My buddy Michael sends a worried e-mail:
I’ve got a question/concern:
I found the attached .txt file in a weird folder on my C: drive.
It has me a bit concerned, b/c it’s such a detailed log of some serious changes on my machine.
The folder was named “6d3f48932a458452fc06ece98b60″ and is dated 11/19/2006.
One possible clue: I installed the new IE somewhere around this date– but my concern is that I’ve found several of these similar folders & txt files on Renee’s computer, and I haven’t upgraded her IE.
WTF is it? Does it mean anything to you? Is it nothing, or something bad?
I have those on several machines here. They’re perfectly normal, if a bit baffling. The best clue was the name of the attached file:
It’s easy enough to break that down:
- The .log extension means this is a log file, in text format, documenting changes that were made to the system.
- The -enu bit at the end means it was in the English (U.S.) language.
- KB927978 refers to a Microsoft Knowledge Base article number.
- And if you look for that article, you find out that it’s entitled “MS06-071: Security update for Microsoft XML Core Services 4.0″, which pretty neatly takes care of the msxml4 part at the beginning of the name.
The long, gobbledygook number is a security precaution. If you write a patch to a known location on every one of a few hundred million PCs, then the bad guys know to target that location. By creating a system-generated name for the folder, it’s impossible for an attacker to target the files in that location.
If you’ve got one or more of these folders hanging around, you can safely delete it.