1

Does anyone recognise this suspicious folder that sits on my C drive?

The folder sits on my C drive at C:\cacde6d0fd849a939328ab\ The name obviously looks like a hash/encryption/or junk text.

The folder has the following contents: enter image description here

Do you recognise these files and know if they are benign parts of windows or malicious program files?

What makes me suspicious is that the folder and all its files are locked and cannot be deleted and because of the root folder name. I am aware that sometimes when Windows is uninstalling a program and the uninstallation is interupted that these kinds of folders can remain and have exe's in it by the name of htstub.exe (or something similar). Is this folder something similar, ie, benign?

Improve this question
3
  • 3
    Please, DO NOT CROSS-POST..... security.stackexchange.com/questions/40031/…
    – Ayrx
    Commented Aug 4, 2013 at 4:13
  • You might not be able to delete them easily, but couldn't you hover over the Setup and the MSI (NPD40..) and determine what the item is? Also shown is the "KB2840628" starting with KB like that usually indicates an update item, and using the whole number it is searchable on the web easily. You could use that method at any time to get a fair idea as to what your looking at. Then from there determine if it is consistant with a virus item or mostly looks like what it shows to be an update item. Then hop into the updates and check the update history, and stuff to see if it "failed"
    – Psycogeek
    Commented Aug 4, 2013 at 4:44
  • Yep, see 'em all the time. Leftovers from Windows Update. Pretty conclusive from the contents. That NDP40-KB2840628 is a massive clue. Google the KB number and you find plenty of results from Microsoft.
    – Fiasco Labs
    Commented Aug 4, 2013 at 15:03

3 Answers 3

Reset to default
2

No, this is either an uninstallation store for a windows update, or the temporary files left over after installing a windows update (KB2840628 a security update to .Net Framework 4). you can delete the folder, but that means it will be harder to uninstall the update in future.

Improve this answer
0

The folder is mostly likely left over from a windows update. You need to go the security tab and "take ownership" of the folder. Then you can delete it.

Improve this answer
0

Windows extracts the files from VC++ or .Net framework Updates to the drive with most free space. This is such an temporary folder which you can safely delete after you've installed the update.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .