• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.
  • The forums have been upgraded with support for dark mode. By default it will follow the setting on your system/browser. You may override it by scrolling to the end of the page and clicking the gears icon.

What is rss.xml?

Tan DJ

Tan DJ

New Member
Joined
Sep 10, 2006
Messages
103 (0.02/day)
Location
Brisbane, Australia
System Specs
Processor AMD Athlon(tm) 64 X2 Dual Core Processor 5600+
Motherboard Abit AN52 nVidia NF 520 HT2000 Socket AM2 Motherboard
Cooling Stock cooler, 1 rear 120cm fan, 1 front 120cm fan 1 side 80cm fan
Memory DDR2 4G(2x2G)PC6400 800Mhz Heatspreader G.Skill
Video Card(s) ATI Radeon HD 2600 XT
Storage SAMSUNG SP0802N 80Gb, 2 X Seagate SATAII NCQ 500GB 7200RPM 32mb Cache(ST3500320AS) - RAID1 (mobo)
Display(s) Benq FP72G
Case Thermaltake - Soprano
Power Supply Antec EarthWatts 650w
Software Windows XP Pro SP3
Benchmark Scores 3dMark6 - 4661
I have noticed a weird thing on my computer recently.

I'm running Windows XP SP2, and I have PerfectDisk 8 for defragmenting.

At the end, after PerfectDisk 8 has completed defraging, there is a list of excluded files and a reason they were excluded. One of the files that is excluded is:

C:\Documents and Settings\<User name>\Local Settings\Temporary Internet Files\Content.IE5\Y2YZWQXZ\rss[1].xml

this file is excluded because "Access denied"

so I went exploring to see what the file contained only to discover that there is not a "Temporary Internet Files" folder in the "Local Settings" folder. I found a "Temporary Internet Files" folder in a folder called "Temp" that was in the "Local Settings" folder, but that "Temporary Internet Files" folder did not contain a "Y2YZWQXZ" folder in the "Content.IE5" folder.

A search of all files containing rss in the filename does not reveal any rss.xml files

Does anyone know what is going on here?

I was not running IE at the time that I ran PerfectDisk, infact I had only just booted my PC, so nothing else was running.
 
Its probably just a program was checking for any updates to any rss feeds you get and as such was using that file... coz the file was in use access is denied :)
 
xylomn said:
Its probably just a program was checking for any updates to any rss feeds you get and as such was using that file... coz the file was in use access is denied :)
Click to expand...

Um... I don't think I have any RSS feeds. Are programs able to use RSS as a means of keeping themselves up to date?

Is it possible for an RSS feed to be set up without me knowing?

How would I find if someone using this computer has knowingly or unknowingly set up an rss feed?

Cheers,

Tan DJ
 
xml is a style sheet. I presume you have IE7? If so, that's what determines the display style of any feeds you may want to load.

To find the file, do you have "Hide Protected Operating System files" unchecked, and "Show Hidden Files and Folders" checked in your Folder Options?
 
Wile E said:
xml is a style sheet. I presume you have IE7? If so, that's what determines the display style of any feeds you may want to load.

To find the file, do you have "Hide Protected Operating System files" unchecked, and "Show Hidden Files and Folders" checked in your Folder Options?
Click to expand...

Hmm... Didn't have "Hide Protected Operating System files" unchecked. Now I can see the "Temporary Internet Files" folder specified, but it is full of files, and there is no "Content.IE5" folder in there.

And yes, I have IE7, but I don't think I have any feeds.
 
Tan DJ said:
Hmm... Didn't have "Hide Protected Operating System files" unchecked. Now I can see the "Temporary Internet Files" folder specified, but it is full of files, and there is no "Content.IE5" folder in there.

And yes, I have IE7, but I don't think I have any feeds.
Click to expand...
It's ok that you have the file there. It comes stock. All it does is make feeds look prettier, if/when you do choose to use them.

As for getting to that file, even tho you have all the files unhidden, it's still a hidden folder. lol Just type the location of the folder in manually in the address bar of Explorer.

In other words, put this into the address bar: C:\Documents and Settings\<User name>\Local Settings\Temporary Internet Files\Content.IE5\Y2YZWQXZ

Once you get there, you can try to take ownership of the file, or at least change it's properties to allow modification.
 
Found the file. Looks like a whole bunch of news stuff from ninemsn.

But I don't read ninemsn news. So where's this news feed coming from?
 
That's weird. Do you have MSN as your homepage? Maybe it puts it there? I say just go ahead and try deleting it.
 
I have iiNet as my home page
 
Hmmm... I have the file open in vim, and a message just popped up saying that the file changed since editing started :confused:
 
Hmmm, perhaps it's time to do an AV/AS scan?
 
Avast didn't pick up anything, Adaware didn't find anything, Spybot S&D only found:

HKY_USERS\...\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\iexplore.exe!=W=1

RootkitRevealer found 15 discrepancies, but I was browsing this forum at the time it was running, and most of the entries appear to be IE cache entries related to viewing stuff on this forum. But there were 5 refferences to files called rss[X].xml

I also run spywareblaster.
 
I looked around in my fresh install, and actually didn't see rss.xml, but I had it in my old install. I haven't used IE yet, this time around, so I'm thinking it has something to do with visiting sites that have an active rss feed (Like MSN for example, which is the default homepage, is it not?). This could be a fly-by install type of thing, automatically generating when you visit a site containing feeds. Many news sites are basically rss feeds as well. Endgadget comes to mind immediately.

