Not too long ago, I blogged about ADSs and the Prefetch directory...and so far, I've only been able to replicate this behaviour on XP Pro. I've tried XP Home and 2003, with no luck.
Is anyone else seeing this behaviour, or have you been able to replicate this on XP Home/2003?
I'm not sure about XP HE but doesn't W2K3 default to having just the boot prefetch enabled? Check the "EnablePrefetcher" value and see what it is set to. 3 is the default for XP Pro (enable Prefetch for both App Launch and Boot).
ReplyDeleteAnd no, I wasn't suggesting that you stop tracking down an unknown virus at that point, only that the Prefetch folder is a good place to monitor suspicious file activity.
I cannot replicate your behavior - running XP Pro SP2.
ReplyDeletedoesn't W2K3 default to having just the boot prefetch enabled?
ReplyDeleteYeah, you're right...but I couldn't get it to work when I changed the EnablePrefetcher value to '3', and rebooted...