Hi,
I don't know if this is the right forum to ask this.
I have a problem with files that I delete, which keep reappearing after a system reboot. (windows 10)
I've tried multiple times deleting the files, also emptying the trash bin afterwards. No success. They keep reappearing.
I also tried using File Shredder, which overwrites the files, (let's call the folder "files-I-want-to-be-gone" ), so the data shouldn't exist anymore at that particular place in the drive.
My next step was to use Microsoft Process Monitor's Boot Logging, with a filter set to the files in question.
After a reboot the logs contain entries:
Operation: CreateFile
Path: \\my-company-data\profile_mit$\my-account.V6\.IdeaIC2017.2\system\compile-server\files-I-want-to-be-gone_fd73740c
Desired Access: Read Data/List Directory, Synchronize
Disposition: Open
Options: Directory, Synchronous IO Non-Alert
ShareMode: Read, Write, Delete
Impersonating: <my company>\<my name>
OpenResult: Opened
And at the very top of the process trace in the boot log:
Module: SOPHOS~2.DLL
path: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL
description: Sophos Buffer Overrun Protection
version: 10.7.2.49
company: Sophos Limited
timestamp: 20.01.2017 20:12:11
at the second position in the trace it states:
Module: svchost.exe
Path: C:\Windows\System32\svchost.exe
for each file in the folder I want to be gone, there is an entry in this boot log, with SOPHOS~2.DLL at the very top of the trace.
My questions:
what's happening here?
how can I delete my files, without them being recreated on reboot?
Does sophos recreate those files?
This thread was automatically locked due to age.
