Malware? C Drive is ?full?

My C drive is suddenly full! "Properties" actually shows zero bytes available! I loaded and ran "F-Secure Rescue (13 Hour scan) which found and disabled "Backdoor.flood.f" and "Trojan.Generic.4269517", but the problem persists and there isn't enough disk space to run some programs. I emptied the recycle bins (also Norton Protected - I just did it again and it gave back about 200 KBytes) but didn't get a lot of space back. Do you have any ideas or instructions? I am reluctant to follow any instructions given to others just in case I'm shooting myself in the foot.

 

Here are a few more details about my problem(s):

First of all, I don't seem to be able to download anything, so that would seem to throw a wrench into any operations using TDSSkiller. When I try to download files, (for example at "TDSSkiller - How to run" from

http://majorgeeks.com/downloadget.php?id=6895&file=1&evp=6ee854ea7c22f46734f10d4e193d17ce

(using Firefox - IE won't connect to any site I Google!) the first attempt is reported as "tdsskiller.zip canceled - Kaspersky.com". Right-clicking on the download helper provides the option "retry" and selecting that provides every indication that the file is being downloaded, it can even be seen for awhile by using Windows Explorer, but when is all said and done, the file is not there. It looks like it was downloaded and then erased. The download helper window reports "tdskiller.zip 2.0 Mb - Kaspersky.com". This action is repeated for any download I have attempted.

I have managed to free up a little more space on C: (right now I have about 2.9 Gb freed up) by cleaning up the recycle bin on C: (NProtect as well! - there go about another 200 small files!), but the problem still exists. There are a few other files I could delete to free up a few more Gb of space, but until I hear from you I think I will hold off opening up more space to get filled up with ??. . . . . . Oh! - keep reading!

Of course the "Search" utility won't work (lonely doggie!) so I did some manual searching on another drive. I found what may be an older download of tdsskiller.exe (Version 2.4.11.0) as well as the Kaspersky Virus Removal Tool (9.0.0.722_11.12.2010_22-23). This TDSSkiller runs a lot different than the description shown at "TDSSkiller - How to Run" but I ran it anyway and the report file from the root of C: is attached.

I hope I've done everything kinda right! Thanks for your patience and help!

 

Sorry for being vague. It was getting pretty late here.

Firefox is the one that looks like it will complete a download (only on "retry) only to have the

file disappear (watching with Explorer).

IE Googles OK but I can't download TDSSkiller. "Your current security settings do not allow this file to be downloaded" pretty much prevents access to TDSSkiller.zip.

There has been some progress here, but some problems still remain.

I completed a scan using an old copy of Kaspersky Virus Removal Tool only to find out that

911 service is no longer available. I saved the report, though. I'll attach it.

Right now, as I return to the scene, C Drive reports 72.5 Gb used, 1.96 Gb clear.

There are about 13,000 files in the Norton Protected Recycle Bin.

After clearing Norton and Windows recycle bins on C Drive (I can "select all" but I have to

use the "delete" key on the keyboard to start the process as "right click" won't work.) C Drive reports 71.9 Gb used and 2.60 Gb clear. Not quite as good as last night, but good enough to be able to get some things done.

Next, I thought it might be a good idea to look for an oversize file on C Drive.

I restored a recent backup of C Drive to one of my other drives and (I'll keep it short unless

you ask for the details) discovered the current "Windows" directory was more than 10 Gb

bigger than the backup. A little more scrutiny and I was looking at a file (procmon.pmb)

which was about 11Gb and only in the current set. I suspect it may have been the result of

"Boot Logging" by Process Monitor. Deleting that restored C Drive free space to a more

reasonable 13.4 Gb. My free space availability problem seems to have been solved!

To cement the solution, I edited the registry to remove:

[HKLM\System\CurrentControlSet\Services\PROCMON20]

and all of its subkeys. I hope that stopped the bootlogging!

Unfortunately the other problems still exist.

The download problems described herein are still ongoing (I just checked!) and I feel the

following observations may be significant in other areas:

Norton Protected Recycle Bin keeps right on a-loadin' up on all drives! Is this normal, or

should I be doing something to stifle it?

I use an email inspection program called "Mailwasher". Some of its data ("Friends" and

"Blacklisted" info) disappeared. I restored the info from the C Drive restorated files. I wonder what process affected them?

I ran into three interesting files in the Windows Directory on C Drive:

C:\Windows\MF_C425.lfa - Created March 10, 2026, 9:08:49 PM
C:\Windows\MF_C421.lfa - Created March 10, 2026, 9:08:49 PM
C:\Windows\MF_C420.lfa - Created March 9, 2026, 4:35:00 AM

and thought the dates were a little suspicious . . . . or is it paranoia?

And, of course, the search facility is still not working.

Over to you now. I hope I got this info straight. Can you please help?

 

I finally found a way to download files, so I have run TDSSKiller.exe Version 2.7.37.0 and attached the report file. Sorry, but as I mentioned in my first reply to you, I was unable to download anything.

I hope the attached file is exactly what you need to do an analysis.

So far I have regained my C Drive free space and now I can (with an extended procedure) download files and use them. Can you please help me to find out what caused and is causing these and other annoying problems on this computer?

 

Solved the problem(s) myself!

Problem #1 = Finger Problem.

In using a utility called "Procmon", I decided to opt for "Enable Boot Logging". This caused the system to store more than Eleven (11) Gigs of info on C Drive and that's where the space disappeared to. I found this using "Search" (Do NOT Specify a file name, Search C Drive, When was it Modified, and, when the search is finished, click on the "Size" column to bring the largest files to the top). I then disabled Boot Logging in the program itself and erased the log file to regain space on C Drive.

Problem #2 = Largely Undocumented Disguised Malware.

I downloaded and used a Malicious Utility called "PC Cleaner Pro 2012". A quick "Google" will show that its not necessarily recognized as the Trojan that it is. There are some "Rave" reviews (possibly originated by the hoax!) as well as lots of helpful removal instruction links there. Top thanks go to "F-Protect". Most other popular online scanners did not recognize the "Rogue" Application.

Proper Removal of this &%#$# piece of software cleared up all of the other problems I was experiencing in the XP system.

Thanks also for your own help in this matter.