Q

Should USB token data be copied to a hidden directory called 'IEDW?'

If the data from your USB token is being copied into a hidden directory called "IEDW," be extra cautious. Whether spyware is the root of the problem or not, security threat expert Ed Skoudis explains why it's certainly a cause for concern.

Whenever I insert my pen drive in a USB port to take a printout of a required document, I find that the entire contents of the pen drive have been copied to a hidden directory named "IEDW" located in winddowssystem32 directory. This is the same case as when I use a CD-ROM drive on my PC. Is this an indication of spyware?
It's unclear if this is spyware, but it is certainly a cause for concern. There are reports of a Trojan horse backdoor that uses a directory with this name. There is no mention, however, of it copying the stuff from a USB token or CD. The name iedw usually refers to an element of Internet Explorer. But in a normal Windows system, there should be a file called iedw.exe, not a folder. While there is a history of some malware calling itself iedw.exe, I have seen nothing that uses this as a directory name.

Thus, I urge you to be extra cautious. Run a thorough antispyware and antivirus scan of your machine and the USB

token itself, preferably using two antispyware tools. Then, if everything still comes up clean, try using the USB token on another computer and see if the same thing happens. If it doesn't, I recommend a reinstall of Windows on the first computer.

More information:

  • Are USB drives a serious enterprise risk? Expert Michael Cobb sets the record straight.
  • Read a chapter on database Trojans.
  • This was first published in April 2007

    Dig deeper on Web Application and Web 2.0 Threats

    Pro+

    Features

    Enjoy the benefits of Pro+ membership, learn more and join.

    Have a question for an expert?

    Please add a title for your question

    Get answers from a TechTarget expert on whatever's puzzling you.

    You will be able to add details on the next page.

    0 comments

    Oldest 

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to:

    SearchCloudSecurity

    SearchNetworking

    SearchCIO

    SearchConsumerization

    SearchEnterpriseDesktop

    SearchCloudComputing

    ComputerWeekly

    Close