Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

hidden file on desktop is this normal?


  • Please log in to reply
15 replies to this topic

#1 cat33

cat33

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:08:17 PM

Posted 30 September 2010 - 01:13 PM

I noticed a hidden file on my master account's desktop. When I first noticed it I disconnected the internet and scanned it with Mcafee then Malwarebytes, then superanti-spyware, then reconnected to the internet and scanned it using Jotti online scanner. None of the scanners found anything. I researched it the best I can. I think it is some sort of alternative data stream. An application/octet-stream. Jotti said it was an MPEG. Are there any trusted programs that would put something like that on your desktop?

BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 55,252 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:08:17 PM

Posted 30 September 2010 - 01:51 PM

<<Are there any trusted programs that would put something like that on your desktop?>>

Something like what? Does this file have a name?

If it was hidden...how can you see/identify it?

As far as I know...the only "hidden files" are those where users do not choose to see all system files.

FWIW: .mpeg files do not possess the capability of being made invisible by Windows.

FWIW2: When things tend to come and go from your hard drive...that's probably a sign of a file system/hard drive problem.

FWIW3: A picture...really is worth a thousand words, at times.

Louis

#3 Gabrial

Gabrial

  • Members
  • 468 posts
  • OFFLINE
  •  
  • Local time:08:17 PM

Posted 30 September 2010 - 03:53 PM

Are your Windows Updates current with SP3 installed? Several years ago there was an exploitable buffer overflow in the COM+ subsystem that a carefully crafted image or avi container could exploit to perform arbitary code execution. If you're up to date on your Windows Updates I wouldn't worry much about viewing an mpeg file.

What is the filename?

When you enable "View hidden files and folders", you will see any previously hidden files on the desktop. These can be anything from thumbs.db thumbnail image cache files created by windows explorer to tempory word documents that normally aren't seen by the user on the system.

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,614 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:06:17 PM

Posted 30 September 2010 - 09:54 PM

"application/octet-stream" is a binary file and usually comes from an email attachment.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#5 Gabrial

Gabrial

  • Members
  • 468 posts
  • OFFLINE
  •  
  • Local time:08:17 PM

Posted 30 September 2010 - 10:00 PM

So there is a properties ADS that says it's an "application/octet-stream"? What is the file extention on the file? Did you check to see if the file had any other ADS with it?

Maybe looking at the file with a hex editor will reveal some information. Alot of data files will include headers with some identifiable information that could help us determine what it is.

#6 cat33

cat33
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:08:17 PM

Posted 01 October 2010 - 03:51 AM

I have never heard of a hex editor. I don't know much about computers. It will probably take me awhile to figure out how to use it. This is what it looked like in notepad++

Posted Image

I will go ahead and post what I have already got.

On Sunday, I clicked on "start" then right clicked on "my computer" then I clicked on "tools" then I clicked on "folder options" then clicked on "Show hidden files and folders" then clicked "apply" as shown in this pic. I put a circle on the screenshot around what I clicked.:

Posted Image

Uploaded with ImageShack.us

Then when I looked at my desktop I was surprised to see a folder I had never seen before but I remembered reading that folders are hidden for a reason and I figured I should investigate what it is:

Posted Image

I right clicked on the folder and then clicked on properties and this is the screenshot:

Posted Image

The I took a screenshot of the file that was in it:

Posted Image

This is a pic of the Jottie scan which gave me the idea that it is a MPEG file of some kind.

Posted Image

I tried to open it in firefox and this is what gave me the idea that it is an octet-stream.

Posted Image

I am up to date on all windows updates. I have windows set for automatic updates. I have had service pack 3 since it first became available to me back in 2008.

Seems like I read somewhere that an octet-stream is a type of alternative data stream but I can't find the info. If it really is an MPEG, I don't understand why I can't view it in a video player.

#7 hamluis

hamluis

    Moderator


  • Moderator
  • 55,252 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:08:17 PM

Posted 01 October 2010 - 08:11 AM

What Is An Application Octet Stream?

Since this file clearly had to be an attachment to an email (if I'm understanding correctly), that is where I would start my wondering.

Funny...I don't see any file extensions reflected for any of the files you uploaded graphics on...you did say that you turned on all file extensions, correct?

Possible Origitn of Agtems folder. See Temporary Files.

I'm not programmer of any sort, so all this is beyond my understanding.

IME, it's not unusual for temporary files/folders to appear within Windows. If the folder can be deleted, I believe that I have no problem.

Louis

#8 Gabrial

Gabrial

  • Members
  • 468 posts
  • OFFLINE
  •  
  • Local time:08:17 PM

Posted 01 October 2010 - 12:26 PM

If doesn't have to be an attatchment in email. Firefox will open all local files with unkown extentions as application/oclet-stream.

