Windows 7: Need Help Extremely Large Files in Windows-Temp Folder Cannot Delete

Okay I will do my best to try and explain this clearly.

I had one laptop hard drive crash/fail on me...so I purchased a new laptop and transferred all my files over via a window's backup and crash plan backup to make sure I got everything. Now the new laptop is having the same issue as the old laptop--obviously there is a corrupt file somewhere. The hard drive on the new laptop has not failed--yet--but 308GB of my 750 HDD has been sucked up by these temp files. I have attached a word doc with 2 screen shots--first showing the main window with all of these tmp files and the second with one file opened.

There 99 of these tmp files, with roughly 200,000 items in each taking up a lot of HDD space. I tried to delete one of these folders and the process took forever and it got hung up.

First, what are these folders and has anyone heard of this kind of issue.



Secondly, is there a way I can delete these files by by-passing the recycle bin since these things are so large. I thought I read somewhere I could use cmd to do this, but am not sure how.

I've used CCleaner and Malwarebytes and neither touched these files. As a matter of fact the Windows\Temp file never seems to get cleared out unless I manually delete what's in there. I was able to delete other files in that folder, just not these. I am getting very concerned for the life expectancy of my new HDD.

Also, one final note. I ran a chckdsk scan. It got hung up at 74% on Stage 1 and refused to budge from there. I am going to assume this is because of these files. Also when I ran Malwarebytes it took 24 hours to get through just 6 of those tmp folders. I chose to stop the scan process and try to delete those folders...that's when I discovered they are very stubborn. When I right-click on the folders the system gets very slow and the folders become almost impossible to work with.

I am open to any and all suggestions...Thanks

You MIGHT have a root kit virus.

Some root kit removes...

Free Tools | McAfee Downloads

Sophos Anti-Rootkit - Free Rootkit Detection and Removal Tool

I feel your pain - been there, done that. Several years ago I had to service a computer that slowed to a crawl. Like yours, it had over 167,000 files in one directory - this caused the OS to barf. The root cause was a Flash-based exploit that loaded around six trojans that downloaded SPAM files (167,000 of them!) to send out later.

The solution I used, while not difficult, did take a lot of time - as in HOURS. I know of no "quick fix" if you need to preserve the existing apps and data.

The biggest hangup is the OS logging everything when you access the directory and attempt to execute any function. This is by design and for file integrity/protection - problem is most OSs aren't optimized to catalogue the parameters of that many files at once.

What does this mean in everyday terms? Well, just clicking on the directory folder in Windows Explorer could take several minutes to finally display. Try to delete the folder in Windows Explorer could cause Windows to hang (even after waiting an hour) - power button reboot the only way out.

If you do get the file list to display, selecting a group of them and then pressing SHIFT-DELETE could take minutes to finally accomplish the task. Oh, and you will be limited to around a few hundred files deletion at a time (I found over about 500 caused Windows to hang) and each action will take between 1 and 5 minutes to complete. At 1 minute for 500 files, your 200k files could take seven hours just to get rid of them - then you need to find the root cause and fix that!

I did not use Windows to save that system. Instead I used a live bootable version of Linux. Even so it took a long time but I was able to restore the Windows system and user files back to pristine.

My advice: If you have a full backup, reload it. If you need to save important files first, use a live Linux disk and removable storage media to copy them first, then reload. Run an AV scan from the Linux disk to see if there are any root kits on the hard drive.

Good luck. If you drink coffee, make a full pot - you'll need it.

Regards,
GEWB

I took Lemur's advice and ran Sophos Anti-Rootkit...it's still running 24 hours later. It's currently navigating through file 40 of the 99 tmp files. Upside its moving through these files faster than Malewarebytes. However, my concern is why aren't these files popping as malicious/suspicious?

Given it takes forever for these maleware/rootkit programs to complete should I abandon the scans and just try deleting the files a chunk at a time and then run the scans? And what would be better doing shift/del or using the cmd prompt C:\Windows\Temp>del * I want to make sure these files are permanently deleted and completely erased from the system.

