Path:   
   eternal-september.org!news.eternal-september.org!feeder.eternal-september.org!n   
   ews.unit0.net!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail   
   From: VanguardLH    
   Newsgroups: microsoft.public.windowsxp.help_and_support   
   Subject: Re: Gradual out of disk space - fidbox.dat   
   Date: Tue, 3 Jan 2017 17:30:30 -0600   
   Organization: Usenet Elder   
   Lines: 76   
   Sender: VanguardLH <>   
   Message-ID:    
   References: <586BBE74.4BF3@mindspring.com>    
   <586C2167.1114@mindspring.com>   
   Mime-Version: 1.0   
   Content-Type: text/plain; charset="us-ascii"   
   Content-Transfer-Encoding: 7bit   
   X-Trace: individual.net hOmbmHcDwECCX9xccm8jbgj6vQFPoAWzxqWTpqKP0zve/xpUxM   
   Keywords: VanguardLH VLH811   
   Cancel-Lock: sha1:2AratJb0s9LvmrLUmVihAVdiwZo=   
   User-Agent: 40tude_Dialog/2.0.15.41   
   Xref: news.eternal-september.org   
   microsoft.public.windowsxp.help_and_support:31883   
      
   Ron Hardin  wrote:   
      
   > VanguardLH wrote:   
   >>    
   >> Ron Hardin  wrote:   
   >>    
   >>> In case anybody didn't know about it, there's a remnant from some   
   >>> popular virus scanner that gives you a growing file that eventually   
   >>> gets big enough to matter.   
   >>>   
   >>> c:WINDOWS/system32/drivers/fidbox.dat   
   >>>   
   >>> It's harmless to delete (and will grow again over a period of months)   
   >>> but you have to be in safe mode. A smaller one   
   >>>   
   >>> c:WINDOWS/system32/drivers/fidbox.idx   
   >>>   
   >>> can be deleted at the same time.   
   >>>   
   >>> The feature stays there long after the virus scanner has gone. It's   
   >>> worthwhile to check if you have them.   
   >>    
   >> How is that info going to help anyone since you deliberately chose to   
   >> omit WHICH anti-virus program is modifying that file?  There a tons of   
   >> anti-virus programs available.  Your post is like saying "A certain   
   >> program to remain unnamed will crash the OS when you use its File ->   
   >> Save dialog".  Uh huh, yeah, like who would know what to look out for.   
   >>    
   >> If the "feature stays there long after the virus scanner is gone", where   
   >> "gone" is assumed to mean uninstalled, then the program wasn't really   
   >> uninstalled, was it?  It's still there updating that file.  Perhaps the   
   >> partial uninstall is why the remnant process doesn't properly manage   
   >> that file.  Some anti-virus software has an incomplete uninstall which   
   >> not only leaves behind remnant registry entries and files but also   
   >> leaves behind remnant active processes; however, you won't name the   
   >> crappy software.  Thanks for nothing.   
   >>    
   >> Is it a secrete anti-virus program that you created for only your own   
   >> use or software that only you are supposed to know about?  Without   
   >> identifying specifics, you're just spreading FUD.   
   >    
   > I think it's a common module from Kapersky code.  Just check if you have the   
   file.   
   >    
   > It's a roach motel kind of thing.  It stays behind no matter what.   
   >    
   > I think for instance Zone Alarm installs it, and maybe AVG, in old versions   
   at least.   
   >    
   > Harmless to delete but it will grow again and you delete again after a few   
   months.   
      
   Here's what I found for Kaspersky:   
      
   https://support.kaspersky.com/1700   
      
   While that article discusses the Enterprise edition, the feature may be   
   available in other editions.   
      
   My recollection of Kaspersky (but it might've been a different   
   anti-virus program) was that it use alternate data streams of files to   
   record whether or not a file had already been tested.  A hash and flag   
   got recorded in a file's alternate stream to identify the file (the hash   
   would check if the file had been changed since the last time it got   
   recorded) and the flag said whether that file already got tested or not.   
   That way, the AV scanner did not have to spend time retesting the same   
   unchanged files over and over.  Alternate data streams are a property of   
   NTFS so you must be using that file system to make use of ADS   
      
   https://en.wikipedia.org/wiki/NTFS#Alternate_data_streams_.28ADS.29   
      
   Apparently either Kaspersky abandoned using ADS or it was something else   
   that used ADS to track scanned files.  Instead of using ADS, Kaspersky   
   is [now] using its own database.   
      
   However, if you uninstalled Kaspersky per your "The feature stays there   
   long after the virus scanner has gone" then having any of its process   
   lingering around to continue building the database sure makes it look   
   like you did not [completely] uninstall Kaspersky.   
   --- Platinum Xpress/Win/WINServer v3.1   
    * Origin: Prison Board BBS Mesquite Tx  //telnet.RDFIG.NET www. (1:124/5013)