time
Storage? I am Storage!
A customer is experiencing extremely strange behaviour on their Win2k PC. Specifically, enormous (up to 30-40GB) files are being created in their NOD32 updfiles folder. Both Eset and I are stumped.
The files are not being downloaded - sometimes the system adds nearly 1GB to the size every minute.
CPU utilization hits 100%.
The problem seems to only occur for maybe half an hour at a time (?) each day.
Process Explorer doesn't show anything obvious (but then, I haven't been able to run it or anything similar when the problem actually occurs).
NOD32 can't see anything.
Ad-Aware SE can't see anything.
Housecall can't see anything.
Security Task Manager threw up a decidedly suspicious file, but deleting it and some others didn't help.
Compressing one of the smaller files didn't seem to shrink it at all.
The files are way too big to be able to send away for analysis. Does anyone know of a utility that can slice small pieces out of a huge file?
The file names look like the normal NOD32 update files but are subtly different. For example, NOD32 has the files upd.ver and lastupd.ver. These files are usually called upd####.ver, where #### is hexadecimal.
The problem is also evident on an older Win98 PC, only the files aren't so big. It might have been networked to the Win2k box at some time in the past, or same games might be installed. Who knows?
It goes without saying that NOD32 was uninstalled and reinstalled. The only idea I have left is to try Kaspersky AV, although I have this sinking feeling that I already tried it some months ago when this problem first surfaced.
The files are not being downloaded - sometimes the system adds nearly 1GB to the size every minute.
CPU utilization hits 100%.
The problem seems to only occur for maybe half an hour at a time (?) each day.
Process Explorer doesn't show anything obvious (but then, I haven't been able to run it or anything similar when the problem actually occurs).
NOD32 can't see anything.
Ad-Aware SE can't see anything.
Housecall can't see anything.
Security Task Manager threw up a decidedly suspicious file, but deleting it and some others didn't help.
Compressing one of the smaller files didn't seem to shrink it at all.
The files are way too big to be able to send away for analysis. Does anyone know of a utility that can slice small pieces out of a huge file?
The file names look like the normal NOD32 update files but are subtly different. For example, NOD32 has the files upd.ver and lastupd.ver. These files are usually called upd####.ver, where #### is hexadecimal.
The problem is also evident on an older Win98 PC, only the files aren't so big. It might have been networked to the Win2k box at some time in the past, or same games might be installed. Who knows?
It goes without saying that NOD32 was uninstalled and reinstalled. The only idea I have left is to try Kaspersky AV, although I have this sinking feeling that I already tried it some months ago when this problem first surfaced.
