very large protected operation system file in windows folder

[Mohammadreza 0]

Hi Guys
i have very large protected operation system file in windows folder and i cant delete them, my drive C is always full after restarting , i tried to find the problem by installing Eset node 32 but it cant detect the problem , im in windows 10.

here is the screen shot :

im also tried to change the attrib of those file with cmd but its not working too ( i guess its because the name of those file , i cant get that by drag them into cmd) :

also i tried to removing them in safe mode , and its not working too .
is there any solution for fix this problem ? i cant find the problem.

[Marcos 5,074]

First of all I'd check the disk for errors by running chkdsk. Attrib won't work as the characters are obviously garbled in the command-line window.

[Mohammadreza 0]

1 hour ago, Marcos said:

First of all I'd check the disk for errors by running chkdsk. Attrib won't work as the characters are obviously garbled in the command-line window.

i checked this , and i got no error :

C:\>chkdsk
The type of the file system is NTFS.

WARNING!  /F parameter not specified.
Running CHKDSK in read-only mode.

Stage 1: Examining basic file system structure ...
  961792 file records processed.
File verification completed.
  15589 large file records processed.
  0 bad file records processed.

Stage 2: Examining file name linkage ...
  1175130 index entries processed.
Index verification completed.
  0 unindexed files scanned.
  0 unindexed files recovered to lost and found.

Stage 3: Examining security descriptors ...
Security descriptor verification completed.
  106670 data files processed.
CHKDSK is verifying Usn Journal...
  38486784 USN bytes processed.
Usn Journal verification completed.

Windows has scanned the file system and found no problems.
No further action is required.

 243734527 KB total disk space.
 239855300 KB in 782831 files.
    434496 KB in 106671 indexes.
         0 KB in bad sectors.
   1076895 KB in use by the system.
     65536 KB occupied by the log file.
   2367836 KB available on disk.

      4096 bytes in each allocation unit.
  60933631 total allocation units on disk.
    591959 allocation units available on disk.

[cyberhash 188]

Task manager in windows 10 will let you see which process is writing to the hard disk and can maybe narrow it down from there

[Mohammadreza 0]

1 hour ago, cyberhash said:

Task manager in windows 10 will let you see which process is writing to the hard disk and can maybe narrow it down from there

i checked that but there is nothing important , it write the file when i restarting the windows , for example before restart i have 2 gb after restart it shows 100 mg on Drive C :

[persian-boy 22]

You can force remove every folder, file and reg key with a tool call PC Hunter. BTW since you have such thing with Chinese name I'm thinking that maybe your windows is infected!
Did you install the Chinese version of windows?!the picture show they are system files!

Edited November 13, 2017 by persian-boy

[Mohammadreza 0]

1 hour ago, persian-boy said:

You can force remove every folder, file and reg key with a tool call PC Hunter. BTW since you have such thing with Chinese name I'm thinking that maybe your windows is infected!
Did you install the Chinese version of windows?!the picture show they are system files!

i tried pc hunter , but it cant delete them too .

no i didnt install chinese version .

[itman 1,659]

At least four of the suspect files in the Win directory are the same size.

I would say you have a very infected system since malware files have been installed in at least one Win OS directory.

I would back up all your personal files to external disk. Then "wipe" your HDD/SDD using one of the bootable disk wipe utilities. Then reinstall the OS. Before you restore any of the personal files backed up, ensure you scan then with a good AV product.

You could be "fooling around" for days or weeks trying to remove all malware traces and system changes done by same. After all that your OS could still be "borked" and not run right. 

[persian-boy 22]

listen to what our dear friend Itman said.also, reset the MBR and flush the Bios(if you want to make sure everything is ok!).

[Mohammadreza 0]

2 hours ago, itman said:

At least four of the suspect files in the Win directory are the same size.

I would say you have a very infected system since malware files have been installed in at least one Win OS directory.

I would back up all your personal files to external disk. Then "wipe" your HDD/SDD using one of the bootable disk wipe utilities. Then reinstall the OS. Before you restore any of the personal files backed up, ensure you scan then with a good AV product.

