What created that file?
February 9, 2006 11:46 AM Subscribe
How can I track the source of a file?
I have a user who is reporting that something is creating a file in an area that it shouldn't. This folder resides on a Windows server and he is running Windows XP (or 2000, but I'm pretty sure it's XP). He is seeing a file created periodically but has no idea where it's coming from and is concerned that security might have been compromised.
The file is named "clientid.txt" and contains the string, "3145204-218057". The folder it's being created in can only be accessed by him and Domain Admins. The file shows that it was created by this user.
I am thinking that some job or some process is running on his PC that is creating this file, but when I checked he had no jobs running. Maybe a rogue process, but I can't find it. Is there a way to find out what caused a file to be created? If not on an existing file, maybe there's a way to catch a process when it writes a file to a folder?
Again, if I wasn't clear, this is a Windows OS accessing a file share on a Windows network. No Linux servers can access the folder where this is being written. I'd appreciate any help greatly.
I have a user who is reporting that something is creating a file in an area that it shouldn't. This folder resides on a Windows server and he is running Windows XP (or 2000, but I'm pretty sure it's XP). He is seeing a file created periodically but has no idea where it's coming from and is concerned that security might have been compromised.
The file is named "clientid.txt" and contains the string, "3145204-218057". The folder it's being created in can only be accessed by him and Domain Admins. The file shows that it was created by this user.
I am thinking that some job or some process is running on his PC that is creating this file, but when I checked he had no jobs running. Maybe a rogue process, but I can't find it. Is there a way to find out what caused a file to be created? If not on an existing file, maybe there's a way to catch a process when it writes a file to a folder?
Again, if I wasn't clear, this is a Windows OS accessing a file share on a Windows network. No Linux servers can access the folder where this is being written. I'd appreciate any help greatly.
Googling "clientid.txt" leads to something called T-Serve—is your company using that?
posted by staggernation at 11:54 AM on February 9, 2006
posted by staggernation at 11:54 AM on February 9, 2006
Response by poster: I found T-Serve looking through Google. Also, some Asian (Chinese?) characters referencing some Linux sites. We don't use T-Serve, unfortunately. I am going to try setting up Filemon and see what I can find.
posted by bDiddy at 12:27 PM on February 9, 2006
posted by bDiddy at 12:27 PM on February 9, 2006
This thread is closed to new comments.
posted by empath at 11:53 AM on February 9, 2006