Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Massive Trojan/Virus Taking HDD memory fast.


  • Please log in to reply
43 replies to this topic

#1 Eternal13

Eternal13

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wisconsin
  • Local time:07:53 PM

Posted 05 October 2013 - 06:35 PM

I have an Alienware M17XR4  Win 7 Ultimate, 8G RAM 7.88G (useable) 64bit OS  that is about seven months old. Recently I have been attending college and is the sole purpose for the computer for AutoCADD,Revit, and Adobe programs. All of which use much space on my hard drive but recently I have seen a massive decrease in the space available and I've noticed there is another OS created that I didn't do. I think there is a trojan/virus massivly impacting the computer. I have deleted most of the unused programs and document but everything else is needed. When I open the programs and document files the space used is only 8.12G, and it is saying that 49.1G are being used. I need to free up this space as soon as possible to load adobe master suite and the new version of AutoCAD 2014 before my next courses begin next week. When I open the hidden files folder there are two that I can see that are taking up at least 12G Im sure theres part of the issue but if someone can help me with this I would greatly appreciate it. 


Edited by hamluis, 05 October 2013 - 08:34 PM.
Moved from Win 7 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 Fluttershy

Fluttershy

  • Members
  • 113 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United Kingdom
  • Local time:01:53 AM

Posted 06 October 2013 - 11:17 AM

What folder are these files located in?

 

If you hibernate your computer a file called hiberfil.sys will take up some GB of space, go to cmd.exe and run it as administrator, then type "powercfg –h off" to disable hibernation.

 

There is also pagefile.sys in the C:\ folder. This can take up a lot, mine is using 33GB. (It should be disabled :/)

 

Please provide a name or screenshot of the files.


Qh0JjLo.jpg

 

Fluttershy is best pony.


#3 Eternal13

Eternal13
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wisconsin
  • Local time:07:53 PM

Posted 06 October 2013 - 10:42 PM

I have a screen shot done of the OS but I am very new to this forum, I just found it yesterday and not sure how to upload it. The pagefile.sys and the hiberfile.sys are the files mentioned taking up the 12G i mentioned before so I will start there but there are also about 20G or so still not able to be viewed. 



#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,119 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:53 PM

Posted 07 October 2013 - 09:36 AM

There is also pagefile.sys in the C:\ folder. This can take up a lot, mine is using 33GB. (It should be disabled :/)

 

Here’s Why Disabling the Windows Pagefile is Pointless

What is the Windows Page File and Should You Disable It?

Myth: Disabling the Page File Improves Performance

Some people will tell you that you should disable the page file to speed up your computer. The thinking goes like this: the page file is slower than RAM, and if you have enough RAM, Windows will use the page file when it should be using RAM, slowing down your computer.

This isn’t really true. People have tested this theory and found that, while Windows can run without a page file if you have a large amount of RAM, there’s no performance benefit to disabling the page file.

However, disabling the page file can result in some bad things. If programs start to use up all your available memory, they’ll start crashing instead of being swapped out of the RAM into your page file. This can also cause problems when running software that requires a large amount of memory, such as virtual machines. Some programs may even refuse to run.

In summary, there’s no good reason to disable the page file – you’ll get some hard drive space back, but the potential system instability won’t be worth it.


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 Fluttershy

Fluttershy

  • Members
  • 113 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United Kingdom
  • Local time:01:53 AM

Posted 07 October 2013 - 11:37 AM

 

There is also pagefile.sys in the C:\ folder. This can take up a lot, mine is using 33GB. (It should be disabled :/)

 

Here’s Why Disabling the Windows Pagefile is Pointless

What is the Windows Page File and Should You Disable It?

Myth: Disabling the Page File Improves Performance

Some people will tell you that you should disable the page file to speed up your computer. The thinking goes like this: the page file is slower than RAM, and if you have enough RAM, Windows will use the page file when it should be using RAM, slowing down your computer.

This isn’t really true. People have tested this theory and found that, while Windows can run without a page file if you have a large amount of RAM, there’s no performance benefit to disabling the page file.

However, disabling the page file can result in some bad things. If programs start to use up all your available memory, they’ll start crashing instead of being swapped out of the RAM into your page file. This can also cause problems when running software that requires a large amount of memory, such as virtual machines. Some programs may even refuse to run.

In summary, there’s no good reason to disable the page file – you’ll get some hard drive space back, but the potential system instability won’t be worth it.

 

 

 

Interesting, but I have 32GB of RAM so I've never had to use all of it.


