Posted 27 February 2011 - 01:05 PM
Hello folks, I'm new here, but you have been recommended to me as quote: "Knowing a thing or two about computer viruses and removal". Looking round this seems to be the case so I wonder if you might be able to help me.
Windows XP most recent service release. 40GB HP portable some years old.
Portable runs Zone Alarm anti virus/firewall (subscribed to) as standard, and router has firewall running. Sometimes runs on wireless internet through the home network served by that router and v.occasionally via a 3G dongle.
I've been having problems with a lack of space on the hard-drive. Got cross yesterday and went for a thorough search to see if I could find the missing space. The missing space turned up in a sequentially numbered set of .tmp files in the c:\windows\temp\ folder-directory. These were numbered forwards from AV1.tmp and, wait for it.....were around half a gigabyte each in size!! Deletion of these found me over 18GB of space!! However, there was one that I couldn't delete and it wouldn't let me view the contents either - telling me that it was in use.
I restarted the system and checked the directory and it had written a new half gig file, at this point the newly numbered file became the one that was 'in use', but the old one was still there - though now easily deleted.
I've chucked the might of ZA over the system to no benefit, I've run the rkill routine and followed by antimalware bytes, nothing found, I've ran the detection side of super antispyware over it, it finds things that it thinks could be, but they seem to check out as false positives if I search them on the internet. And I've tried 'stinger' (after rkill) which again only seems to throw up false positives.
I've opened one of the previous files under notepad, loads of gobbledegook, although in 'English' at one point I can find the words 'virus win32=renamer' and 'Trojan DDOS win 32'. This to my mind sounds more iffy, but I can't find anything to detect it.
Do you think this is sinister behaviour that should be investigated? Or can you guess at what might writing these half gig sized files in c:\windows\temp and know how to stop it? I would rather not have to continually remember to delete them and ZA won't let me run a batch file to delete them automatically as it thinks that IS 'sinister behaviour' and immediately quaratines the routine!!
I'd be grateful for some pointers - many thanks