Author Topic: Disk full in 20 minutes (Read 2261 times)

REDACTED · « **on:** August 07, 2015, 03:49:49 PM »

Hello,

I think my laptop is infected by a virus who fills up my C partition in about 20 minutes every time I restart it.

I am running Avast Free on Windows 7 Professional SP1 64x. Avast did not catch anything wrong.

When running Windows in Security Mode nothing happens.

I have searched the Internet on this kind of virus but I did not find any record.

Somebody knows any virus who may be responsible for this behaviour ?

Thank you very much.

Jayme Jeffman

essexboy · « **Reply #1 on:** August 07, 2015, 04:21:15 PM »

Nothing I have heard off

Lets have a look see

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
Select additions at the bottom
Press Scan button.
It will produce a log called FRST.txt in the same directory the tool is run from.
Please attach both logs generated.

REDACTED · « **Reply #2 on:** August 07, 2015, 05:05:07 PM »

This problem I have already had.

I have found a lot of disk space used under the %AppData% folder in a Google folder.

So I have decided to uninstall all Google applications including Chrome and Google Earth plugins. It was almost 70 GB used in that folder.

Yesterday before I have turned off the computer it had only 48 MB left on C partitition.

Today, after I ran CCleaner and disable Google Talk plugins, I am monitoring disk space and activity with Microsoft Resource Monitor. It seems it has no virus activity until now.

I have downloaded the 64 version of FarBar and ran it. Here goes the log files attached.

Thank you very much.

essexboy · « **Reply #3 on:** August 07, 2015, 06:21:52 PM »

Google Earth does take up a lot of room

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

Quote

CreateRestorePoint:
2015-07-23 22:32 - 2015-07-23 22:32 - 00000000 ____D C:\Users\jjeffman\AppData\Local\{BC216550-F213-401A-B61B-46B70B37E0FD}
2015-07-23 22:30 - 2015-07-23 22:31 - 00000000 ____D C:\Users\jjeffman\AppData\Local\{5EE8C6DD-51C2-475D-A74F-4C2204151423}
2015-07-23 22:16 - 2015-07-23 22:16 - 00000000 _____ C:\Windows\system32\REN9839.tmp
2015-07-23 18:30 - 2015-07-23 18:30 - 00003134 _____ C:\Windows\System32\Tasks\{C0CDCC3C-DF3C-4DAC-B4DC-66B701705853}
2015-07-22 19:48 - 2015-07-22 19:48 - 00000000 ____D C:\Users\jjeffman\AppData\Local\{68CE3BFD-0FD3-4034-8AC3-C9C85975A2D0}
2015-06-24 14:16 - 2015-06-24 14:16 - 0000000 _____ () C:\Users\jjeffman\AppData\Local\{04E3DEC7-E6D8-4D5C-82AC-572AFEF4B4DA}
2015-06-24 14:16 - 2015-06-24 14:16 - 0000000 ____H () C:\Users\jjeffman\AppData\Local\BIT45B6.tmp
Task: {0E7035B7-F90F-40B4-B817-05F657194B11} - \71634a7f-512d-471b-9785-ca3df8a729a1-1-7 No Task File <==== ATTENTION
Task: {1596EB59-5471-4D4B-9F87-F680ABE33E53} - System32\Tasks\{232F8F5B-4BC7-4175-AEFB-01EDB09B0F85} => pcalua.exe -a E:\Temp\cs2_setup.exe -d E:\Temp
Task: {2FE26413-6D3F-4A0A-A51A-F702B0852474} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3873803031-4150282436-3825153626-1000UA => C:\Users\jjeffman\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {44F7C5E2-4997-4F15-A294-7ECB082FFD0F} - \71634a7f-512d-471b-9785-ca3df8a729a1-1-6 No Task File <==== ATTENTION
Task: {483D3C14-A143-4A9E-83CA-07CEC6950FB5} - \71634a7f-512d-471b-9785-ca3df8a729a1-6 No Task File <==== ATTENTION
Task: {6B688B9E-26AD-4A80-9FFB-E5D98EC93183} - \71634a7f-512d-471b-9785-ca3df8a729a1-5_user No Task File <==== ATTENTION
Task: {A4A2D3F4-AA38-45B4-871E-849700FFBF36} - \71634a7f-512d-471b-9785-ca3df8a729a1-7 No Task File <==== ATTENTION
Task: {BE53D297-5730-4F6E-87D8-76349886B910} - \71634a7f-512d-471b-9785-ca3df8a729a1-4 No Task File <==== ATTENTION
Task: {F1371647-7E6F-46B4-8EB8-F895CCAB9FBF} - \71634a7f-512d-471b-9785-ca3df8a729a1-5 No Task File <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3873803031-4150282436-3825153626-1000Core.job => C:\Users\jjeffman\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3873803031-4150282436-3825153626-1000UA.job => C:\Users\jjeffman\AppData\Local\Google\Update\GoogleUpdate.exe
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that

REDACTED · « **Reply #4 on:** August 07, 2015, 07:58:30 PM »

Thank you very much.

Here goes the Fixlog.txt file.

essexboy · « **Reply #5 on:** August 07, 2015, 08:08:44 PM »

I just tidied up.. How is the computer now ?

EmptyTemp: => 4.2 GB temporary data Removed.

REDACTED · « **Reply #6 on:** August 07, 2015, 08:55:01 PM »

Thank you very much for helping me.

I have normal disk activity and the disk unused space seems to be almost constant and its modifications might be result of my work on the computer.

Did you find any risk or threat on the files I have sent you ? Was my computer infected ?

essexboy · « **Reply #7 on:** August 07, 2015, 09:10:52 PM »

No there was no infection

Remove tools

Download and run Delfix
Select the options as shown

REDACTED · « **Reply #8 on:** August 07, 2015, 09:31:18 PM »

Well, if it has not infection

, but suddenly my hard drive C partition was increased by around 70 GB in less than 30 minutes, what was going on ?

The system process was continuously writing data to disk and 1.5 GB disk space being occupied each minute, was it not a virus ? Or is Windows 7 itself a virus ?

Why are you telling me to remove disinfection tools ?

Thank you very much.

Pondus · « **Reply #9 on:** August 07, 2015, 09:38:44 PM »

Quote

Why are you telling me to remove disinfection tools ?

Because they are not tools you can use unless trained, and latest updated version must be downloaded when needed

essexboy · « **Reply #10 on:** August 07, 2015, 09:49:10 PM »

When you uninstalled google earth you removed a programme that updates itself with some large amounts of data on a daily basis

REDACTED · « **Reply #11 on:** August 07, 2015, 10:13:53 PM »

Maybe, do you think that an application could fill up to 70 GB in the AppData folder just to get an acceptable performance? Supposing the user have an unlimited disk space ?

I don't feel like to install any Google applications anymore.

I have downloaded the application you've told me to, and I will run it to clean up the disinfection tools.

Thank you very much.

Author Topic: Disk full in 20 minutes (Read 2261 times)

REDACTED

Disk full in 20 minutes

essexboy

Re: Disk full in 20 minutes

REDACTED

Re: Disk full in 20 minutes

essexboy

Re: Disk full in 20 minutes

REDACTED

Re: Disk full in 20 minutes

essexboy

Re: Disk full in 20 minutes

REDACTED

Re: Disk full in 20 minutes

essexboy

Re: Disk full in 20 minutes

REDACTED

Re: Disk full in 20 minutes

Pondus

Re: Disk full in 20 minutes

essexboy

Re: Disk full in 20 minutes

REDACTED

Re: Disk full in 20 minutes