Qh0JjLo.jpg

 

Fluttershy is best pony.


#6 Eternal13

Eternal13
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wisconsin
  • Local time:07:53 PM

Posted 07 October 2013 - 11:44 AM

I have not removed the pagefile.sys rather I reduced the maximum amount for it to use and I did remove the hiberfile doing both in itself freed up 20G. in my os I have 62.5G available of 451.0GB. There is definately something else massive bogging it down when I go to the programs there are only 8.12G used. still need help



#7 Fluttershy

Fluttershy

  • Members
  • 113 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United Kingdom
  • Local time:01:53 AM

Posted 07 October 2013 - 11:52 AM

I did a little looking around for you: http://www.softpedia.com/progDownload/windowstoolbox-Large-File-Finder-Download-202415.html

 

Virustotal scan: https://www.virustotal.com/en/file/9ef23d5ba118cb67a3246527b06e291d3edc7cbddf20c5dce9426230b2e26058/analysis/1381164602/

 

It worked for me, found my old fraps recordings.


Qh0JjLo.jpg

 

Fluttershy is best pony.


#8 Eternal13

Eternal13
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wisconsin
  • Local time:07:53 PM

Posted 07 October 2013 - 12:02 PM

is there anyway  to request virustotal to scan the entire OS? 



#9 Fluttershy

Fluttershy

  • Members
  • 113 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United Kingdom
  • Local time:01:53 AM

Posted 07 October 2013 - 12:04 PM

No.

 

Besides, that would take forever, 48 antiviruses.


Qh0JjLo.jpg

 

Fluttershy is best pony.


#10 Eternal13

Eternal13
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wisconsin
  • Local time:07:53 PM

Posted 07 October 2013 - 12:09 PM

So I should try and find the largefiles and scan those? 



#11 Fluttershy

Fluttershy

  • Members
  • 113 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United Kingdom
  • Local time:01:53 AM

Posted 07 October 2013 - 12:12 PM

The tool scans your disk for large files, so delete what you don't need.


Qh0JjLo.jpg

 

Fluttershy is best pony.


#12 Eternal13

Eternal13
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wisconsin
  • Local time:07:53 PM

Posted 07 October 2013 - 12:15 PM

So your thinking that the virus is embedded in one of the large files? 



#13 Fluttershy

Fluttershy

  • Members
  • 113 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United Kingdom
  • Local time:01:53 AM

Posted 07 October 2013 - 12:19 PM

A virus?

 

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

 

I suggest you use Mbam.

and

http://www.surfright.nl/en/hitmanpro/

 

Hitman Pro. :3


Qh0JjLo.jpg

 

Fluttershy is best pony.


#14 Eternal13

Eternal13
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wisconsin
  • Local time:07:53 PM

Posted 07 October 2013 - 12:25 PM

There are ten file folders that are a couple hundred mB used. Im honestly not sure which ones i need and not. 

 

C:/ProgramData/Dell/Digital Delivery/Downloads/Software/Adobe Acrobat XI Standard/acro_std_xi.zip

C:/Program Files (x86)/Adobe/Acrobat 11.0/Setup Files/{AC76BA86-1033-FFFF-BA7E-000000000006}/Data1.cab

C:/ProgramData/Dell/Digital Delivery/Downloads/Software/Adobe Acrobat XI Standard/Installer/Data1.cab

C:/Users/XTINA/Downloads/AIO_CDB_NonNet_Full_Win_WW_130_141 (1).exe

C:/Windows/SoftwareDistribution/DataStore/DataStore.edb

C:/Users/XTINA/Downloads/AIO_CDB_NonNet_Full_Win_WW_130_141.exe

C:/Users/XTINA/Gfx_AMD_A01_8.973_N3GM1_setup_ZPE.exe

C:/Users/XTINA/Gfx_NV_A01_307.17_GVTCY_setup_ZPE.exe

C:/Users/XTINA/Network_Driver_79GMR_WN_v6.5.1.2501_A00.EXE

C:/ProgramData/Microsoft/Search/Data/Applications/Windows/Windows.edb



#15 Fluttershy

Fluttershy

  • Members
  • 113 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United Kingdom
  • Local time:01:53 AM

Posted 07 October 2013 - 12:30 PM

Adobe tends to use quite a bit.

 

Have you used Ccleaner? http://www.piriform.com/ccleaner

 

This is a very good tool for removing junk files.


Qh0JjLo.jpg

 

Fluttershy is best pony.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users