# Solved: Question about the Temporary Internet Files folder



## tomdkat (May 6, 2006)

A friend is running Microsoft Security Essentials on a 64-bit Windows 7 Home Premium Edition system. MSE detected an infected file in c:\Users\{user}\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\{some string}\index[1].htm

I went into Windows Explorer and disabled the hiding of hidden files and the hiding of system folders. I then navigated to c:\Users\{user}\AppData\Local\MIcrosoft\Windows\Temporary Internet Files and found there was *no* "Low" folder. I saw other files in the folder but no "Low" folder.

Why am I not able to see that folder?

Thanks!

Peace...


----------



## davehc (Oct 4, 2006)

It may depend on user configuration, but my "low" folder is found on Users - username - Appdata - Local - Temp - Low. The folder which MSE showed is the cache. It may have been emptied and removed, as it is temporary.
The "low" folders are associated with "protected mode" in IE...
I had a quick browse and, if you are interested, found Microsoft's desciption:

http://msdn.microsoft.com/en-us/library/bb250462(VS.85).aspx

Fwiw. You can delete all the files in the path which I referred to, but, temporarily, this will mean, on new visits, you will have to reinsert passwords etc.


----------



## tomdkat (May 6, 2006)

davehc said:


> It may depend on user configuration, but my "low" folder is found on Users - username - Appdata - Local - Temp - Low. The folder which MSE showed is the cache. It may have been emptied and removed, as it is temporary.
> The "low" folders are associated with "protected mode" in IE...
> I had a quick browse and, if you are interested, found Microsoft's desciption:
> 
> ...


Thanks for the info. I'll check out that page at Microsoft's site. What confuses me is *while* MSE was showing the infected file being located at the path above, I navigated to that path in Windows Explorer and couldn't find it. MSE gave me the option of deleting the file, putting it in a quarantine, or leaving the file alone. I chose to put it in the quarantine after I couldn't locate it with the hopes of retrieving it later.

I did locate a "Low" folder on the system and it was in the same (or similar) location as yours, so I'm not sure why MSE would give a completely different location of a "Low" folder that doesn't exist or the system won't show me. I'll see what that article has to say about it.

Thanks!

Peace...


----------



## tomdkat (May 6, 2006)

Thanks again for that link. Reading that page, it's Windows Vista centric. I know the concepts will be the same or very close to the same in Windows 7. With that being stated, I'm thinking MSE might have misreported the path of the IE cache in its message. I wonder if the path to the IE cache has some hardcoded parts in it. MSE knows when it's scanning the cache and assumes a Windows Vista location for parts of it.

I've got access to a different W7 system right now and I did some testing. Sure enough, the C:\Users\Tom\AppData\Local\Microsoft\Windows\Temporary Internet Files folder has NO "Low" folder in it but the "Temporary Internet Files" folder has files in it, itself. In fact, I visited some websites and saw the "Temporary Internet Files" folder get updated with files with today's date.

So, I'm think MSE reported a bogus path when reporting the path to the infected file. If anyone with Windows Vista installed is reading this thread, can you look to see if you have a "Low" folder in your "Temporary Internet Files" folder? If you do, does that "Low" folder contain a "Content.IE5" folder in it?

Thanks!

Peace...


----------



## Mumbodog (Oct 3, 2007)

content.ie5 is a hidden folder(s) on most systems, and unhiding system and hidden folders does not always allow you to navigate to it, but there is a trick.

copy and paste the file path into a Run command box and hit enter, then you can see the folders.

c:\Users\{user}\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5

.


----------



## tomdkat (May 6, 2006)

Great! Thanks for that trick! It worked beautifully! :up:

Peace...


----------



## Mumbodog (Oct 3, 2007)

You are welcome Tom.

.


----------

