Hello, I just found the same exact file under my user directory - .ghost-ntfs-3g-00000000000000000009. It says it was created 3/15/2015 6:35pm and last accessed on 5/4/2015 6:54pm and it's shared with everyone (not sure if "everyone" just means all user accounts on my computer, or everyone on the network).
The Windows Event Viewer is a little too complicated for me personally to tell exactly what could have happened on those days, so I used the "PC Checkup" program that came with my computer - it records system changes, events, application errors, etc, in a calendar format for newbs like me, haha...
I don't know if it's definitely 100% connected or not, but for 3/15/2015 it lists "avast! antivirus system restore point" and "device driver package install:avast network service" under the Programs Added section for that specific day (same day the weird ghost file showed up). But then there was also a ton of Windows Updates on that same day too.
Then for 5/4/2015, the date the ghost file was last accessed, PC Checkup says avast did two system restore points, one at 6:29pm and another at 6:32pm with the descriptions listed as "device driver package install:avast network service" and "avast antivirus system restore point." Those times are extremely close to the 6:35pm that my computer says the ghost file was last accessed and those were the only two things listed for that day (in PC Checkup, at least).
I don't know enough to "prove" avast made the file but it sure seems like it uses it or was responsible for it showing up? The ghost file is 6.5MB. I tried to open it but Windows asks me to choose a program to open it and I have no idea what it is so I decided not to try and open it.
Anybody know if there's a way to check the name of that ghost file against some kind of avast database to see if it's created by avast and is necessary for it to function or whatnot?
Worleybird, did you end up deleting the file and there was no harm to your computer?
I also scanned it at virustotal.com as well as with my PC's avast and malwarebytes and all came back clean, but the name "ghost" is unsettling and it's especially weird that the file just showed up a few months ago. Really want to know what it is. (Like worleybird, I don't have anything from Symantec on my computer, never have.)
Thanks everyone in advance! (Sorry for adding to someone else's thread, but I thought it was closely related enough that it might be okay to add to this thread instead of starting another.)
Oh, and probably totally unnecessary, but I took a screen shot of the file and attached it.