Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hard Disk Space Disappeared ?


  • Please log in to reply
7 replies to this topic

#1 KIDRoach

KIDRoach

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Location:West Lafayette, IN
  • Local time:10:33 PM

Posted 03 November 2006 - 12:08 PM

i was surfing the net...

then suddenly a message came through msn, from my friend, asking me to visit this site

hotoruglypics.com

well, curious as i am, i tried opening the file, then downloaded the file... counting on my antivirus... lol
the filename of the file i downloaded was web.pif <--- this is the ms-dos programme, i put it in the desktop

ok, then here comes the problem... i wanted to delete the file, but my poor mouse decided something else for me... yeah, my mouse sometimes double click by itself when i click...

so, the ms-dos ran... but nothing came out...

then a file came out in the desktop, with the filename "set"

:thumbsup: scared, i deleted the file in hurry... then i checked my computer...

suddenly my hard disk space, intially about 5gb free, shot down to about 100mb...
so, i thought, maybe this thing automatically generates files by itself,
so i checked the files in my drive C, the infected drive..

well, this is what i've got...

Program Files -> about 14 gb
Documents & Settings -> about 14 gb as well (i keep a lot of things in there)
Windows -> about 3 gb

my hard disk space is 37.2 gb
my logic says that 14+14+3 =31 and i'll have at least 5 gb free... :flowers:

i'm running on windows xp btw

so, what exactly is the problem ?

is it a virus or just a wrong setting ?

btw, now the space came back already, i don't know how it did, it just did...
so, i'm just curious how this happens,
if anybody would care to share about their knowledge :trumpet:
If Quizzes were Quizzicles, what are Tests ?

BC AdBot (Login to Remove)

 


#2 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:10:33 AM

Posted 03 November 2006 - 12:51 PM

BEWARE!!! DO NOT TYPE THE URL INTO YOUR BROWSER!!! It will attempt to download the .pif file immediately!

It's nasty AFAIK - I'm performing a full system scan now!

Edited by usasma, 03 November 2006 - 12:59 PM.

My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#3 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:10:33 AM

Posted 03 November 2006 - 12:58 PM

I'd seriously suggest a full system scan with updated definitions in your anti-virus. Then, to be safe, perform this free, online scan: http://safety.live.com/

I went in with all my "shields up" and hope that it hasn't infected my system (I think I stopped it before it could do any real damage).

I've got indications (from AVG) that it attempted to change:
- MFT
- boot sector
- HOSTS file
- kernel32.dll
- shell32.dll

I verified that the HOSTS file hadn't been changed since I last updated it (26 Sep) - so it's safe (and to be sure, I updated it again!).

Edited by usasma, 03 November 2006 - 01:02 PM.

My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#4 KIDRoach

KIDRoach
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Location:West Lafayette, IN
  • Local time:10:33 PM

Posted 03 November 2006 - 08:00 PM

yeah, the first thing i did was actually scanned my comp, nothing was detected, i used kaspersky btw...

then, just now, after i left my comp on over the night, i checked again...

the monitor couldn't come out from the black screen... !?
i restarted my comp and there it is... my kaspersky detected something like "thematrixhasyou" or something like that... again, in a hurry i deleted all those things... =(

also, in the task manager i saw a lot of processes, normally from the system, but there are two of it...

for example,

rundll32.exe <- 2 of these
explorer.exe <- 2 of these
svchost.exe <- 5 of these

another thing is, kaspersky is detecting like 12 or 13 objects simultenously this morning...
ok, most of it got processed except one empty box... don't know what is it, tried to process but can't,
everytime i did, it either generates back by itself or can't be processed

there is "bferdpo.exe" & "ee.exe" when i run the antivirus for second time...

not sure what it is...
what am i supposed to do ?

luckily, my system restore recorded something, so that i can back up to the day before the incident happens
if i do this, is my comp gonna be in full health again ?
will this infect other computer if i take files from my comp to other comp ?

actually i prefer not to use system restore even if it works, because i'm downloading something, and by system restore i presume that all the downloaded files would be lost ?

however, if this thing can infect other computer, i think i'm gonna just do system restore "if" it works...

Edited by KIDRoach, 03 November 2006 - 08:36 PM.

If Quizzes were Quizzicles, what are Tests ?

#5 KIDRoach

KIDRoach
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Location:West Lafayette, IN
  • Local time:10:33 PM

Posted 04 November 2006 - 02:36 AM

right, just when i wanted to use system restore, suddenly i saw that there is no more restore point... oh my goodness... i think the virus deleted it or something...

just one thing, i've got two hard disk in my computer, and the other one is just to keep data... so, like if i move some files from C Drive to the D Drive, will the D Drive get infected too ?

or maybe if i copy files, any files, to other computer, will the other computer get infected too?
If Quizzes were Quizzicles, what are Tests ?

#6 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:10:33 AM

Posted 04 November 2006 - 04:59 PM

You've mostly likely been infected. Anything that's copied to another disk or drive can be copied also (as can System Restore points).

Scan your system with as many tools as you can lay your hands on.

Here's some free one's (just google for them):
AdAwareSE
SpyBot Search & Destroy
Windows Defender
AVG Free
Avast Free

2 good, free online scanners:
http://safety.live.com/
http://housecall.trendmicro.com/

If you've still got issues - then I'd post a HJT logfile (after reading the directions) here: http://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#7 KIDRoach

KIDRoach
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Location:West Lafayette, IN
  • Local time:10:33 PM

Posted 09 November 2006 - 10:19 AM

very late reply, sorry =(

i reformat my pc in the end, so any virus should be gone by now...

just replying to say thanks for the helps =)
If Quizzes were Quizzicles, what are Tests ?

#8 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:10:33 AM

Posted 09 November 2006 - 11:26 AM

Do a scan anyway - just in case this was a boot sector virus (and they can resurface).
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users