Randomly created hidden files in c:\windwos on 2012 R2 Server

Question

Does anyone have a fix for the following issue on a Server 2012 R2.
C drive has a number of randomly generated hidden system files under c:/windows/. The sizes of these files expand and contract. After a reboot these files may inflate to use all available space on the c:/. A subsequent series of reboots may reduce these file freeing up critical c:\drive space to about 15GB. Not sure what is causing this. You can only see these files using a tool like foldersizes or treesize.

Example:

c:\windows\7
c:\windows\a
c:\windows\r
c:\windows\d
c:\windows\rror=%id

Accepted Answer

May be the work of some sort of malware. There may be no process attached to them. You may need to setup some monitoring on the folder for file creation. If you need detailed assistance with ProcMon you could ask experts over here.
https://social.technet.microsoft.com/Forums/en-US/home?forum=procmon

--please don't forget to Accept as answer if the reply is helpful--

Answer

You can use a tool like ProcMon to determine what is creating the files as first step.
https://video2.skills-academy.com/en-us/sysinternals/downloads/procmon

--please don't forget to Accept as answer if the reply is helpful--

Answer

Thank you! I downloaded the ProcMon tool, which did show all running processes. However, I am still unable to identify what process is attached to these hidden files.

Share via

Randomly created hidden files in c:\windwos on 2012 R2 Server

2 additional answers

Your answer