Jump to content

very large protected operation system file in windows folder


Recommended Posts

Hi Guys
i have very large protected operation system file in windows folder and i cant delete them, my drive C is always full after restarting , i tried to find the problem by installing Eset node 32 but it cant detect the problem , im in windows 10.

here is the screen shot :
Error.jpg

im also tried to change the attrib of those file with cmd but its not working too ( i guess its because the name of those file , i cant get that by drag them into cmd) :
Error2.jpg

also i tried to removing them in safe mode , and its not working too .
is there any solution for fix this problem ? i cant find the problem.

Link to comment
Share on other sites

  • Administrators

First of all I'd check the disk for errors by running chkdsk. Attrib won't work as the characters are obviously garbled in the command-line window.

Link to comment
Share on other sites

1 hour ago, Marcos said:

First of all I'd check the disk for errors by running chkdsk. Attrib won't work as the characters are obviously garbled in the command-line window.

i checked this , and i got no error :

C:\>chkdsk
The type of the file system is NTFS.

WARNING!  /F parameter not specified.
Running CHKDSK in read-only mode.

Stage 1: Examining basic file system structure ...
  961792 file records processed.
File verification completed.
  15589 large file records processed.
  0 bad file records processed.

Stage 2: Examining file name linkage ...
  1175130 index entries processed.
Index verification completed.
  0 unindexed files scanned.
  0 unindexed files recovered to lost and found.

Stage 3: Examining security descriptors ...
Security descriptor verification completed.
  106670 data files processed.
CHKDSK is verifying Usn Journal...
  38486784 USN bytes processed.
Usn Journal verification completed.

Windows has scanned the file system and found no problems.
No further action is required.

 243734527 KB total disk space.
 239855300 KB in 782831 files.
    434496 KB in 106671 indexes.
         0 KB in bad sectors.
   1076895 KB in use by the system.
     65536 KB occupied by the log file.
   2367836 KB available on disk.

      4096 bytes in each allocation unit.
  60933631 total allocation units on disk.
    591959 allocation units available on disk.

Link to comment
Share on other sites

1 hour ago, cyberhash said:

Task manager in windows 10 will let you see which process is writing to the hard disk and can maybe narrow it down from there

i checked that but there is nothing important , it write the file when i restarting the windows , for example before restart i have 2 gb after restart it shows 100 mg on Drive C :

Problem2.jpg

Link to comment
Share on other sites

You can force remove every folder, file and reg key with a tool call PC Hunter. BTW since you have such thing with Chinese name I'm thinking that maybe your windows is infected!
Did you install the Chinese version of windows?!the picture show they are system files!

Edited by persian-boy
Link to comment
Share on other sites

1 hour ago, persian-boy said:

You can force remove every folder, file and reg key with a tool call PC Hunter. BTW since you have such thing with Chinese name I'm thinking that maybe your windows is infected!
Did you install the Chinese version of windows?!the picture show they are system files!

i tried pc hunter , but it cant delete them too .

no i didnt install chinese version .

Link to comment
Share on other sites

At least four of the suspect files in the Win directory are the same size.

I would say you have a very infected system since malware files have been installed in at least one Win OS directory.

I would back up all your personal files to external disk. Then "wipe" your HDD/SDD using one of the bootable disk wipe utilities. Then reinstall the OS. Before you restore any of the personal files backed up, ensure you scan then with a good AV product.

You could be "fooling around" for days or weeks trying to remove all malware traces and system changes done by same. After all that your OS could still be "borked" and not run right. 

Link to comment
Share on other sites

2 hours ago, itman said:

At least four of the suspect files in the Win directory are the same size.

I would say you have a very infected system since malware files have been installed in at least one Win OS directory.

I would back up all your personal files to external disk. Then "wipe" your HDD/SDD using one of the bootable disk wipe utilities. Then reinstall the OS. Before you restore any of the personal files backed up, ensure you scan then with a good AV product.

