Tweaking.com Support Forums

Main Forum => General Computer Support => Topic started by: em17976 on October 06, 2014, 09:46:32 am

Title: How do I find where a folder originates from
Post by: em17976 on October 06, 2014, 09:46:32 am
Hi Shane,
The folder is in the subdirectory under Program files (x86) and I believe it has a virus. Numerous virus checks with no success.  The folder is TChromium and I tried to remove it in safe mode and tried to rename it to something else and it comes right back.  A file in it triggers a com surrogate error.  I tried googling it and I came up empty. It has been with me for two months and I am tired of the error.

HELP

Thanks,

Ed

◄◄◄◄◄◄
Title: Re: How do I find where a folder originates from
Post by: Shane on October 06, 2014, 02:13:14 pm
Windows doesn't keep track of what made a folder or file. So in order to find out what process or service on the system is making the folder after you delete, you have to catch it in the act :-)

And this is how you do it, Process Explorer
http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx

This will trace everything that is happening on the system, start it up, then go delete or rename that folder, then when it comes back tell processes explorer to stop running and then look at the results it found and see if you can find what process made the folder back. You can even put in a filter to where it only shows results from a certain path and all kinds of others.

But for me, this is how I would go about finding out what processes is doing something. In fact it is the only way I have found to do that. :wink:

Shane