadable garbage.
First time I found them I tried to delete them and got "in use" message, rebooted in safe mode and was able to delete them. Turns out I forgot to delete a few, rebooted in normal mode, and was able to delete them this time.
July 6th, 2005, 05:48 AM
.dat files can be associated with a lot of things. lol start opening programs and see what stops working. but chances are if they were in a temp file they will be recreated by what ever is using them. Id scan you computer for all malware (adware/spyware/viuses/etc) and scan in safe mode.
July 6th, 2005, 09:48 AM
Some applications will create a temporary file when you open it. If you try to clear a temporary folder all in one go you will get the "in use" message. You should be able to delete ones prior to the current day's date.
Quite a few of these files are related to software installation and updating. They just don't get cleared down afterwards.
If you scan for malware in safe mode and don't get any hits I think that you are safe.
As mentioned you should be able to delete everything not current from a temporary file folder. If it is needed the relevant application will recreate it when you run the application.
July 6th, 2005, 12:37 PM
Most probably you cannot delete the file, because another program is using it
(which might be not the case in safe mode). This has been mentioned already
There is an excellent tool by sysinternals, which shows you all handles.
Download it and filter the output for one of these file-names. You then
know which program is using that file - and maybe why.
In case there is an alternate stream attached, use streams.exe, also by
If you cannot find anything, the activity is hidden - nice programs are
not doing this. Even more - if that external tool cannot find anything,
you might have a lower-ring problem!
If the only tool you have is a hammer, you tend to see every problem as a nail.
(Abraham Maslow, Psychologist, 1908-70)
July 6th, 2005, 12:45 PM
I seem to remember most AV software create .dat files when updating pattern files, outlook and word also create dat files. Like Phish said. Just look at the strings.
July 13th, 2005, 01:33 AM
I am worried.
I started running IE for online banking (my bank currently only works with this browser, as I usually use Firefox).
While I was browsing my account, Kerio PF displayed the next message: "iome.dat is trying to access Windows Explorer" I chose to deny that action.
I checked C:\Documents and Settings\%username%\Local Settings\Temp and there was the file iome.dat
I have scanned with Housecall and then AdAware in safe mode and normal mode. What could be going on? or are these .dat files harmless.
July 13th, 2005, 01:44 AM
July 13th, 2005, 08:10 PM
it's a conspiracy, they are watching you
want to see something really interesting?
execute this command from the start->run prompt
edit "%HOMEPATH%\Local Settings\Temporary Internet Files\desktop.ini"
you will see a two line desktop.ini file, with a uiclsid value on the second line
add a negative sign "-" infront of UICLSID on the second line so that the second line starts like this
alt->file->save, then exit
to view most of IE's temporary files
"%HOMEPATH%\Local Settings\Temporary Internet Files\"
After doing this Internet Explorer will still work exactly as before, but now it will actually show you all of it's temporary files, grouped in Content.IE5, Content.MSO, etc.
Sad part is that IE tracks even more of your web surfing statistics and web sites visited, to access the rest of the files, you need to boot from seperate media as windows will hide them from you and not allow you to access them. That process is quite long however.
Try making a new folder anywhere labeled CON