Author Topic: How do I find where a folder originates from  (Read 7953 times)

0 Members and 1 Guest are viewing this topic.

Offline em17976

  • Jr. Member
  • **
  • Join Date: Sep 2014
  • Posts: 60
  • Karma: 0
    • View Profile
How do I find where a folder originates from
« on: October 06, 2014, 09:46:32 am »
Hi Shane,
The folder is in the subdirectory under Program files (x86) and I believe it has a virus. Numerous virus checks with no success.  The folder is TChromium and I tried to remove it in safe mode and tried to rename it to something else and it comes right back.  A file in it triggers a com surrogate error.  I tried googling it and I came up empty. It has been with me for two months and I am tired of the error.

HELP

Thanks,

Ed

◄◄◄◄◄◄

Offline Shane

  • Administrator
  • Hero Member
  • *****
  • Join Date: Sep 2011
  • Posts: 9281
  • Location: USA
  • Karma: 137
  • "Knowledge should be shared not hidden."
    • View Profile
Re: How do I find where a folder originates from
« Reply #1 on: October 06, 2014, 02:13:14 pm »
Windows doesn't keep track of what made a folder or file. So in order to find out what process or service on the system is making the folder after you delete, you have to catch it in the act :-)

And this is how you do it, Process Explorer
http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx

This will trace everything that is happening on the system, start it up, then go delete or rename that folder, then when it comes back tell processes explorer to stop running and then look at the results it found and see if you can find what process made the folder back. You can even put in a filter to where it only shows results from a certain path and all kinds of others.

But for me, this is how I would go about finding out what processes is doing something. In fact it is the only way I have found to do that. :wink:

Shane