large MFT change

My MFT sector has appeared to be about the same size for some time....i would expect this to be the case. ..the other day i turned on the box and saw that it was very very small......maybe 12 clusters, there abouts.....today it appears to be about the size i would expect it to be....what might cause the seemingly shrinking ?....i understand the MFT allotment is not supposed to "shrink".

 

Nobody has any ideas I was wondering if it would be possible for a Trojan to steal this info...thus explaining the few clusters...i have very good Trojan protection running in real time.

 

http://www.ntfs.com/ntfs-mft.htm

changes with what your storing\employing

sometimes it's the index to the data,
sometimes its the data itself

 

OK .....thanks for responding ......but the allocated MFT space has always been the same...until, as i wrote, it suddenly "shrunk" to a very small size for a few days before returning to "normal".....i have not done anything that would account for that.........so i was wondering if a Trojan might grab the MFT .......what do you think and what other ideas might someone have ?
I lot of people have looked at this thread

 

its a little hard to say what might have accounted for the shrinkage, not all the displayed MFT is normally employed. Most of it is "reserved" based on what the filesystem thinks is going to happen, based on what has previously happened. Maybe the day it "shrunk" you saw its actual shape and size inbetween its next "reserve" move.

I wouldnt think a Tojan \ Keylogger would mess with an MFT, first they want to go undetected, second if malware is gleaning the filesystem its more probable to look at virtual memory (pagefile) than the MFT for CC numbers, passwords, logons ect.

As mentioned the Master File Table is dynamic and your observation wouldnt raise much concern IMO.

 

OK...Thanks Ice_Czar