USB Stick "looses" size

Discussion in 'Malware Help (A Specialist Will Reply)' started by oggy3000, Jan 15, 2009.

  1. oggy3000

    oggy3000 Private E-2

    Hey guys
    I hope you can help me. I am sitting in South Africa right now, doing some voluntary work and we have a little problem going on over here.
    One of the students here gave me a 2 GB USB Stick which is somehow "loosing" space. About one week ago the properties of the stick only showed about 400 MB, the day before yesterday it was only 388 MB of total size and yesterday it was only 383 MB left.
    I assume that there is some kind of malware on it because there again and again the following directory/files are created:
    F:RESTORE/S-1-5-21-1482476501-1644491937-1013
    Including the hidden files
    Desktop.ini
    ROX.exe
    I can only see them with Icesword for example. Deleting them only has a short time impact. When pluging the stick out and in again, its back. I do not know much about such things, but is it possible that malware can compromise a hardware media in a way that operating systems (Windows XP and OpenSuse) can only see the fake size? Even when I try booting up with a Windows CD and want to partition the stick, only the mentioned 388 MB show up.
    Another problem is that I do not know in what extend the computers here are infected. The malware seems to be very agressive and well hidden. It is spreading to every USB Stick connected to the Notebooks here so I guess the Notebooks themselves are infected.
    Personally I have no problem with whiping my computer and setting everything up new. But the problem is the data on the other Notebooks. I am not shure about making a backup of their data, because I am pretty shure it is contaminated. And then there will still be the problem with the USB sticks that till now could not fe fixed by formating them.

    I currently am running your Malware Removal Guide. So updates will follow this evening or tommorow.

    Best regards
    oggy
     
    oggy3000, Jan 15, 2009
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    This is not a malware problem. This is Windows System Restore points. You should post questions on this in the Software Forum where someone can work with you on either disabling system restore on this drive or on reducing the size of restore points.


    This would be a good idea since rox.exe may be malware. Attach your logs when finished.
     
    chaslang, Jan 17, 2009
    #2
  3. oggy3000

    oggy3000 Private E-2

    Hey
    I think I solved the malware problem. It was a Trojan hiding on my harddisk. Now the hidden files are no longer created. But this still doesn't solve my problem with the actual size of the stick. It is still 400 MB instead of 2GB displayed. Does anyone have an idea what might cause this?

    Best regards
    oggy
     
    oggy3000, Jan 18, 2009
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Post this in the Hardware Forum.
     
    chaslang, Jan 18, 2009
    #4

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds