how do I find out what software is accessing my hard drive? i am on a inspiron 8200 w/ home WinXP and there is something that is constantly accessing my hard drive. how do i find out what it is? thanks
What is accessing my hard drive?
- Thread starter airduct
- Start date
It could be something that is updating it self or if you're connected to the internet and don't have a firewall then it could be outside connections trying to hack your machine or steal info.
You could always check to see which processes are active in your task manager. It will let you know how much resources are being used as well as what programs are running.
You could always check to see which processes are active in your task manager. It will let you know how much resources are being used as well as what programs are running.
before u panic..
actually, here's what u do.
disconnect from internet...if still no change, that means ur not being hacked.
Look at your taskbar, it can be a virus scanner scanning, a scheduled task like Defragmenter working,
or another program.
on the other hand, if u think someone is accessing your system, go to Start, Run, and type in "compmgmt.msc" and Enter.
Under SystemTools, SharedFolders, you should see Shares, Sessions, OpenFiles...click on these to make sure things look alright.
if someone is accessing your files, it will also show up there. Sessions and OpenFiles should 'usually' be empty, unless someone IS
looking at your files. You can also do a few other things like turn on full logging under your Profiles, to audit access events etc...
then you will be able to see any activity in your EventViewer(Start, Run, "eventvwr" and Enter).
a personal firewall with IDS is also recommended...
actually, here's what u do.
disconnect from internet...if still no change, that means ur not being hacked.
Look at your taskbar, it can be a virus scanner scanning, a scheduled task like Defragmenter working,
or another program.
on the other hand, if u think someone is accessing your system, go to Start, Run, and type in "compmgmt.msc" and Enter.
Under SystemTools, SharedFolders, you should see Shares, Sessions, OpenFiles...click on these to make sure things look alright.
if someone is accessing your files, it will also show up there. Sessions and OpenFiles should 'usually' be empty, unless someone IS
looking at your files. You can also do a few other things like turn on full logging under your Profiles, to audit access events etc...
then you will be able to see any activity in your EventViewer(Start, Run, "eventvwr" and Enter).
a personal firewall with IDS is also recommended...
I do not know if this is applicable or not to the Home Edition, but check and see if Indexing Services is running. Also, if you are running any Norton AV software, see if the Live File System protection is enabled is it is available.
Step aside all you inferior geeks, here comes the good info:
Go to sysinternals.com and download diskmon. It'll tell you every single disk operation that happens and what program caused it.
http://www.sysinternals.com/ntw2k/freeware/diskmon.shtml
Go to sysinternals.com and download diskmon. It'll tell you every single disk operation that happens and what program caused it.
http://www.sysinternals.com/ntw2k/freeware/diskmon.shtml
Originally posted by: jjsole
Sorry to bog your system down. I got what I needed and am through now.
evil, just evil!
Originally posted by: jjsole
Sorry to bog your system down. I got what I needed and am through now.
that's so not funny
... thanks for all the replies, i'll see if it works. I removed alot of the stuff that came w/ the inspiron 8200 system: Norton AV (it only had 90 days registration and is so bloated and slow), all the symantec auto update stuff, MSN explorer (I sign up using it, but then deleted it and currently using DUN)... i am trying to figure out how to remove Windows Media Player 8.0 and a couple of other useless, bloated programs. thanks again for all the replies.
It's probably XP's defragger making a "brief" rearrangement pass. This is never listed in "scheduled tasks" and I don't know how to stop it from doing its unholy work.
tkdkid,
i used the disk monitor and this is what it read EVERY 2 SECS!!!
1000 IRP_MJ_WRITE \Harddisk\Partition 0 Success Sector6431721 length 8
.
.
.
.
1398 IRP_MJ_WRITE \Harddisk\Partition 0 Success Sector6431721 length 8
it keeps saying irp_mj_read or irp_mj_flush etc...
what is going on? anyone know? should I / Can I stop it? thanks
i used the disk monitor and this is what it read EVERY 2 SECS!!!
1000 IRP_MJ_WRITE \Harddisk\Partition 0 Success Sector6431721 length 8
.
.
.
.
1398 IRP_MJ_WRITE \Harddisk\Partition 0 Success Sector6431721 length 8
it keeps saying irp_mj_read or irp_mj_flush etc...
what is going on? anyone know? should I / Can I stop it? thanks
That may just be the OS writing to or reading from the swap file. I also noticed on my system that when I stopped the System Event Notification service that it stopped doing it when the system is idle.
Hey you know what I just realized? Diskmon isn't going to help you at all. What you want to download is Filemon. Hehe..sorry about that.
Download filemon first. It'll tell you what program is actually causing the read/write operations. It'll give you a better idea of what's going on.
http://www.sysinternals.com/ntw2k/source/filemon.shtml
http://www.sysinternals.com/ntw2k/source/filemon.shtml
tkdkid,
sorry i didn't get back to you sooner... i downloaded the filemo, but didn't know how to stop the files that were accessing the hard drive. so i checked w/ tweakxp.com and they said to turn off indexing under c drive and that helped a lot. thanks for all the help.
sorry i didn't get back to you sooner... i downloaded the filemo, but didn't know how to stop the files that were accessing the hard drive. so i checked w/ tweakxp.com and they said to turn off indexing under c drive and that helped a lot. thanks for all the help.
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes + WCL Discussion Threads
- Started by Tigerick
- Replies: 22K
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 23K
-
-
News NVIDIA and Intel to Develop AI Infrastructure and Personal Computing Products- Started by poke01
- Replies: 411
Facebook
Twitter