RE: Hard Drive keeps filling up

• Previous message: Birl: "Re: Hard Drive keeps filling up"
• In reply to: Harris Samuel W PORT: "Hard Drive keeps filling up"
• Next in thread: Brian Tomjack (brut): "Re: Hard Drive keeps filling up"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 23 Sep 2003 09:41:33 -0500
To: "'Harris Samuel W PORT'" <HarrisSW@mail.ports.navy.mil>, security-basics@securityfocus.com

Hiya Sam -

Thanks for a very thorough write-up. One question though, what type of
IM software was she using?

Although you mentioned you have already used search engines and scanned
the McAffee web site, I spent about 30 minutes searching myself... And
came up with nada.

I don't see PestPatrol listed as one of the scanner/removers you've
tried. You can get an eval version that only lacks the ability to
remove the offender, but if it can identify it for you. Get it @
pestpatrol.com.

Please let us know if you discover what it is.

Good Luck!

Joey

-----Original Message-----
From: Harris Samuel W PORT [mailto:HarrisSW@mail.ports.navy.mil]
Sent: Monday, September 22, 2003 1:09 PM
To: security-basics@securityfocus.com
Subject: Hard Drive keeps filling up

        I have been having a problem for a week now and can't seem to
detect the culprit. This is on my home network. On my wife's machine,
the OS is Windows XP, 2.8G, Broadband connected, with 802.11g Linksys
wireless router. I have 3 firewalls running on it, zonelabs, tiny and
the firewall included with XP. I have an online subscription to McAfee
virus software, and it is kept up to date as new updates are issued. I
have checked Task Manager and shut down the processes that I knew
wouldn't cause me a problem, the rest seem innocent enough, (to my
knowledge). I've done netstat several times and haven't discovered any
obvious unknown connections. I have even locked the firewall down
(Zonelabs) on several occasions, to eliminate the possibly that it was
being accessed by an unknown process or program. I have Ad-Aware
and Spy-Bot on the computer. I have all the updates to XP installed.
I
have used the Shavlik software and have updated everything it comes up
with, I have used the Microsoft Security Analyzer to check for any
security problems and have installed all that was called for.
        Now for the problem. 2 weeks ago my daughter called me up and
was frantic, because she had been instant messaging and some putz came
on and told her to invite him in or she would be sorry. She didn't and
she was. He infected her with some worm that proceeded to fill up her
hard drive. I had given her an old computer that I had and it only had a
12G hard drive. I used VNC to check her computer out and tried to stop
the bleeding, but it was too much for me. Well, a few days later I get a
message that my computer is almost out of space. I have an 80G hard
drive. I looked at the file system but couldn't find the files that were
big enough to fill it up like that. I was performing a scan with McAfee
(which detected nothing by the
way) and noticed that the computer was spending an inordinate amount of
time on a .tmp file. I looked at the folder that was in question, and
bingo I found all the used space. There were several files in the folder
that all ended in .tmp. One I remember was McV90.tmp. There were others,
but that is the one I remember. It was 48G all by itself. I tried to
open it to view it, but couldn't find a program that I had that could
open it up. I deleted the file and regained my space back. A couple of
days later the space was being eaten up again. I deleted it again and
began monitoring it every few hours to see if there was any more action.
I couldn't detect much for a few hours, then it started up again.
        I shut the firewall, so if it was external to the computer, then
I would stop any outgoing action. The firewall came up with a few
complaints, but nothing out of the ordinary (I think it wasn't out of
the ordinary) This didn't seem to stop the process, so I am assuming the
problem is in the computer. I have a Windows 2000, Redhat, 9.0, Redhat
8.0 on the rest of my network. No problems with any of them. I have
googled, I have McAfee'd, I have done a few other search engines, but I
come up empty as to what this is. Spybot and Ad-Aware found nothing, as
I run them daily. Any ideas where to go next? I am fresh out of ideas at
the moment
        
Sam

------------------------------------------------------------------------

---
------------------------------------------------------------------------
----

The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential and/or privileged
material. If the reader of this message is not the intended recipient,
you are hereby notified that your access is unauthorized, and any review,
dissemination, distribution or copying of this message including any
attachments is strictly prohibited. If you are not the intended
recipient, please contact the sender and delete the material from any
computer.

---------------------------------------------------------------------------
----------------------------------------------------------------------------

• Previous message: Birl: "Re: Hard Drive keeps filling up"
• In reply to: Harris Samuel W PORT: "Hard Drive keeps filling up"
• Next in thread: Brian Tomjack (brut): "Re: Hard Drive keeps filling up"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]