Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Low Disc Space After Trojan Infection.


  • Please log in to reply
4 replies to this topic

#1 honestashol

honestashol

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:46 PM

Posted 12 January 2008 - 05:00 PM

I recently found the Mustafa Trojan on our computer. This is a company computer that our former owners went super cheap with the support contract. To make a long story short, my only support involves mailing the entire PC to PA so they can repair and return it. Meanwhile my restaurant has no computer for at least three days which just happens to coincide with the owner's visit. Basically I need a one or two week long fix.

A coworker purchased DefenderPro Computer Repair (after deleting SpyBot) which has helped clean out some redundant and orphaned registry entries while I found and made dummy files for the viruses. Right now the computer is operating perfectly except no matter what we do, the disk is full. Something is either copying or saving stuff somewhere and it has completely filled the disk. This is a problem because I cannot scan with Panda, TrendMicro Housecall, HyjackThis or any other online scanner since I have no disc space. If anyone has any advice that doesn't involve a new PC, I would greatly appreciate it.

Also, in the registry, at HLM\system\controlset00*\services\shared access\parameters\firewall policy\domain profile\authorized applications, I have found several entries referencing some of the files I previously had trouble with such as findfast .exe, shell .exe, chkdsk .exe, etc. Almost all of these entries enable one of many locations of xpsp2res.dll located throughout Windows/System32. Since I am no longer seeing these files, should I be concerned about all the xpsp2res.dll's still in the system?

Thanks,

Tom

BC AdBot (Login to Remove)

 


#2 david28

david28

    Forum Member


  • Banned
  • 1,614 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:16 PM

Posted 12 January 2008 - 05:37 PM

Hi Tom and :thumbsup: to Bleeping Computer!

Have you run an error check? I have noticed that sometimes after I run an error check I noticed that my Hard Drive shows more free space. Also, what size is your hard drive?

#3 hamluis

hamluis

    Moderator


  • Moderator
  • 55,902 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:11:46 PM

Posted 12 January 2008 - 06:19 PM

How large is the partition/hard drive?

As stated, running chkdsk will accomplish a check of the free space on the drive.

Have you used Disk Cleanup and deleted unnecessary data files?

http://support.microsoft.com/kb/310312

Louis

#4 honestashol

honestashol
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:46 PM

Posted 13 January 2008 - 10:33 AM

Thanks guys,

Chkdsk showed no damage to the disk but that it was indeed full. Clean disk would remove about an average of 20 to 30 bytes per run. Upon startup ai would see and stop programs like chkdsk .exe under the Admin user and IExplorer under the system user, but I could not find any other offensive programs running unless they really looked like they belonged in the system or local service users.

Overnight the PC has either completely filled it's memory or the virus has taken over. Windows will not load. Basically it just cycles between the safe mode startup screen and the Windows loading screen, then it doesn't even power down, it just shuts down and tries to restart. I can't even get a DOS prompt. Is there any hope of getting this to run before the owner shows up?

Thanks,

Tom

Edited by honestashol, 13 January 2008 - 10:40 AM.


#5 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:12:46 AM

Posted 13 January 2008 - 10:42 AM

If it's still infected there's no telling how long it's gonna take to fix. The demand for malware fixers is great and it takes several days just to get your log looked at.

You could take it to a local shop to see how quickly they can remove the viruses (and how much they'll charge) - or you can backup any data that you need, format the drive and reinstall Windows (along with all the applications), then reimport the data.

What make and model is the computer? And, do you have any special programs on it that will need to be reinstalled? Can you get Tech Support in Pennsylvania to send you restore disks for the system and the software that you need?
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users