Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

something is cosuming the hard drive freespace 1

Status
Not open for further replies.
ssamx39

ssamx39

Technical User
Feb 20, 2004
29
0
0
US
Help!!

I have an emergency! I have a customer with XP. Last week he had the Netsky virus and it appears to be clean from that virus.

But now, what's left of his hard drive space 300mb is being consumed by some unidentifiable virus.

I ran Stinger.exe and got nothing. I went into his prefetch folder and deleted everything and it seemed to stop it at the time, but then I told him to reboot and it is doing it again.

Any thoughts?
 
Sort by date Sort by votes
In addition to running stinger does the client have an up to date virus protection running on their system with the current virus definitions loaded. The entire system should be thoroughly scanned for viruses. There are viruses out there that will fill up the hard drive. You can also check the size of some individual folders and see if one has a large amount of data. If the culprit can't be found, then it looks like the data should be saved and the system redone. If up-to-date virus protection does not discover any virus then perhaps the client saved something very large to their computer unknowingly or lots of MP3's, pictures, movies or something.
 
Upvote 0 Downvote
Yes they have NIS and NAV and it found nothing. I kind of took a look around and his machine has only got a 10GB hard drive, but we have a utility that we can use to look at his hard drive, NW Util, CPU Util, etc, and you can literally watch the hard drive space deplete.

Here's what reloaded into prefetch when he rebooted:

csrss.exe
explorer.exe
imapi.exe
lucoms~1.exe
msiexe.exe
msmsgs.exe
ntosboot
rdpclip.exe
rstrui.exe
syseval.exe(our utility sw)
taskmgr.exe (I was running this)
tpkmapmn.exe
urllstck.exe
userinit.exe
winlogon.exe
wlanmon.exe
 
Upvote 0 Downvote
I doubt if it is a virus, although I have seen viruses do this, but they are detectable. I have a computer beside me running Windows XP Pro and Microsoft Office 2002 (complete install). I've just finished setting this PC up and I show 4.87 GB of space used. Wouldn't take too much effort to fill the hd. You may want to disable system resore and start your PC. The default tends to be about 12% of your hard drive space. Empty the system restore files and then turn it back on but for less percent of usage. System restore can take alot of space. You'll also have to show hidden files and the like. After that, check the individual folders properties to see if a particular folder is taking an inordinate amount of space. System Restore could be your culprit, though. Let me know.
 
Upvote 0 Downvote
You may be right. System restore may be consuming space given that it's a small hard drive.

Is there a way to control the system restore so that it doesn't consume so much, maybe a limit and it will clear outer all old dates except for once or twice a month on system restore dates?

I really tried to clean his system, but I really didn't see too many programs that he could remove, but I will remove what I can.

I still feel like he has some underlying issue that I am missing, but I am unsure.

When I first remoted into his system and looked at the prefetch window I saw about 12 rundll32.exe files which looked suspicious to me and so that's why I thought perhaps he had a virus.

We shall see...

Thanks for the ideas.
 
Upvote 0 Downvote
This is a handy program for monitoring folder size and disk space, with plenty of graphs and charts to help you see how big individual drives or folders are.



Removing adware & spyware
Before Posting a Hijack log file - Best Practices
faq608-4650
 
Upvote 0 Downvote
Linney,

That's an awesome utility. Here's a star for you!

============================
There is no place like 127.0.0.1
 
Upvote 0 Downvote
Turn Off System Restore
To turn off System Restore, follow these steps:
Click Start, then right-click My Computer, and then click Properties.
First, turn off System Restore
Click the System Restore tab.
Click to select the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
Click Yes when you receive the prompt to the turn off System Restore.
Then restart your system. This should clear system restore.
Turn On System Restore and set the percentage of disk usage. You'll see the slide. I think 5% is plenty, if you need to use it at all.
To turn on System Restore, follow these steps:
Click Start, then right-click My Computer, and then click Properties.
Click the System Restore tab.
Click to clear the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
 
Upvote 0 Downvote
Run the Disk Cleanup tool and use the "More Options" tab to remove all but the most recent restore point.


You don't really want Restore Points going back too far as they will more than likely uninstall all programs or settings you have changed since your "go back point" causing you more problems than it may fix.

The average restore point is 25mb+ with a "first in, first out" policy on restore points. They contain mainly deleted or altered exe, dlls, shortcuts and a registry backup and user profile details. They do not contain users data.

Keeping restore points for a week seems adequate. Amount of disk space used depends on the size of your restore points. Some restore points can be as large as 500mb after major alterations to a system (ie a new service pack or several hefty program installs, or running SFC /Scannow).






300044 - How the System Restore Tool Handles Hard-Disk Space Usage

315688 - How to Locate and Correct Disk Space Problems on NTFS Volumes in Windows XP

300044 - How the System Restore Tool Handles Hard-Disk Space Usage

310312 - Description of the Disk Cleanup Tool in Windows XP

To access individual restore point folders your permissions must be correctly set.

