Problem solve Get help with specific problems with your technologies, process and projects.

Should USB token data be copied to a hidden directory called 'IEDW?'

If the data from your USB token is being copied into a hidden directory called "IEDW," be extra cautious. Whether spyware is the root of the problem or not, security threat expert Ed Skoudis explains why it's certainly a cause for concern.

Whenever I insert my pen drive in a USB port to take a printout of a required document, I find that the entire contents of the pen drive have been copied to a hidden directory named "IEDW" located in winddowssystem32 directory. This is the same case as when I use a CD-ROM drive on my PC. Is this an indication of spyware?
It's unclear if this is spyware, but it is certainly a cause for concern. There are reports of a Trojan horse backdoor that uses a directory with this name. There is no mention, however, of it copying the stuff from a USB token or CD. The name iedw usually refers to an element of Internet Explorer. But in a normal Windows system, there should be a file called iedw.exe, not a folder. While there is a history of some malware calling itself iedw.exe, I have seen nothing that uses this as a directory name.

Thus, I urge you to be extra cautious. Run a thorough antispyware and antivirus scan of your machine and the USB...

token itself, preferably using two antispyware tools. Then, if everything still comes up clean, try using the USB token on another computer and see if the same thing happens. If it doesn't, I recommend a reinstall of Windows on the first computer.

More information:

  • Are USB drives a serious enterprise risk? Expert Michael Cobb sets the record straight.
  • Read a chapter on database Trojans.
  • This was last published in April 2007

    Dig Deeper on Web application and API security best practices

    Have a question for an expert?

    Please add a title for your question

    Get answers from a TechTarget expert on whatever's puzzling you.

    You will be able to add details on the next page.

    Start the conversation

    Send me notifications when other members comment.

    By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

    Please create a username to comment.