You could be "fooling around" for days or weeks trying to remove all malware traces and system changes done by same. After all that your OS could still be "borked" and not run right. 

im so confused why node32 cant detect and remove that , if i format my sdd it will gone ? i just worry if it cant detect that malware after reinstall windows again , could you tell me which malware remove software is better than others ?

thanks alo

[Daedalus 16]

What you can do is take an "second opinion" and install and scan your system with https://www.malwarebytes.com/

But if that does not find anything that explains this, you should take the advice of Itman

Edited November 13, 2017 by Daedalus

[persian-boy 22]

Because Eset is not responsible for your fault!I'm sure you installed smth infected or did smth wrong( like Opened an infected Microsoft office or email attachment? or probably the SDD was already infected?Avs are not responsible for flash and SDD) personally I never see such thing in my life!
Get the Hash of those files and search the google for it. or try to ask for some help in bleeping computer forums.
The best way is to wipe your Hard drive!otherwise, you have to waste a lot of time...

[Mohammadreza 0]

14 hours ago, persian-boy said:

Because Eset is not responsible for your fault!I'm sure you installed smth infected or did smth wrong( like Opened an infected Microsoft office or email attachment? or probably the SDD was already infected?Avs are not responsible for flash and SDD) personally I never see such thing in my life!
Get the Hash of those files and search the google for it. or try to ask for some help in bleeping computer forums.
The best way is to wipe your Hard drive!otherwise, you have to waste a lot of time...

its not about finding who is guilty dude , i know i can fix this by format my hard and reinstalling windows , i want to help users who will have same problem like me in future by sharing my problem .

anyway thanks for help

Edited November 14, 2017 by Mohammadreza

[peteyt 393]

34 minutes ago, Mohammadreza said:

its not about finding who is guilty dude , i know i can fix this by format my hard and reinstalling windows , i want to help users who will have same problem like me in future by sharing my problem .

anyway thanks for help

As mentioned try downloading malwarebytes. You could always email the files to eset for analysis https://support.eset.com/kb141/?locale=en_US

[Mohammadreza 0]

2 hours ago, peteyt said:

As mentioned try downloading malwarebytes. You could always email the files to eset for analysis https://support.eset.com/kb141/?locale=en_US

i tried malwarebytes too, and cant detect the virus , the file size is so huge , i cant upload them , also i cant find the source of that virus .

Edited November 14, 2017 by Mohammadreza

[galaxy 11]

33 minutes ago, Mohammadreza said:

Ich habe malwarebytes auch versucht, und kann den Virus nicht ermitteln, die Dateigröße ist so riesig, ich kann sie nicht hochladen, auch ich kann die Quelle dieses Virus nicht finden.

I would recommend you EMSISOFT 

[galaxy 11]

I would recommend you EMSISOFT

[persian-boy 22]

Malwarebytes cant helps you because it is not strong.You can try Hitman pro or NPE but if they also cant detect it then nothing can.you can also right-click the file and check for the reputation! maybe its already  in Eset database.

Edited November 14, 2017 by persian-boy

[itman 1,659]

3 hours ago, Mohammadreza said:

its not about finding who is guilty dude , i know i can fix this by format my hard and reinstalling windows , i want to help users who will have same problem like me in future by sharing my problem .

anyway thanks for help

The problem is the longer malware is installed, the more entrenched and damaging it can become. For example, you might have one or more backdoors installed. It is almost impossible to detect a backdoor unless a formal signature has been developed. The only way to detect hidden backdoors is via strict outbound network connection monitoring.

[peteyt 393]

7 hours ago, Mohammadreza said:

i tried malwarebytes too, and cant detect the virus , the file size is so huge , i cant upload them , also i cant find the source of that virus .

Is there any information if you go to the files properties?

[Mohammadreza 0]

2 minutes ago, peteyt said:

Is there any information if you go to the files properties?

no there is no information

[itman 1,659]

Try Comodo's Cleaning Essentials: https://www.comodo.com/business-security/network-protection/cleaning-essentials.php . Does not support Win 10.

[novice 20]

Hi Mohammadreza,

You can clearly see that every body here is guessing: try this, try that, "Malwarebytes cant helps you because it is not strong" said another "contributor"

If the damage is beyond recovery , for your peace of mind reinstall Windows, make an image for future and start clean.

 

[peteyt 393]

Just wondering if you have any chinese software, language packs etc. Can you open the files in anything like notepad?