Now. Disk space is 0 byte. I can't run services.msc for checking it. it show disk is full.  should you think I have to restart?

Please see in attach picture. virus created on 1 Aug 11

first; try deleting some temp file; install AV run fulll scan !! 

run the sert tool from Symantec

http://www.symantec.com/business/support/index?page=content&id=TECH131732

do you which file is/application is consuming the space?

is there any batch file running?

Is the disk space only 2 GB?

Now Drive C: Disk space is 0 byte, YES!! 0 byte. I try to clean temp file but something try to eating my space until 0 byte again. and I unable to run symantec antivirus because it show this tool is running and I unable end process it.

How should I do? I afraid restart it will be unable to boot because drive C: is 0 byte.

OS is windows 2000.

open task manager

select columns; check I/O read / write bytes; check which process is writting too much

and what else?

end that app , then use the sert tool to scan 

Sanity Check 

How do you know its a virus? Could it be a application or end user writing large amounts of data to the server. Are you able to explore the drive at all? From your first post it sounds like this has been happening since last week? 

Yes, It happen last week since this server is running without problem 2-3 year. Please see above picture. virus created on 1 Aug 2011

Hi look at the below link then follow the steps here before using the tool.

http://security.symantec.com/nbrt/npe.aspx?lcid=1033

1. Remove the computer from the network -now we know there's nothing being copied to the machine.

2. You must identify the process that's writing the files as mentioned in the previous thread.

3. STOP it by ending the process.

We need to do step 3 to keep it from taking space on the machine while you make spce available to run the tool.

Once you have the space, run the tool. This will hopefully detect the virus.

If this fails you will have to consider the SERT tool -as seen below- to scan the machine from memory.

http://www.symantec.com/business/support/index?page=content&id=TECH159200

The SERT tool won't need hdd space as it is loaded into memory.

Hope that helps.

Run the Process Explorer tool (Link : Process Explorer ) to identify the process that is running in backgroung to consume your disk space.

Stop this process then start the SAV ful scan or in case you don't have virus removed run the Norton Power Eraser.

Hello,

Here are few Suggestions which would help you get the Disk space back as well as get rid of the Threat (if there is any..)

1) Remove the machine from the Network.

2) Now, since there is No Disk space as of now.. so it becomes very important to understand what is consuming the highest Disk space.. To figure out where all the space on a given volume went, WinDirStat is the tool I use to fight that problem.

The program scans one or more volumes and generates a diagram called a treemap that indicates which directories are consuming the most space. One glance and you’ll be able to discern which directories are the most crowded, which large individual files are needlessly devouring space, and what types of files constitute the biggest space-eaters. From there, you can open instances of Windows Explorer into directories you want to prune. You can also remove files and folders from within the program if you so desire.

3) Follow the steps in the Article, which would help you grab more space in case the Symantec Endpoint Protection is taking to much of Disk space : 

https://www-secure.symantec.com/connect/articles/issue-related-low-disk-space

4) Once, you have the Disk space, you can Run the Symantec Endpoint Protection Recovery Utility (SERT)

http://www.symantec.com/docs/TECH131732

The Symantec Endpoint Recovery Tool (SERT) is a bootable CD that can scan and remove malware from an infected computer. SERT is useful in situations where computers are too heavily infected for the Symantec Endpoint Protection client installed upon them to clean effectively. 

5) If Symantec is not detecting the Threat, it is adviseable to work on the steps provided in the Article below:

https://www-secure.symantec.com/connect/articles/using-symantec-support-tool-how-do-we-collect-suspicious-files-and-submit-same-symantec-sec

Hope this Steps would help you!!!

hello,

I download symantec power eraser tool and run it. then it will show error.

the procedure entry point GetprocessImagefileNameW could not be located in the dynamic link library PSAPI.DLL