Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Something Is Filling My Windows Drive


  • Please log in to reply
3 replies to this topic

#1 iamdave

iamdave

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:10 PM

Posted 04 April 2008 - 03:53 PM

Hi. I work in networking, so I have a pretty good working knowledge of my pc.
I am running xp pro and I have Nod32 Antivirus, AdAware 2007, Spybot, SUPER Anti Spyware and Peer Guardian 2, all of which are fully updated and they have all been used in the past day or so to investigate this problem.

I have recently had a problem with a hard drive. I attempted to merge two partitions into one using partition magic, but when it finished, all it had done was remove the the indexes. The partition was there but it was unformatted. I used partition Table doctor 3.5, but it could not fix the problem. I then used EASEUS Data Recovery Wizard Professional v4.3.6. This kept on causing errors, so I had to delete the current partition along with the other partition on the drive, I created a single partition and then recalled the file indexes to bring the files back to life.

However, I have also been detecting some very dubious attempted incoming connections coming from open servers being used as proxys. I have banned the whole ranges from my modem, but they just come in from other ip's. These may be coincidental with the problems I am having but I thought it was worth noting.

To get to the point...
After recalling the files to my drive, which is not my windows drive, I started to suffer problems. I was using winrar and it told me that I had ran out of space. I checked my windows drive and it only had 24MB free. This was surprising because I know that there should be more. I couldn't understand why or where all the space had gone. I keep a close eye on all my drives and I always check remaining storage whenever I install new programs. All my downloads go to another drive.

I checked the folder sizes of my windows drive and saw that the windows folder bad ballooned. I opened the windows folder and found a number of huge system files. Each file was 1.99GB and was named "a" or "1" with no file extension. There was always one file that was smaller than all the others. It seemed as if something was backing up something to my windows drive to then put it somewhere else. I assumed that it was one of the partition/file recovery programs that I had been using. There were a lot of these files and were a total of over 16 GB. I removed some programs which I had installed, this freed 18 GB. I restarted my pc and found that I only had 5 GB free. There were now more files in the windows folder with the others.

I used TuneUp utilities to check the registry for faults. But the files were still there. I tried deleting them and I was told that they were in use. I use unlocker assistant to see what is locking a file. Each file is locked by different programs, some files are only locked by one program while others are locked by lots of programs.

I tried doing a disk scan as a last attempt, but after stage 2/3 (as soon as it starts stage 3), the computer restarts.
If I try deleting the files my computer also restarts.

I am completely lost with this issue. I am unsure if it is a virus or something else, so please let me know if this needs to be moved to a new forum or whatever.

Thanks in advance for any help you can give.

Posted Image
Posted Image

Edited by iamdave, 05 April 2008 - 01:42 PM.


BC AdBot (Login to Remove)

 


#2 OO7

OO7

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:10 AM

Posted 05 April 2008 - 07:55 PM

Hello. My name is OO7 and I will try to fix your problem(s).

Try these instructions:
1. Open the files with Notepad and tell us the content of the files.
2. If you find anything else, like exe's, upload then to virusscan.jotti.org.

See you again soon!
Bleepin' P.S: Any other problems related should be told
to a more knowledged member of Bleeping Computer.

-OO7

#3 iamdave

iamdave
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:10 PM

Posted 06 April 2008 - 11:00 AM

Hello there 007, thank you very much for your reply.

I have been looking into these files further. I thought that they were locked by a lot of programs (as you can see in the image), however it seems that if the file is called "s" with no extension, then it will be resumed that not only /windows/s will be locked but also anything in that folder that begins with s.

I have tried opening them into notepad++, but when I try that I get a message saying that "The folder does not exist". Again, I assume that because it does not have an extension the pc is assuming that it is a folder and not a file.

But that's given me an idea, I will unlock the file and give it a txt extension which I will then open in notepad++.

As soon as I unlock the file, it is deleted without me pressing delete.
When I try dragging it into notepad I get the same "file does not exist. Create one?"

I had assumed that it was one of the two programs I had been using on my lost files and partition. But I cant get over how strange it is that the files are always there again when I restart my pc. And that they always fill the drive.

I have even right clicked and checked properties, but there is nothing in there, just its name and location. I was looking for some company info or anything that would suggest that it is part of a program.

Looking at things from the virus/hacking side. I have been getting more and more weird traffic on my network. I recently had a very reliable modem break, it was less than 7 months old and can't even be factory reset. I have also had instability problems with peer guardian. I would start getting some incoming connections and then peer guardian would crash, sometimes followed by my antivirus.

I really do not want to re-install xp as I have done it just a few months ago. But if thats what needs doing then I will have to manually move all my files across and not do the usual files and settings backup as it may pull this problem across.

Once again, thank you for your help.

#4 iamdave

iamdave
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:10 PM

Posted 06 April 2008 - 02:05 PM

I have loaded my other xp and copied one of these 1.99 GB files across, but they are just far too big to open using anything.
I have used winrar to zip into the smallest file possible, but it is still over 800mb.

I am completely at my wits end. The installation that is infected is the same one that I use for all the online work that I do. I am seriously thinking of just deleting the partition and doing a clean in stall.
I had hoped that by posting on here and fixing th problem I would be able to help other users who get the same problem later. However I think that is this is a virus, it has been specially made to attack and infect me as nothing at all will find it.

I will let you know when I have reinstalled and everything is ok. Please let me know f you want this huge zipped file to examine.

Thanks again




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users