Posted 12 June 2010 - 02:53 AM
Since a few days ago, I've noticed unusual continuous hard disk activity on my laptop.
I'm using Windows 7 Ultimate + Firefox + Avira Antivirus.
Using process explorer, it seems to be caused by services.exe. I/O Other Delta is 10-40 KB/s for services.exe.
Both Windows Resource Monitor and procmon say services.exe is enumerating all files on all my drives alphabetically, even my external hard disk! (confirmed by it's blinking LED)
I have sptd driver installed.
A little investigation by myself:
I'm a little familiar with ollydbg and stuff, so I debugged services.exe and noticed an unnamed module loaded at 0x10000000 which contains executable code suspected for causing hard disk activity(CreateFileW was called many times in there). I have dumped that area and I can provide it if needed(Interesting that it is packed with UPX!).
Thanks for your help.