Subj : Re: Gradual out of disk space - fidbox.dat To : All From : V@nguard.LH Date : Thu Jan 03 2019 05:30 pm Path: eternal-september.org!news.eternal-september.org!feeder.eternal-september.org!n ews.unit0.net!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail From: VanguardLH Newsgroups: microsoft.public.windowsxp.help_and_support Subject: Re: Gradual out of disk space - fidbox.dat Date: Tue, 3 Jan 2017 17:30:30 -0600 Organization: Usenet Elder Lines: 76 Sender: VanguardLH <> Message-ID: References: <586BBE74.4BF3@mindspring.com> <586C2167.1114@mindspring.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Trace: individual.net hOmbmHcDwECCX9xccm8jbgj6vQFPoAWzxqWTpqKP0zve/xpUxM Keywords: VanguardLH VLH811 Cancel-Lock: sha1:2AratJb0s9LvmrLUmVihAVdiwZo= User-Agent: 40tude_Dialog/2.0.15.41 Xref: news.eternal-september.org microsoft.public.windowsxp.help_and_support:31883 Ron Hardin wrote: > VanguardLH wrote: >> >> Ron Hardin wrote: >> >>> In case anybody didn't know about it, there's a remnant from some >>> popular virus scanner that gives you a growing file that eventually >>> gets big enough to matter. >>> >>> c:WINDOWS/system32/drivers/fidbox.dat >>> >>> It's harmless to delete (and will grow again over a period of months) >>> but you have to be in safe mode. A smaller one >>> >>> c:WINDOWS/system32/drivers/fidbox.idx >>> >>> can be deleted at the same time. >>> >>> The feature stays there long after the virus scanner has gone. It's >>> worthwhile to check if you have them. >> >> How is that info going to help anyone since you deliberately chose to >> omit WHICH anti-virus program is modifying that file? There a tons of >> anti-virus programs available. Your post is like saying "A certain >> program to remain unnamed will crash the OS when you use its File -> >> Save dialog". Uh huh, yeah, like who would know what to look out for. >> >> If the "feature stays there long after the virus scanner is gone", where >> "gone" is assumed to mean uninstalled, then the program wasn't really >> uninstalled, was it? It's still there updating that file. Perhaps the >> partial uninstall is why the remnant process doesn't properly manage >> that file. Some anti-virus software has an incomplete uninstall which >> not only leaves behind remnant registry entries and files but also >> leaves behind remnant active processes; however, you won't name the >> crappy software. Thanks for nothing. >> >> Is it a secrete anti-virus program that you created for only your own >> use or software that only you are supposed to know about? Without >> identifying specifics, you're just spreading FUD. > > I think it's a common module from Kapersky code. Just check if you have the file. > > It's a roach motel kind of thing. It stays behind no matter what. > > I think for instance Zone Alarm installs it, and maybe AVG, in old versions at least. > > Harmless to delete but it will grow again and you delete again after a few months. Here's what I found for Kaspersky: https://support.kaspersky.com/1700 While that article discusses the Enterprise edition, the feature may be available in other editions. My recollection of Kaspersky (but it might've been a different anti-virus program) was that it use alternate data streams of files to record whether or not a file had already been tested. A hash and flag got recorded in a file's alternate stream to identify the file (the hash would check if the file had been changed since the last time it got recorded) and the flag said whether that file already got tested or not. That way, the AV scanner did not have to spend time retesting the same unchanged files over and over. Alternate data streams are a property of NTFS so you must be using that file system to make use of ADS https://en.wikipedia.org/wiki/NTFS#Alternate_data_streams_.28ADS.29 Apparently either Kaspersky abandoned using ADS or it was something else that used ADS to track scanned files. Instead of using ADS, Kaspersky is [now] using its own database. However, if you uninstalled Kaspersky per your "The feature stays there long after the virus scanner has gone" then having any of its process lingering around to continue building the database sure makes it look like you did not [completely] uninstall Kaspersky. --- Platinum Xpress/Win/WINServer v3.1 * Origin: Prison Board BBS Mesquite Tx //telnet.RDFIG.NET www. (1:124/5013) .