The file dates are November 1, 2009. Some program you ran on that date at about 2:45 am created this file on your desktop. The fact that the folder says TEMP makes me think this is a tempory file that was created by some program you ran and can probably safely be deleted. Jotti makes its best guess as to what file format it is. You might try adding a .mpeg extention to the file and try to open it in WMP, but I doubt it's really a media file.

If it was mine, I would just consider it a left over junk file from some program and move along.

#9 cat33

cat33
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:08:17 PM

Posted 01 October 2010 - 07:15 PM

I have tried to see the file extension with file extensions turned on but it made no difference.

I feel better knowing that it don't seem to be spyware.

#10 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,614 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:06:17 PM

Posted 01 October 2010 - 07:39 PM

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

64-bit users go HERE
  • Double-click SystemLook.exe to run it.
  • Vista users:: Right click on SystemLook.exe, click Run As Administrator
  • Copy the content of the following box into the main textfield:
    :file
    c:\documents and settings\owner\desktop\agtemp_12554109\devicerec~
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#11 cat33

cat33
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:08:17 PM

Posted 02 October 2010 - 04:31 PM

Here is the SystemLook.txt.

SystemLook 04.09.10 by jpshortstuff
Log created at 13:33 on 02/10/2010 by Owner
Administrator - Elevation successful

========== file ==========

c:\documents and settings\owner\desktop\agtemp_12554109\devicerec~ - File found and opened.
MD5: B2692019388E7237B8F148C670E89064
Created at 06:34 on 01/11/2009
Modified at 06:37 on 01/11/2009
Size: 1714560 bytes
Attributes: --a--c-
No version information available.

-= EOF =-

#12 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,614 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:06:17 PM

Posted 02 October 2010 - 04:58 PM

No usable info there...
I don't think, you have reason to worry about that folder. I'm just curious, what it is.
Further search for devicerec~ reveals this link: http://jreceiver.sourceforge.net/sdk/java/.../DeviceRec.html, which would indicate that file as a part of Java's JReceiver SDK

It'd be interesting to see what Java applications are listed in your Add\Remove.

You could also....

Download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
See, if that folder will disappear.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#13 cat33

cat33
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:08:17 PM

Posted 03 October 2010 - 01:53 PM

Some infections in my java were removed in the summer. I was surprised to see I had several versions of java on my computer and after reading we should only have the most recent version, I used JavaRa in August and was left with this on my add/remove programs.

Posted Image

Uploaded with ImageShack.us

I couldn't figure out how to get rid of Java 6 update 7.

Back in August, I only clicked on "Remove Old Programs". Last night I clicked on "Additional Tasks" and clicked on some of those things. I got rid of the Java 6 update 7. I was surprised to get rid of some more java stuff. Here is a log.

JavaRa 1.16 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Sun Oct 03 00:10:10 2010

------------------------------------

Finished reporting.



Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}

Found and removed: SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}

Found and removed: Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DBC80044-A445-435B-BC74-9C25C1C588A9}

Found and removed: Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}

JavaRa 1.16 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Sun Oct 03 00:28:07 2010

------------------------------------

Finished reporting.

I didn't click on "Remove Startup Entry" and "Remove JavaRa Language Preferences". I wanted to keep automatic updates and I need to make sure English is an option. I don't know what happens when click on the Language Preferences.

The hidden folder is still there.

Maybe later I will try to look at it in a hex editor.

#14 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,614 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:06:17 PM

Posted 03 October 2010 - 02:55 PM

Yeah, JavaRa will always find some garbage :thumbsup:

Can you zip devicerec~ file and attach it to your next reply?

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#15 cat33

cat33
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:08:17 PM

Posted 04 October 2010 - 10:15 AM

Thanks for the kind offer. The mystery of what it is has been solved.

I figured out why I can't watch devicerec~ file. I was able to open it in audacity. It is a 3 and a half minute audio of a T.V. newsclip that I watched on a T.V. station's website. I don't know how it got in a hidden folder. I don't know how to hide a folder but I am the one who was working on trying to download it so if somebody in my house hid it, it must have been me. :thumbsup:

It's been a year so I don't remember all the details. My family member tried to download it in a limited user account using the video downloaders we have but none of them would work and we were also having a hard time getting the video to play so I went into the master account because it seems like some things that don't work in the limited user account work ok in the master account. I also had trouble playing and recording it in the master account. I think I may have used camstudio to get the video part and audacity to get the audio part. My sound card does not support recording from what you hear on the speakers so I used my microphone put up against the speakers to get the sound(yes, my family wanted a copy of this clip and I needed to help).




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users