Security Basics mailing list archives

Re: Hard Drive keeps filling up

From: Birl <sbirl () temple edu>
Date: Tue, 23 Sep 2003 12:06:55 -0400 (EDT)

As it was written on Sep 22, thus Harris Samuel W PORT typed:

[snip large amount of text.  In a nutshell, a tmp file is eating up hard
 drive space]


Download and execute FileMon from SysInternals.com

Configure FileMon to watch the partition on which the temp file is located
on.

Start FileMon running and see what process has that file open.

From there you check that program against a Windows rootkit checker.


Run 'strings' (if it exists on Windows, otherwise install Cygwin) against
the program and what interesting words appear in the binary.

Cant wait to see what you come up with.


HTH


 Scott Birl                              http://concept.temple.edu/sysadmin/
 Senior Systems Administrator            Computer Services   Temple University
====*====*====*====*====*====*====*====+====*====*====*====*====*====*====*====*


---------------------------------------------------------------------------
----------------------------------------------------------------------------

Current thread:

Hard Drive keeps filling up Harris Samuel W PORT (Sep 22)
- RE: Hard Drive keeps filling up matt willson (Sep 23)
- Re: Hard Drive keeps filling up Birl (Sep 23)
- RE: Hard Drive keeps filling up Joey Peloquin (Sep 23)
- Re: Hard Drive keeps filling up Brian Tomjack (brut) (Sep 23)
- <Possible follow-ups>
- Re: Hard Drive keeps filling up Eric Brown (Sep 23)
  - Re: Hard Drive keeps filling up Tony Preston (Sep 24)
- Re:Hard Drive keeps filling up Halverson, Chris (Sep 23)
- RE: Hard Drive keeps filling up Meidinger Chris (Sep 23)
- RE: Hard Drive keeps filling up Mark Hicks (Sep 23)
  - RE: Hard Drive keeps filling up Alexander Suhovey (Sep 24)
- Re: Hard Drive keeps filling up nee cee (Sep 23)
- Re: Hard Drive keeps filling up David Lanagan (Sep 25)