I have a problem: an hour ago I have 16.5 GB free space on my C Drive. I now have 12 GB free space. I have BDTS 2011 and it found no viruses or anything else. Yet, something is sucking up my space like crazy. How do I get rid of it?
Hello
In order to be able to further investigate the reported situation we need some more information from your computer as follows:
. A BDSYS log;
. A GMER log;
. Use the new Bitdefender QuickScan for an extra layer of protection;
~ Below you will find complete instructions in terms of how to perform the above actions. ~
[how to GENERATE A BDSYS LOG]
. Save and extract the BDSYS tool to a location of your choice:
http://www.bitdefender.com/files/Knowledge.../BDSysLog_i.exe
. Make sure you close all active applications and then run "BDSysLog_i.exe"; If you receive a firewall
alert,select to Allow the application to connect;
. Click the "Create log" button to start generating the
log; A progress bar is indicating that the tool is creating the report;
. When the small window appears with the message "Log
saved" then the report is complete and a new file named "bdsyslog.zip" has appeared on your Desktop;
. Send me via PM the generated log file.
. If the file is to big for send it over PM, upload the results to one of the online file hosting servers mentioned below or use one of your own and send via PM the download link.
http://www.sendspace.com
http://www.mediafire.com
[how to GENERATE A GMER LOG]
. Save the GMER tool (and then extract it if needed) to a location of your choice:
RECOMMENDED: http://www.gmer.net/download.php
alternative: http://www.bitdefender.com/files/KnowledgeBase/file/gmr.zip
. Make sure you close all active applications and then run the tool;
. Allow the tool a few moments to load up and perform the initial scan;
. Click on the "Scan" button from the lower right side of the window; You will notice that the button will change to "Stop" indicating that the tool is creating the report;
. When the scanning process is over the button will change back to "Scan";
. Click on the "Save..." button and save the log to a location of your choice, naming it "gmerlog";
[how to USE THE BITDEFENDER QUICKSCAN]
Bitdefender QuickScan is an online scanning tool that uses a new technology to combine intelligent local scanning and in-the-cloud scanning which detects e-threats in memory quickly.
. Using your favorite web browser visit: http://quickscan.bitdefender.com/;
NOTE! A detailed installation and compatibility guide can always be found at:
http://forum.malwarecity.com/index.php?showtopic=23
. Click on "Start" (install the required ActiveX/Plugin if necessary);
. Allow the scanning process a few moments to complete;
. When the scan is over click on "View log" in order to open the log in the default text editor; Save the log to a location of your choice (e.g. Desktop).
We will contact you once the analysis is complete. Take care.
I see from the logs that you have Bitdefender 2012, not 2011.
In this case, please right click on Bitdefender icon from system tray-near the clock-and choose "About". You should see in the left side the build number.
It's something like 15.0.xx.******.
Please reply to us with that number to see if you have the latest build delivered via Automatic Update.
We are looking forward to hearing from you. Have a nice day.
15.0.36.1530
However, not that I only upgraded to BDTS 2012 last night (20 hours ago) and this disk full issue have been with me for 3-4 days. Should I be running the special removal tools like Duqu and Boot (can't remember what they are but they are pinned)?
I am now down to 2GB of freespace on my C drive (from 20GB yesterday) and my system is slowing down considerably. The GMER scan is in its 6th hour running.
Please browse to this location:
C:\Windows
In there you will find a Temp folder. Please tell the size of that folder(right click on it and choose Properties).
After this, delete all the content of that folder.
Thank you.
Hi
Download and install the software and then run it to clear your computer's registry an temporary files:
http://www.ccleaner.com/download
http://www.piriform.com/docs/ccleaner/usin...gistry-cleaning
Let me know if you still encounter the issue.
Take care.
C:/windows/temp had 8GB in it. I was able to delete all except two files, which I tried then to delete from teh CMD window and still no luck.
I ran CC cleaner (already had that installed) and cleaned up registry files. I also emptied teh Recycle Bin. I still have only 4GB free space on my system (down again from 16 GB yesterday).
I still HAVE the problem. I am now going to reboot in safe mode and see if I can delete those last two files and directory in C:/windows/temp.