You could be "fooling around" for days or weeks trying to remove all malware traces and system changes done by same. After all that your OS could still be "borked" and not run right. 

im so confused why node32 cant detect and remove that , if i format my sdd it will gone ? i just worry if it cant detect that malware after reinstall windows again , could you tell me which malware remove software is better than others ?

thanks alo

Link to comment
Share on other sites

Because Eset is not responsible for your fault!I'm sure you installed smth infected or did smth wrong( like Opened an infected Microsoft office or email attachment? or probably the SDD was already infected?Avs are not responsible for flash and SDD) personally I never see such thing in my life!
Get the Hash of those files and search the google for it. or try to ask for some help in bleeping computer forums.
The best way is to wipe your Hard drive!otherwise, you have to waste a lot of time...

Link to comment
Share on other sites

14 hours ago, persian-boy said:

Because Eset is not responsible for your fault!I'm sure you installed smth infected or did smth wrong( like Opened an infected Microsoft office or email attachment? or probably the SDD was already infected?Avs are not responsible for flash and SDD) personally I never see such thing in my life!
Get the Hash of those files and search the google for it. or try to ask for some help in bleeping computer forums.
The best way is to wipe your Hard drive!otherwise, you have to waste a lot of time...

its not about finding who is guilty dude , i know i can fix this by format my hard and reinstalling windows , i want to help users who will have same problem like me in future by sharing my problem .

anyway thanks for help

Edited by Mohammadreza
Link to comment
Share on other sites

  • Most Valued Members
34 minutes ago, Mohammadreza said:

its not about finding who is guilty dude , i know i can fix this by format my hard and reinstalling windows , i want to help users who will have same problem like me in future by sharing my problem .

anyway thanks for help

As mentioned try downloading malwarebytes. You could always email the files to eset for analysis https://support.eset.com/kb141/?locale=en_US

Link to comment
Share on other sites

2 hours ago, peteyt said:

As mentioned try downloading malwarebytes. You could always email the files to eset for analysis https://support.eset.com/kb141/?locale=en_US

i tried malwarebytes too, and cant detect the virus , the file size is so huge , i cant upload them , also i cant find the source of that virus .

Edited by Mohammadreza
Link to comment
Share on other sites

33 minutes ago, Mohammadreza said:

Ich habe malwarebytes auch versucht, und kann den Virus nicht ermitteln, die Dateigröße ist so riesig, ich kann sie nicht hochladen, auch ich kann die Quelle dieses Virus nicht finden.

I would recommend you EMSISOFT ;)

Link to comment
Share on other sites

Malwarebytes cant helps you because it is not strong.You can try Hitman pro or NPE but if they also cant detect it then nothing can.you can also right-click the file and check for the reputation! maybe its already  in Eset database.

Edited by persian-boy
Link to comment
Share on other sites

3 hours ago, Mohammadreza said:

its not about finding who is guilty dude , i know i can fix this by format my hard and reinstalling windows , i want to help users who will have same problem like me in future by sharing my problem .

anyway thanks for help

The problem is the longer malware is installed, the more entrenched and damaging it can become. For example, you might have one or more backdoors installed. It is almost impossible to detect a backdoor unless a formal signature has been developed. The only way to detect hidden backdoors is via strict outbound network connection monitoring.

Link to comment
Share on other sites

  • Most Valued Members
7 hours ago, Mohammadreza said:

i tried malwarebytes too, and cant detect the virus , the file size is so huge , i cant upload them , also i cant find the source of that virus .

Is there any information if you go to the files properties?

Link to comment
Share on other sites

Hi Mohammadreza,

You can clearly see that every body here is guessing: try this, try that, "Malwarebytes cant helps you because it is not strong" said another "contributor" :D

If the damage is beyond recovery , for your peace of mind reinstall Windows, make an image for future and start clean.

 

Link to comment
Share on other sites

  • Most Valued Members

Just wondering if you have any chinese software, language packs etc. Can you open the files in anything like notepad?

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...