what are these large files?

[graemenz]

Hi

I have some mysterious large files that I've found that are in my Trend Micro Internet security 2005 directory. Trend micro support tell me these files are nothing to do with trend micro. They were last accessed in May this year. Any ideas what they are or where they might have come from.

22/05/2005 12:35 a.m. 161,873,920 VSSBV70L.01A
22/05/2005 12:35 a.m. 161,939,456 VSSBV89D.01J
22/05/2005 12:35 a.m. 266,797,056 VSSBV94D.01F
22/05/2005 12:35 a.m. 266,797,056 VSS8PJ05.015
23/04/2005 11:10 p.m. 396,870,656 VSSAVJ6D.004

I'm using Win XP SP2 with all updates. My PC did have a few glitches earlier this year to do with svchost - I think this was caused by a Windows bug and not by a virus.

Any ideas what they are or how to find out what they are?

TIA
Graeme

 

[graemenz]

More ...

and I've just discovered the times/ dates of the files match the times/ dates of the svchost crash-dump files that are in my Windows/pchealth directory so I guess it was the svchost crash that created them - so now I'm gonna delete them.

Graeme

 

[FlyingPenguin]

Yes those are dump files, which are totally useless and should be disabled. Right click My Computer, Properties, Advanced, Startup and Recovery "Settings" button. Change "Write debigging information to either NONE or SMALL". While you're at it also uncheck "Automaticlaly restart. This keeps Windows from rebooting after a serious error.

 

[bsobel]

Originally posted by: FlyingPenguin
Yes those are dump files, which are totally useless and should be disabled. Right click My Computer, Properties, Advanced, Startup and Recovery "Settings" button. Change "Write debigging information to either NONE or SMALL". While you're at it also uncheck "Automaticlaly restart. This keeps Windows from rebooting after a serious error.

:roll: No, they are NOT completely useless they are your only way in my cases of tracking down the cause of a fault. Leave them enabled so they can be automatically submitted after a crash.

 

[Venomous]

Automatically submitted? To whom? Microsoft? LOL, like they are going to send you an email telling you what happened, pulease

 

[bsobel]

Originally posted by: Venomous
Automatically submitted? To whom? Microsoft? LOL, like they are going to send you an email telling you what happened, pulease

Yes, the submissions are filtered into fault buckets and routed to the appropriate ISV to fix their bug. The auto-bug submission process is one of the reasons that software (especially drivers) on XP has improved in reliability over previous veroins. In the future, if you don't know what your talking about, don't prove it by saying something...

 

[ColKurtz]

Originally posted by: bsobel
In the future, if you don't know what your talking about, don't prove it by saying something...

Bsobel. Please. Why be so arrogant? If you think that dumps from the bazillions of virus/malware/bug-infested machines are "routed to the appropriate ISV" and analyzed, then your cluelessness belies your status here. Further, memory dumps can contain sensitive information so, along with the unnedded space it takes on hard drives, disabling them is sound advice IMO.

Just becuase your post count is high doesn't mean what you say is correct, and doesn't give you liberty to be an ass.

 

[bsobel]

Bsobel. Please. Why be so arrogant? If you think that dumps from the bazillions of virus/malware/bug-infested machines are "routed to the appropriate ISV" and analyzed, then your cluelessness belies your status here. Further, memory dumps can contain sensitive information so, along with the unnedded space it takes on hard drives, disabling them is sound advice IMO.

Just becuase your post count is high doesn't mean what you say is correct, and doesn't give you liberty to be an ass.

However, what I posted is correct. It doesnt' matter that you may not be familiar with what happens to those dumps when Windows Error Reporting uploads them, I am familar with the process and posted about it.

If you think that dumps from the bazillions of virus/malware/bug-infested machines are "routed to the appropriate ISV" and analyzed, then your cluelessness belies your status here

We have real-time access to dumps attributed to us, we monitor them live when we release patches and updates. What is your direct experience with the system? I'm gonna go out on a limb and say none (based on our not knowing the above actually happens). You may want to avoid calling someone an 'ass' and 'clueless' until you have some background in the subject matter.

