Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Mystery c:\Mount folder - I deleted it, is it likely to cause any problem?


  • Please log in to reply
7 replies to this topic

#1 jonuk76

jonuk76

  • Members
  • 2,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wales, UK
  • Local time:07:58 AM

Posted 21 September 2015 - 10:37 AM

I was asked to look at a PC today which has been having problems running a virus scanner (Avira).  It's a Windows 10 PC which was upgraded from Windows 7 about a month ago.  Specifically, the AV scan would freeze and fail each time on a mystery folder on the c drive called "Mount".  It was about 1.5gb in size, and contained partial copies of the Windows, Program Files, Program Files (x86), and Program Data folders.  The owner of the Mount folder was TrustedInstaller, and the last modified date on the folder was early July this year.

 

Like I said, I've already deleted it, after taking ownership of the folder and resetting the folder permissions, and it doesn't appear to have caused any issues so far.  It seems to have fixed the problem with the AV scan. What I was wondering is why was the folder there?  I've never seen it before, and have I done something I shouldn't have by deleting it!  EDIT Before I deleted it I did some simple internet research which led me to believe it was something leftover from Windows installer, and didn't need to be there.


Edited by jonuk76, 21 September 2015 - 10:40 AM.

7sbvuf-6.png


BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:58 AM

Posted 21 September 2015 - 10:44 AM

From what I can read in the article below, it seems that someone might have mounted a drive in the past there using a folder path and not a letter.

http://wiki.flexraid.com/2011/09/29/tips-mounting-your-drives-as-folders-on-windows/

How many drives and partitions does that computer have?

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 jonuk76

jonuk76
  • Topic Starter

  • Members
  • 2,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wales, UK
  • Local time:07:58 AM

Posted 21 September 2015 - 11:00 AM

Not a huge number.  It has an SSD (Windows C drive), and a secondary HDD split into a couple of partitions, plus an optical drive.  Nothing too unusual.  I'm fairly confident the user would not have the need (or probably technical know how) to mount drives as folders, and he didn't know anything about why it was there.


7sbvuf-6.png


#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:58 AM

Posted 21 September 2015 - 12:08 PM

It's possibe that this was a temporary folder creating during Windows' installation or upgrade process and the installer failed to delete it after.

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 jonuk76

jonuk76
  • Topic Starter

  • Members
  • 2,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wales, UK
  • Local time:07:58 AM

Posted 21 September 2015 - 07:04 PM

Thanks.  Yes I hope that is the case, and it is what some replies on forums were suggesting.  Couldn't find anything concrete though.  Deleting it doesn't seem to have adversely affected anything though, as far as I can tell.


7sbvuf-6.png


#6 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:58 AM

Posted 21 September 2015 - 07:20 PM

As long as deleting it didn't affect the system, then I guess it's safe to assume that it wasn't needed anymore :P

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#7 jonuk76

jonuk76
  • Topic Starter

  • Members
  • 2,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wales, UK
  • Local time:07:58 AM

Posted 21 September 2015 - 07:43 PM

Yes indeed :)

 

Still, I find it weird how this folder was causing the anti virus program scans to fail (Avira's logs showed thousands of unable to access file errors for that folder).  If an anti virus program doesn't have the necessary permissions to access it, no doubt that could be misused by something malicious.


7sbvuf-6.png


#8 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:58 AM

Posted 21 September 2015 - 07:44 PM

Not the first time that an Antivirus couldn't access a file or folder for lack of permissions. Either the ACL were messed up on that folder or the Antivirus really didn't have the basic permissions to access it :P

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users