Dont forget to check out these locations for user temp files.
C:\Documents and Settings\Usernamexxxx\Local Settings\Temp
 
Upvote 0 Downvote
Thanks all for your replies. I tried everything you ask, and I think what it really comes down to is that his hard drive is full.

Now I'm still seeing this bizarre cycle where the I can watch his free space deplete with my utility monitoring tool and about every 2 minutes Windows XP warns several time that "you are running out of disk space". It does this a few times until the free space goes down to 0, then it flips back up to what he acutally has left (300MB) and it starts depleting again going through the same vicious cycle over and over again. This I cannot explain.

His Hard drive is actually 30GB, but for some reason his C:\drive is only 10GB and his D:\drive is 30GB. He wants to unpartition his drive, but I don't offer that kind of support so he is on his own in that department. He had downloaded some partition management software to do this, but I do not know what he has done on that.

So, although I appreciate everyone's help, I have no real solution for this person other than take it to a local technician shop and have them look it over.

Thanks everyone!!
 
Upvote 0 Downvote
300 MB free is unstable under XP with a 40 Gig. drive. The OS allocation when the drive was partitioned was too small.

You can "fix" some of this.

Things that will help:

. Move the paging file to drive D:
. Move large Office-type software suites to D:
. If he shares printers, move the spooler files to drive D:
. Move the user profiles to Drive D:

See, as a start:

General and specific advice about virtual memory:

Pagefile.sys and Spooler:

Move your large Software Applications/Suites:
If you need to, uninstall large office suites, and reinstall on Drive D.

You will be amazed how much temporary storage is demanded from the install location of most suites.

Move your Shell Folders:

Essentially, the machine will be unstable under XP with only 300 MB free. Next time, do a 15/20 at least split of the 40 Gig. drive between OS and data/large applications.

Best,
Bill
 
Upvote 0 Downvote
I agree with you Bill. I would never allocate a hard drive in that manner and I would certainly try to balance my drives with data instead of filling up the smallest one first. I did not allocate his hard drive space. Whomever he bought the PC from his who set that up.

Unstable makes sense.

Since it is his personal machine and I am only a network administrator via phone support I am limited to my support level.

I spent 4+ hours working on his machine and decided that he could do better by finding a local technician to solve his issues.

Thanks again!!

 
Upvote 0 Downvote
285107 - Description of the Low Disk Space Notification in Windows XP




Maybe you should just advise him to install a second hard drive, then backup and save his important data then have him reformat and partition his current drive again, with a fresh install of XP.

HOW TO: Partition and Format a Hard Disk in Windows XP (Q313348)

Read the paragraph,
"How to Partition and Format Your Hard Disk by Using Windows XP Setup."


For more help (shows enlargeable screenshots) go here.

 
Upvote 0 Downvote
ssamx39,

I understand.

The steps suggested are too difficult to do by phone.
Hey... Remote Desktop.
(Just kidding).

When in your original query you said there were 12 rundll32's running, my instinct was: clean install.

It is maddening to me personally to see people slavishly follow the MS "minimum requirements". For the average user, the OS partition on drives should be:

. < 60 gigabytes, no partitions, unless it really helps for backups. In that case, 15 for the OS, remainder for data.
. > 60, a partition of 20 for the OS, and do what you will with the rest.

My sympathies,
Bill









 
Upvote 0 Downvote
Bill,

To my dismay, I did remote desktop in because I'm from Missouri "the Show-me State" and I had to see it to believe it!!

I'm really surprised at some of the stuff that I see. I love a challenge, but I get very angry when I get stumped.

Carrie (ssamx39)
 
Upvote 0 Downvote
ssamx39,

Carrie, you have to be on site to "solve" this no matter what, but if you can by phone move the pagefile it would give you a lot of breathing room.

Think of the most thorough "can follow spoken instructions" person, and and on the phone resolve the pagefile move.

May save you a trip. After the pagefile move, walk them through the reboot, and then a Disk Cleanup.

Best,
Bill

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

grnzbra
  • Locked
  • Question
Formatting Full Hard Drive 1
Replies
7
Views
276
austinpctech
austinpctech
hamburg18w
  • Locked
  • Question
Task Host is Stopping the Shutdown
Replies
1
Views
357
Ign3us
Ign3us
Sebastian42
  • Locked
  • Question
Getting a drive REdetected
Replies
18
Views
383
Rick998
Rick998
dpellegrini
  • Locked
  • Question
Unable to map a drive
Replies
12
Views
290
dpellegrini
dpellegrini
pmonett
  • Locked
  • Question
What is this now ? 1
Replies
8
Views
566
pmonett
pmonett

Part and Inventory Search

Sponsor

Back
Top