Then again, some clever coder could've disguised something as an rss.xml file.

I say give deleting it a shot.

Also, I highly recommend switching to a more secure browser. Something like Opera, Netscape, Firefox, etc. They're not completely safe (no browser is, really) but they're much more secure than any version of IE.
 
Wile E said:
Then again, some clever coder could've disguised something as an rss.xml file.
Click to expand...

To be technically correct, the file name is not "rss.xml" but "rss[x].xml" where x is some number.

I have deleted it, but as mentioned in my previous reply, there are 5 versions of this file on my system.
 
hmmm, boot into safe mode and get rid of all of them. Then reboot and see if they return, then run your scans again, all before you even launch IE7.

I never checked to see how many I ended up with, but IE by default renames things in the temp folder with the [x], when it encounters numerous files of the same name.

I really don't think they are a problem. I'm thinking permissions were corrupted (or something similar) on the Access denied one, but these are measures to take, just to be on the safe side.

:toast: and good night.
 
Oh, and sorry, but it's 7:30 am here, and I have to be off to bed. (I work evenings 4pm-230am). I'll check back after work tonight.

:toast: and good night.
 
it's 10pm here when I got the last post, so I'll have to try your suggestion later.
 
Ok, I got a chance to restart in safe mode. I performed a thorough virus scan with Avast AV, a full system scan with Adaware-SE, and a scan with Spybot S&D. I also did a search including all system folders and hidden files and folders for files containing rss in the filename, and none of these found anything. Took 4 hours.

Have manually deleted the rss files. But they are still there.
 
Well, if everything is clean, I'm gonna have to say that they're getting put there when you visit a site that has rss feeds. Almost all news sites have feeds. Some of them, like Engadget, actually ARE a feed.

Is it still messing with your defrag, tho?
 
Another interesting thing which may or may not be related, but could be linked to changing the case (see "I think I toasted one of my hard drives" thread in the hardware forum)

Ever since I changed my case, every 3 or 4 boots, my PC either says that the drive is inconsistant and needs to run scan disk, which finds 3 or 4 problems, or a message comes up that says that one of the system files is corrupt and that I need to boot off my original CD and press "r" at the first screen. It did that this afternoon, so I booted off the CD as suggested, then ran fixmbr which said that the MBR was not standard. (NOTE: Prior to entering the BIOS, I also entered the BIOS of the RAID controller and deleted the "MIRROR" definition as there is now only 1 drive since I killed the other one). I also ran fixboot which ran but didn't display any errors. I also ran chkdsk which by itself said that the drive was clean so it didn't do anything, so I ran it with the /p option, and it ran and right at the end said that it fixed some errors. Cant remember the details though. I then ran chkdsk a second time, but it didn't find any errors the second time.

The system then booted fine - hence my ability to write in this forum at the moment.

(Hmm... some of the stuff in this reply is verging on "hardware". Maybe something that should be taken over there to discuss?)

Havn't tried a defrag in a couple of days. 'bout time I tried again ;)
 
Tan DJ said:
Ok, I got a chance to restart in safe mode. I performed a thorough virus scan with Avast AV, a full system scan with Adaware-SE, and a scan with Spybot S&D. I also did a search including all system folders and hidden files and folders for files containing rss in the filename, and none of these found anything. Took 4 hours.

Have manually deleted the rss files. But they are still there.
Click to expand...

Before you can track the culprit down, do this in safe mode.

Delete the offending files.

Create new blank files with the same names, as many numbers in [] as you may need.

Make the Read-Only, System files and see if new ones are created.

Because of the brackets used, I'm assuming the culprit will just create new files.

In this case, I personally would make the entire Y2YZWQXZ folder Read only, system attributes. Then I would put permissions on that folder that no-one has access too. IE. a new limited account.

Now for tracking the culprit down, you could find a file monitoring program.

Check out Hijack this and see if you have any thing suspicious attached to IE.

Why aren't you using firefox, lol?

IE is what most all exploits are designed for ;).
 
Clement said:
Before you can track the culprit down, do this in safe mode.

Delete the offending files.

Create new blank files with the same names, as many numbers in [] as you may need.

Make the Read-Only, System files and see if new ones are created.

Because of the brackets used, I'm assuming the culprit will just create new files.

In this case, I personally would make the entire Y2YZWQXZ folder Read only, system attributes. Then I would put permissions on that folder that no-one has access too. IE. a new limited account.

Now for tracking the culprit down, you could find a file monitoring program.

Check out Hijack this and see if you have any thing suspicious attached to IE.

Why aren't you using firefox, lol?

IE is what most all exploits are designed for ;).
Click to expand...
You just bumped a 2 1/2 year old thread. lol.
 
Tan DJ said:
C:\Documents and Settings\<User name>\Local Settings\Temporary Internet Files\Content.IE5\Y2YZWQXZ\rss[1].xml
Click to expand...
Empty your temporary internet files (via Control Panel -> Internet Options) prior to defragging. The file won't exist so it can't be fragmented.


The one that's hard to defragment is eventlogs...
 
Wow! I'd forgotten all about this thread. I can hardly remember what it was originally about.

:laugh:
 
You must log in or register to reply here.
Back
Top