Video Screencast Help
Symantec Appoints Michael A. Brown CEO. Learn more.

virus eating my disk space to 0 byte

Created: 01 Aug 2011 | 13 comments

Hello,

 

I need help!!! I think something eating my disk space to 0 byte. I try to delete some temp file but it eating my disk space 2 GB within 10 minutes. Now it's 0 byte. I afraid If I reboot server then It unable to boot up.

 

Please advise me how to fix it. I can't download and run another antivirus for fix it.

Symantec endpoint update to last week but it didn't help.!!!!

Comments 13 CommentsJump to latest comment

theseng99's picture

Now. Disk space is 0 byte. I can't run services.msc for checking it. it show disk is full.  should you think I have to restart?

Please see in attach picture. virus created on 1 Aug 11

error.jpg

If this Info helps to resolve the issue please Mark as Solution

Thanks you.

Andy.

Rafeeq's picture

first; try deleting some temp file; install AV run fulll scan !! 

run the sert tool from Symantec

http://www.symantec.com/business/support/index?page=content&id=TECH131732

pete_4u2002's picture

do you which file is/application is consuming the space?

is there any batch file running?

Is the disk space only 2 GB?

theseng99's picture

Now Drive C: Disk space is 0 byte, YES!! 0 byte. I try to clean temp file but something try to eating my space until 0 byte again. and I unable to run symantec antivirus because it show this tool is running and I unable end process it.

 

How should I do? I afraid restart it will be unable to boot because drive C: is 0 byte.

 

OS is windows 2000.

If this Info helps to resolve the issue please Mark as Solution

Thanks you.

Andy.

Rafeeq's picture

open task manager

select columns; check I/O read / write bytes; check which process is writting too much

theseng99's picture

and what else?

If this Info helps to resolve the issue please Mark as Solution

Thanks you.

Andy.

Rafeeq's picture

end that app , then use the sert tool to scan 

Jamit's picture

Sanity Check 

How do you know its a virus? Could it be a application or end user writing large amounts of data to the server. Are you able to explore the drive at all? From your first post it sounds like this has been happening since last week? 

theseng99's picture

Yes, It happen last week since this server is running without problem 2-3 year. Please see above picture. virus created on 1 Aug 2011

If this Info helps to resolve the issue please Mark as Solution

Thanks you.

Andy.

Hans-05's picture

Hi look at the below link then follow the steps here before using the tool.

http://security.symantec.com/nbrt/npe.aspx?lcid=1033

 

1. Remove the computer from the network -now we know there's nothing being copied to the machine.

2. You must identify the process that's writing the files as mentioned in the previous thread.

3. STOP it by ending the process.

We need to do step 3 to keep it from taking space on the machine while you make spce available to run the tool.

 

Once you have the space, run the tool. This will hopefully detect the virus.

If this fails you will have to consider the SERT tool -as seen below- to scan the machine from memory.

http://www.symantec.com/business/support/index?page=content&id=TECH159200

The SERT tool won't need hdd space as it is loaded into memory.

Hope that helps.

riva11's picture

Run the Process Explorer tool (Link : Process Explorer ) to identify the process that is running in backgroung to consume your disk space.

Stop this process then start the SAV ful scan or in case you don't have virus removed run the Norton Power Eraser.

Mithun Sanghavi's picture

Hello,

Here are few Suggestions which would help you get the Disk space back as well as get rid of the Threat (if there is any..)

1) Remove the machine from the Network.

2) Now, since there is No Disk space as of now.. so it becomes very important to understand what is consuming the highest Disk space.. To figure out where all the space on a given volume went, WinDirStat is the tool I use to fight that problem.

The program scans one or more volumes and generates a diagram called a treemap that indicates which directories are consuming the most space. One glance and you’ll be able to discern which directories are the most crowded, which large individual files are needlessly devouring space, and what types of files constitute the biggest space-eaters. From there, you can open instances of Windows Explorer into directories you want to prune. You can also remove files and folders from within the program if you so desire.

3) Follow the steps in the Article, which would help you grab more space in case the Symantec Endpoint Protection is taking to much of Disk space : 

https://www-secure.symantec.com/connect/articles/issue-related-low-disk-space

4) Once, you have the Disk space, you can Run the Symantec Endpoint Protection Recovery Utility (SERT)

http://www.symantec.com/docs/TECH131732

The Symantec Endpoint Recovery Tool (SERT) is a bootable CD that can scan and remove malware from an infected computer. SERT is useful in situations where computers are too heavily infected for the Symantec Endpoint Protection client installed upon them to clean effectively. 

5) If Symantec is not detecting the Threat, it is adviseable to work on the steps provided in the Article below:

https://www-secure.symantec.com/connect/articles/using-symantec-support-tool-how-do-we-collect-suspicious-files-and-submit-same-symantec-sec

 

Hope this Steps would help you!!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

theseng99's picture

hello,

 

I download symantec power eraser tool and run it. then it will show error.

 

the procedure entry point GetprocessImagefileNameW could not be located in the dynamic link library PSAPI.DLL

If this Info helps to resolve the issue please Mark as Solution

Thanks you.

Andy.