So far the sophos anti-rootkit scan has come up with 7 hits. Here they are:

C:\Program Files (x86)\Online Services\Skype\SkypeSetup.exe
C:\SWSetup\DVD2D3D\Setup\VC2005 SP1 Update\vcredist_x86.exe
C:\SWSetup\RoxCN\MINI\INSNTMSI.EXE
C:\SWSetup\RoxCN\NonMINI\INSNTMSI.EXE
C:\Windows\SysWOW64\atioglxx.dll
C:\Windows\System32\Driver\FileRepository\c7119506.inf_amd64_neutral_ae53531459adad61\B118739\atiogl xx.dll
C:\Windows\System32\Driver\FileRepository\c7119506.inf_amd64_neutral_ae53531459adad61\B118739\atiglp xx.dll

Anything look suspicious to you guys?

Lastly, GEWB I wanted to ask you. I have a Windows 7-64 Repair Disc, but I created it after the fact when I noticed the problems I was having. If I were to use this to reset the system, do I risk re-infecting the system since the disk was made after I found the infection? Also, can I create the Linux live boot disk on another computer? I've been trying to keep the infected PC off the network as much as a possible to reduce further infection. I would appreciate your feedback. Thank you!

Oh yeah I wanted to provide more specs on the infected machine:

HP Pavilian Dv7 Laptop
Intel i-Core 7 2nd gen.
Windows 7 Home Ed. 64-bit
750GB Hitachi HTS547575A9E384 HDD
BitDefender Total Security Suite
CCleaner

Things I've done to date to resolve this problem:
Run full AV Scan
Run CCleaner
Run Malwarebytes--had to stop scan--only found one cookie from CNET
Ran chkdsk scan--froze at Stage 1, 74% while scanning through one of the 99 tmp folders
Used TreeSize Free to locate and discover the offending tmp files
Now scanning with Sophos Anti-Rootkit

Also I just checked my internal HDD and 30 more GB were just consumed by this monster. I also plugged in my external HDD I had previously stored the windows back up on and noticed it too has been consumed, of the 500GB only 100GB are available. So whatever this is, it is within the files windows would include in their backup folders. Whatever this thing is it's nasty.

Mizzy

Hello Mizzy -

Indeed, it sounds like you have a serious problem. I'm troubled by your statement about the external drive getting filled, too. Be sure to keep that workstation OFF any network (work or home) - pull the network cable or turn off the wireless.

You posted a screen shot of the directory structure but what are the file extensions (types) in those directories? Your AV program may find them as "normal" or whatever has your system has fooled the AV program.

Your repair disk probably will not help - you need a full backup set.

It sounds like the longer the system is on the worse it gets. Cut your losses now. Burn a bootable Linux disk or USB drive and get your data files off, then wipe it and start from scratch.

Regards,
GEWB

Well GEWB you were right from the very beginning...the best advice you gave was to cut my losses. I don't know what this virus is or how it got on my system, but its wicked.

To answer your question, from what I can tell the items in each folder have no extensions or identifying markers. I looked under properties and couldn't find anything, its as if they are ghost images that are just floating on the HDD. None of the malware or temp file cleaners I've used recognize these things because they lack extensions. Also, remember when I said each of the 99 files consisted of 200k randomly named items? I was way off on that count...I didn't let the window completely load up at first when I got that figure. Each of the 99 files have over 1 million items in them! No wonder my HDD is almost gone.

So I'll be making the Linux boot drive, salvaging what I can and sending it off to my tech guy under warranty. It's his problem now :-) I just wish I could have found the source of the corruption. I'd like to know what caused this mess, so that this never ever have again. Maybe my tech guy can find out, if so I'll post back with what caused the corruption. Whatever it is, it's pretty nasty...2 computers and one external HDD have been destroyed by it.

Thanks for your help.

Mizzy

Salvage only what you really need and hope your files aren't infected.

If you ever find out what caused this, please post back and let us know.

Regards,
GEWB