Is this normal?!

[imhotepp]

just got done fixing up a friend's computer. It had a few nasties taking it over, got rid of them but couldn't figure out what was taking up all of the hard drive space.

Downloaded a program called Sequoia view or something like that where you can see the roots of your drive and actually tell what program, etc was using what kind of space.

Found out that it was Norton's quarantine that was using up 170 of the 181 gigs! Downloaded their removal tool and all the space is back, I can't believe that that is normal? Maybe they didn't have it set up to delete rather than quarantine? I don't use Norton's so I wouldn't know.

Anyways, thought it was kinda interesting

[Istik]

Thats not normal. Even though stuff stored in quarantine is uncompressed, the only way you could get that much data is if every file on the PC was infected or the virus was creating fake files (duplicating) endlessly.

it's often quicker and easier to format the PC after a nasty virus attack, as you can never be quite sure you've got them all, even after hours of work and special software. If there is just one infected file left that norton doesnt detect (very likely), then that is all it will take.

If i was you, id backup all that needs to be backed up, and reinstall windows fresh. Then scan all the files using an online scanner www.antivirus.com before running any of them.

If you must keep it, be sure to reinstall norton, as often the antivirus itself can become infected.

[Toucan]

norton screwed me up a year or so ago
and yeah, i found out the back up was using 60gb of my harddrive

[imhotepp]

Thats not normal. Even though stuff stored in quarantine is uncompressed, the only way you could get that much data is if every file on the PC was infected or the virus was creating fake files (duplicating) endlessly.

it's often quicker and easier to format the PC after a nasty virus attack, as you can never be quite sure you've got them all, even after hours of work and special software. If there is just one infected file left that norton doesnt detect (very likely), then that is all it will take.

If i was you, id backup all that needs to be backed up, and reinstall windows fresh. Then scan all the files using an online scanner http://www.antivirus.com before running any of them.

If you must keep it, be sure to reinstall norton, as often the antivirus itself can become infected.

I used ad-aware, spybot search & destroy and hijackthis. Then ran scans with trend micro housecall, ewido and then Kaspersky. Looked like everything was found that needed to be found.....we'll see. My friend has kids, so I'm sure I'll see it again in the near future. I also installed AVG on it rather than putting Norton's back on to it.

[gelfling]

After reading your posts, I highly recommend following Istik's advice and formatting the HDD. It's the only way to be sure.

Give NOD32 a go. AVG stands for average imho, I moved to NOD32 about two years ago and I haven't looked back. It's a light application, has good support, is reasonably priced and has a clear licensing programme.

[imhotepp]

I'll tell her to keep a close eye on it and if it does appear to be still alive, I'll kill it with the reformat.

Thanks for the help guys!

[Istik]

You may also want to manually check with some sysinternals tools from MS. Autoruns and Process Explorer. Autoruns will allow you to see everything that starts up with windows, in various categories. Though it can be difficult to know whats bad and what isnt. Process Explorer will allow you to see if there are any unknown dlls attached to any process running in the background.

Anti-viral software is a good preventative but not a good cure. Best cure is a format, because there's just so many ways to get reinfected.

[imhotepp]

You may also want to manually check with some sysinternals tools from MS. Autoruns and Process Explorer. Autoruns will allow you to see everything that starts up with windows, in various categories. Though it can be difficult to know whats bad and what isnt. Process Explorer will allow you to see if there are any unknown dlls attached to any process running in the background.

Anti-viral software is a good preventative but not a good cure. Best cure is a format, because there's just so many ways to get reinfected.

thanks for the tip sir! I may have to check that out for my own....I'm done with that one for now

Have you ever tried Hijackthis? Nice program to see what is lurking in the dark too.

If it was my machine, I would have reformatted and started fresh.

[Istik]

You may also want to manually check with some sysinternals tools from MS. Autoruns and Process Explorer. Autoruns will allow you to see everything that starts up with windows, in various categories. Though it can be difficult to know whats bad and what isnt. Process Explorer will allow you to see if there are any unknown dlls attached to any process running in the background.

Anti-viral software is a good preventative but not a good cure. Best cure is a format, because there's just so many ways to get reinfected.

thanks for the tip sir! I may have to check that out for my own....I'm done with that one for now

Have you ever tried Hijackthis? Nice program to see what is lurking in the dark too.

If it was my machine, I would have reformatted and started fresh.

Yes, and I make use of most the software you listed, but they wont detect everything, so sometimes manually searching through stuff is the only way.

[eirykhi]

is she running wireless ?

[imhotepp]

is she running wireless ?

No, I think she has cable internet?

[imhotepp]

You may also want to manually check with some sysinternals tools from MS. Autoruns and Process Explorer. Autoruns will allow you to see everything that starts up with windows, in various categories. Though it can be difficult to know whats bad and what isnt. Process Explorer will allow you to see if there are any unknown dlls attached to any process running in the background.

Anti-viral software is a good preventative but not a good cure. Best cure is a format, because there's just so many ways to get reinfected.

thanks for the tip sir! I may have to check that out for my own....I'm done with that one for now

Have you ever tried Hijackthis? Nice program to see what is lurking in the dark too.

If it was my machine, I would have reformatted and started fresh.

Yes, and I make use of most the software you listed, but they wont detect everything, so sometimes manually searching through stuff is the only way.

Yeah, I hear ya. Hopefully she is clean now. I looked through the running programs using msconfig and didn't see anything out of the ordinary after all of the scans, etc.. I also ran another hijackthis scan and didn't see anything there either, but we'll see.

I'll take your advice if it does come back for a visit, but I hope not anytime soon

[Istik]

Yeah, I hear ya. Hopefully she is clean now. I looked through the running programs using msconfig and didn't see anything out of the ordinary after all of the scans, etc.. I also ran another hijackthis scan and didn't see anything there either, but we'll see.

I'll take your advice if it does come back for a visit, but I hope not anytime soon

Worth using those on your own PC, just to check