Tech Support Forum banner
Status
Not open for further replies.

HELP..Something wrong in Microsoft\Protect folder

7K views 1 reply 2 participants last post by  jesraelo 
#1 ·
I have a weird one!!! In trying to solve other problems with the help of RIED in the HJT forum, I have stumbled on what I think is a BIG problem. I am trying to run the programs recommended by Ried (Ewido, Panda, etc), but when the scan gets to the system folder C:\documents and settings\owner\application data\microsoft\protect.
There is a folder in there along with a CREDHIST file. The folder is a string of number\letter combinations, but when I try to open it locks up the comp. When I try to right click to see properties, it never finds the end for size and number of files. After 10 minutes it was still 'counting' and was over 1 gig and 300,000 files and counting.
I did a search for file *.* in that folder and was able to see that each file looked like a string of numbers and letters and was less than 1k each, but the search was never ending either. I have had Panda running since midnight last night and it is still on that folder 10 hours later...I don't know if it will ever end.
Does anyone have a clue on this?
Can delete these files? I looked on my other 2 computers, and they both only have about a dozen files in the protect folder.

Thanks in Advance,
TB
 
See less See more
#2 ·
I have the same issue on my laptop. I have noticed, once I could see all the files (little over 900,000), that the the first filename datestamp goes to 11/23/2006 and the last one is 11/04/2007. Now, I have had this laptop two years prior to the first file and the file writing to this folder stopped about 3 weeks ago.
I can not backup my drive using Ghost because of failures scanning this folder [C:\Documents and Settings\LocalService\Application Data\Microsoft\Protect\s-1-5-19]. I can't virus scan because it takes over 10 hours. It is driving me crazy. I have renamed, changed attribute, moved this folder some where else and I am still afraid of deleting this folder due to the known reasons. It is related to the localservice account / group and I definitely don't want to loose all my installations.
However, a friend of mine at work recommend imaging this laptop and installing the image on a vmware and then deleting this folder and see what happens. However, I am afraid that the initial image processing may fail too.
Has anyone got back to you on this issue with some kind of a direction at all???
Any information will help.

thx

JohnE
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top