Have you tried to delete them in Safe Mode?
[How to restart in SAFE MODE With Networking]
- Restart the computer;
- Press the "F8" key several times before Microsoft Windows begins to load; you need to press "F8" until you will be displayed a text menu;
- Select "SAFE MODE With Networking"
Yes, I tried that and it didn't work. I then found a utility called Unlocker, which I installed, and I was then able to delete both files. Strangely both of these files were controlled by Java. I just deleted old Java and downloaded the latest Java 6 (release 31) from Oracle.
Though C:/windows/temp is now currently empty, there was (after I deleted the folder the first time) a dozen or more folders names "bdcloud#" where # was a random number. What are these?
I still am losing disk space! How do I get back to the 16 or 18 GB of free space I should have?
Also, I have run CCleaner many times and still no increase in free space.
Still have a problem.
Please uninstall that version of Java and install Oracle Java 7 release 3, the latest version and tell me if you still encounter those issues.
http://www.filehippo.com/download_jre_32/
http://www.filehippo.com/download_jre_64/
Bdcloud# folders and files are temporary files used by our product that are created in that folder.
They are automatically cleared during the update.
Why should I download this from filehippo and NOT Oracle directly?
Welcome back.
You can download it from any safe server, even the ones from Oracle.
Okay, done. Now have the latest JRE. Now what? I still am LOSING disk space. I am down to 1.5 GB free space (down from 4.2GB an hour ago).
I still have an issue. Did you analyze all of the stuff I sent you? I must still have a malware on my drive.
Please advise. I am desperate.
It seems the malware is injected into explorer.exe process. I have uploaded on Mediafire a password-protected archive dumps.zip. The password is "bitdefender" (without quotes). Unzip it and execute dump.bat. Wait for the process to finish. This will create some memory dumps of the explorer.exe process and will be save them in the same folder the dump.bat file is located. Send us the generated folder via PM and we will be able to find and add detection to the malware.
http://www.mediafire.com/?z62n65w984m54fh
Please download Process Explorer from here:
http://download.sysinternals.com/Files/Proces###plorer.zip
run it, go to Menu -> Find -> Find handle or DLL, input the name of the file that keeps growing, then double click on the entries found.
It will take you to the handle of that file.
Try right click on that -> Close handle.
If it does not work, try click on the selected process to which the handle belongs and stop or restart, and then try again the Close handle.
Thank you very much. Take care.
I am sorry, but I have NO IDEA what files are growing. I tried that three weeks ago looking for files with today's date and sorting by size. I just booted this laptop and now I have 135GB free on the C drive. If you remember I only had 15GB the last time. I think it is giving false positives.
Second, you did not tell me the status of your lab's work. Is this recommendation from them or you? Are they still working on it?
They have finished analyzing the dumps and there is nothing malicious in those dumps.
We need to find the source and in my opinion is not malicious.
Are you still loosing space now?
I have done nothing on this laptop since my last post and free space has gone from 135GB to 129GB. I seriously doubt that I really have that much free space. How can I find the big files that you think are growing?
And how could I possibly go from 2GB free space last week to 135 GB yesterday without doing a thing?
Do you have an automatic backup solution installed on it?
Yes, I use Carbonite.
Could you please temporary stop it to check if it doesn't cause this issue? After this reboot and check the HDD free space.
I tried that and there doesn't seem to be any effect. However, free space is now at between 107 and 115 GB and it has stayed that way for about a week. Do you think Carbonite used that much space?
Yes, it's a theory. I can tell you that my colleagues didn't find anything suspicious in those dumps.
Do you use the latest version of Carbonite? If not, please update it.
Let me know if you have other questions.
Yes, I have the latest version of Carbonite, Christian. I will consider this dialogue closed unless I see the free space rapidly shrinking again. Thanks for all your help. Where are you located?
We are in Romania, Bucharest at Bitdefender HQ.
You have all the details here:
http://en.wikipedia.org/wiki/Bucharest
Since this actual case was resolved, I declare this subject closed.
If you need further assistance, do not hesitate to contact us.
