New Virus?

[Ginmill]

Got a message that I was running low on disk space. So I tried to run ccleaner and it looked like it locked up on some strange files at 33%. Tried to look at winderstat and that locked up too. Went back to ccleaner and it stopped at 33% again but looked where it locked up. c:\windows\temp inside there I had over 300,000 files with various sizes. Highlighted them and deleted it was over 200 gb of space they were taking up. The files started off with 7zip_open_ then with a 15 digit number after that. I check to see if I had 7zip installed but I didn't. After a day went by the files never came back. On the second day after removing the files 6 more appeared with the 7zip_open_ with about 15 digits after it. Ive ran malwarebytes, mse, and vipre av none of which found anything. Now I have been getting internet issues ie very slow downloading of youtube videos and complete drop from the internet. Oh also I have ran hijackthis and check a few places and everything is fine there too. Anyone know what else I can do?

 

[JMH]

Got a message that I was running low on disk space. So I tried to run ccleaner and it looked like it locked up on some strange files at 33%. Tried to look at winderstat and that locked up too. Went back to ccleaner and it stopped at 33% again but looked where it locked up. c:\windows\temp inside there I had over 300,000 files with various sizes. Highlighted them and deleted it was over 200 gb of space they were taking up. The files started off with 7zip_open_ then with a 15 digit number after that. I check to see if I had 7zip installed but I didn't. After a day went by the files never came back. On the second day after removing the files 6 more appeared with the 7zip_open_ with about 15 digits after it. Ive ran malwarebytes, mse, and vipre av none of which found anything. Now I have been getting internet issues ie very slow downloading of youtube videos and complete drop from the internet. Oh also I have ran hijackthis and check a few places and everything is fine there too. Anyone know what else I can do?

Ginmill,
You might care to run SUPERAntiSpyware Online Safe Scan to see if it flushes anything out.
SUPERAntiSpyware.com - Online Scanner

 

[not so gray matter]

That and download another anti-virus just to make sure Vipre isn't missing anything. MSE works well at detection, so does Avast, either should confirm no viruses. G-DATA is the best according to av-comparatives but it costs $.

 

[malexous]

Hitman Pro

 

[not so gray matter]

Malwarebytes' might work better than HT Pro but it's probably a toss up.

 

[malexous]

They have already tried Malwarebytes.

Also, a-squared Free has a much better detection rate than Malwarebytes but its process (<1MB RAM) is always running even with the program shut down.

 

[Corrine]

Hi, Ginmill.

You may want to start with a temp file cleaner. I suggest that you download ATF Cleaner by Atribune from ATF-Cleaner.exe - www.atribune.org . Save it to your Desktop.

Run ATF Cleaner

• Double-click ATF-Cleaner.exe to run the program.
• Click Select All found at the bottom of the list.
• Click the Empty Selected button.
• Click Exit on the Main menu to close the program.
• Shutdown/restart the computer.

Next, I believe an online scan is in order. Instructions follow for both ESET and F-Secure. I suggest one or both.

Please go to Free ESET Online Antivirus Scanner to run an on-line scan from ESET.

• Note: It is easiest if you use Internet explorer for this scan. (If you use an alternate browser, it will be necessary to download the ESET Smart Installer)
• Turn off the real time scanner of any existing antivirus program while performing the online scan
• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the activex control to install
• Click Start
• Make sure that the Scan Archives option is ticked.
• Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
• Click Scan
• Wait for the scan to finish
• Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
• Copy and paste that log as a reply to this topic and also let me know how things are now.

Please go here and run an on-line scan with the F-Secure scanner .

• Use IE (Internet Explorer), accept the license terms, and allow the Active-X controls to load.
• Click Full System Scan and allow the components to download and the scan to complete.2
• If malware is found during the scan, check Submit samples to F-Secure and Automatic cleaning.
• When the scan has finished, click the Show Report button and copy and paste the entire report in your next reply.

Please let us know how you make out.

 

[fseal]

A little spelunking of the files themselves might point to the cause. Someone the other day had some program he got that created something like a single 260 gig log file inthe temp folder.

SO it may not be virus related at all, just some out of control program you have onyour machine on purpose.
If a huge number of files all seem to have the same or very similar names, opening them in a binary editor or using "strings" on the file or even googling the name might point to the culprit.

Using the resource monitor on the task manager/performance tab can also catch programs that are writing to files frequently, though you may have to leve it open for a while watching it closely to catch the event in progress...