PDA

View Full Version : C Drive Suddenly Full



Brina
09-10-2002, 07:04 AM
Hello! A few months ago, my dad's computer had the klez virus. His C drive got full and he kept getting the message that Windows did not have enough space to open programs. I searched and found all the "wink" and "wqk" files and deleted them. I also deleted all programs created within a month (when he got the virus). This cleared out most of the hard drive spaceand the computer then ran like new. We thought the virus was gone. Now it's back. The computer is completly full again and everything runs slow. Yesterday I searched the files and the registry and found a few wink and wqk files, but not many. After deleting them, the hard drive space wasn't affected. It was still full. I tried searching for programs created recently, but there weren't any. I downloaded one of the programs to clean the klez virus out, but that didn't work either. Does anyone know how to manually delete this virus (and the programs it has created) for good? Thanks!

classicsoftware
09-10-2002, 08:27 AM
Please read this: (http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.h@mm.html)

Budfred
09-10-2002, 10:28 AM
It is a growing consensus of many on this forum that the best way to deal with the Klez is to reformat and reload. Klez (and a number of other nasties) tends to be very difficult to remove completely. I cleaned up a computer for a friend and after spending hours trying to clean it out, I ended up starting over. You can try the Klez removal tools, but I have heard several people saying they don't get it all and you never know when an important file will turn out to be corrupt. :(

Whatever you decide, Good Luck,
Budfred

mjc
09-10-2002, 11:39 AM
I found that it is especially true if you use ME or XP (cleaning all of Klez), because of the system restore feature. Most of the tools tell you to temporarily disable the restore but not all specify to get rid of all the restore files. Plus I have found that some times even after you "delete" the restore files in ME they are still there. (Found this after booting to a 98 bootdisk and looking at the _restore folder in DOS, after deleting it in ME). Klez is also one of those that has several variants that each do something a little different than each other, so if you are using the removal tool for klez.f on klez.h it may not get it all, sometimes you just find out you have klez and not what variant(version). Also some versions tend to stay around "hiding", or quietly waiting for a few days/weeks before doing its dirty deeds.

classicsoftware
09-10-2002, 10:53 PM
I would try the Norton manual removal. I have luck where the manual removal followed by a full scan and replacement of damaged files will work. Other times, you just have to bite the bullet and reinstall the OS.

Paul Komski
09-11-2002, 08:31 PM
Something I only recently found (in my case using ME) is that by default NAV does not scan the Restore Files. This explains why some people have been mystified by AVG finding viruses in the Restore Files, while NAV had indicated a clean system!! ;)

Bogart101
09-12-2002, 03:04 AM
IVE encountered the same problem or virus before and i end up formating my hardrive. what i did at first was to download the tools SYMANTEC has provided and run the tools on my Computer but that doesnt solve my problem. the cp work smoothly for a couple of days and suddenly mess up again and so i run up the tools again and this time i save some (not an *.exe file) of my files and then i end up formatting my hardrive.
If you still have cure by not formatting your harddrive, then formatting is your last option.
Better download a "zero fill utily" before formatting for it completely wash out the jerk out of your harddrive cause sometimes the virus hides itself on the boot sector and even a plain formatting will not completely remove it.

so goodluck buddy! hope this add an info on you.

thanks.