As before, the
As you know, the
As a driver developer and antivirus researcher and developer I have certain methods to try and find out things. I tend to use out-of-the-box software for a first diagnosis. Since the user gave me temporary access to his machine via UltraVNC after a long chat session, I got the chance to look at it by myself. Mostly the user got to control his machine by himself, and we kept talking via chat. The first suggestion was to have certain tools downloaded from Sysinternals (now Microsoft Technet). Among them was the well-known Rootkit Revealer, Process Explorer and AutoRuns. Amazingly the Rootkit Revealer spotted the culprit quickly. Several files and folders were hidden from normal enumeration with Windows functions and suggested (by name and size) to be backups. Also the number of these files and their size matched the
The culprit - revealed through the folders named “RRestore” - was a program called “Rapid Restore” delivered with many IBM/Lenovo notebooks, as it seems. This program, for whatever reason, hides its backups from the user by means reminiscent of kernel mode rootkits and allows restoration of backups through some tool also delivered in the software bundle of the notebooks. So this is yet another software causing
I personally prefer backup software which I control, not the benevolent vendor of the machine I have bought.
// Oliver
Hi Oliver, I guess I was another one wondering what to do with the , I downloaded the rootkit revealer but it refuses to run on vista premium 64, also got the other two programs you suggested but they are way above my comprehension…any suggestions.
Thanks
MY computer lists the drive as using 79GB and windirstat is listing it as 32.4. Rootkit does not work on vista 64. Any ideas?
I should point out that this is not the unknown issue. That is only 1.6 GB
Hi Oliver,
I have a similar problem. Lately I’ve noticed that space is disappearing from drive C, and I think some program is causing this.
My partition C is 5 Gb, and all files and folders are all together 2.5 Gb. Still there is only 300 Mb left, and the space becomes smaller and smaller.
About 8 months ago the remaining space was about 2.5 Gb.
My recycle bin is empty, and I can see all system/hidden files.
Your program now shows about 2.3 Gb unknown space.
I’ve tried to run Rootkit. It shows nothing related to the problem.
It must be that some program reserves space withought returning it when done.
The same procedure is used when there are errors on the disk. The bad space is blocked. But this disk has no errors. Maybe some hd tool can release that space back?
It’s 2 dynamic disks that are mirrored. Running w2k server.
I’ve tried Checkdisk from within System properties with no luck.
Do you think a chkdsk /f c: with restart could do it, even if it is blocked like bad space?
I was able to fix my problem. I am not sure exactly what worked because it didn’t happen until I restarted. I didn’t have windows back up enabled but I ran some command line I found on the web to limit the size to 2 GB and that might be what worked.