Bill

 

[graemenz]

I don't think the list of files I posted were crash dump files - those files are like 300 to 400 MB and that's the compressed size. The actual svchost crash dump files are tiny and in pchealth directory. The list of files I posted are actually in my trend micro internet security 2005 directory and are probably the result of software gone berserk. At the time the crash happened, my machine kind of locked up and became unusable and almost un-rebootable whilst C drive free space continued falling. I'm planning to migrate C drive to a second hard drive and eventually do a clean re-install of XP - though the svchost crash hasn't happened for a while and I know there was an MS hotfix related to it not long ago.

Graeme

 

[Venomous]

Originally posted by: bsobel

Bsobel. Please. Why be so arrogant? If you think that dumps from the bazillions of virus/malware/bug-infested machines are "routed to the appropriate ISV" and analyzed, then your cluelessness belies your status here. Further, memory dumps can contain sensitive information so, along with the unnedded space it takes on hard drives, disabling them is sound advice IMO.

Just becuase your post count is high doesn't mean what you say is correct, and doesn't give you liberty to be an ass.

However, what I posted is correct. It doesnt' matter that you may not be familiar with what happens to those dumps when Windows Error Reporting uploads them, I am familar with the process and posted about

If you think that dumps from the bazillions of virus/malware/bug-infested machines are "routed to the appropriate ISV" and analyzed, then your cluelessness belies your status here

We have real-time access to dumps attributed to us, we monitor them live when we release patches and updates. What is your direct experience with the system? I'm gonna go out on a limb and say none (based on our not knowing the above actually happens). You may want to avoid calling someone an 'ass' and 'clueless' until you have some background in the subject matter.

Bill

So now you claim youre a microsoft engineer in Redmond WA eh? Welp, I cant see how you can monitor all of those DUMPS, LIVe... If thats the case, why arent there updates being released every 10 minutes than?

 

[bsobel]

So now you claim youre a microsoft engineer in Redmond WA eh? Welp, I cant see how you can monitor all of those DUMPS, LIVe... If thats the case, why arent there updates being released every 10 minutes than?

No, I did not claim that. People around here know I work at Symantec. I said that we (Symantec) have real time access to our fault bucket. MS has an automated system to send the dump to the 'most likely canidate' if you will.

As for updates being released every 10 minutes, the dumps help in two cases. One to find faults occuring in weird configurations your not likely to see in QA. Those get prioritized back into development for fixes. Those fixes go back thru the development cycle as with any other bug report. The second is to monitor new updates/patches to ensure that 'nothing slipped thru' as it were as a spike in bug submissions can be used to abort a patch rollout.

Bill

 

[birdpup]

Originally posted by: Venomous
So now you claim youre a microsoft engineer in Redmond WA eh? Welp, I cant see how you can monitor all of those DUMPS, LIVe... If thats the case, why arent there updates being released every 10 minutes than?

Not to choose sides, but participating in comp.unix.bsd.freebsd.misc for the last few years has taught me to recognize when attitude is backed by skill. bsobel, or "Bill Sobel at Symantec.com" shows the skill even if it is handed with some attitude. Please google "bill sobel" and you will find someone with that name posting frequently with a Symantec email address. It is easy to assume this person works at Symantec and therfore deduce who has the skill. And yes, I stated my assumption because I have no idea if this bsobel is knowledgable or not but he does appear knowledgable.

ColKurtz had a valid question and point to make but Venomous, please think your actions through before you act upon them. bsobel did not make a claim to be a microsoft engineer. This was an incorrect assumption.

The truly knowledgable people often do not have enough time or the proper temperament for curteous advice. However, which would you prefer technically incorrect courtesy or technically correct attitude? I am sure the original poster is happy to have had his question answered correctly and you do not see FlyingPenguin, who has also proven himself to be extremely knowledgable, complaining about the attitude.

Just relax and remember some humility.

 

[xgsound]

Birdpup has eloquent comments on the above thread. It seems that some of us (ATers) got caught with our pants down, or at least slightly askew.

I assume most of us are here to learn or help. I know Flying Penguin has beat me in replying to several threads, and with better advice too! Just keep helping fellas.


Jim

 

[bsobel]

Microsoft has a developer conference every year (the MS PDC). Interestingly (to this discussion) one of the sessions is:

Windows Error Reporting Analysis

For ISVs, when your application crashes an error gets sent to Microsoft; come and get access to those error reports from your applications and get assistance from Windows developers to fix the most common crashes in your application.

The developer portal, where the reports are stored, is a free service. Get first hand experience in analyzing this data so you can improve your product! 

Basically, it's a session on the system and how ISV's can use it to fix their bugs.