Jump to content
TouchOdeath

Immunet Taking 100% Disk Space

Recommended Posts

Dear ritchie58,

 

I came across two different PCs that had the exact same problem, and they occured on the exact same day (today).  Whether that was coincidence or not, not sure.

 

Problem:

=======

100% disk space on Drive C:\ (windows install drive).  It would say 0 bytes free.

 

Cause:

======

C:\Program Files\Immunet\clamav\clamav.log-20151023_204525
 
there were several files with a similiar name as this above.  Each file was 102kb in size, and there were several of them.  These files were taking up ALL of the remainder disk space on clients PC.

 

Solution:

=======

Close sfc.exe to prevent anymore logs being written to disk to prevent any further space from being taken up.  Uninstall immunet, because it won't let you delete the log files.

 

If you encounter an error uninstalling, on one of the two computers I did.  If in that event, you need to remove the registry key "Immunet 3" which will be in one of these locations:

 

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Immunet Protect

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Immunet Protect

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Immunet Protect

 

Then re-run the original installer, and make sure you install in the same directory.  After Install, you should beable to uninstall.

 

I hope this helps someone.  ritchie58, I appreciate all your help on these forums and your deep insights.

Edited by TouchOdeath

Share this post


Link to post
Share on other sites

Hi TouchOdeath, just as I recommended to Adrenaline & dbreagan since they seem to be experiencing the same bug could you please submit a Diagnostic Tool report directly to Support? Here is a link to a FAQ topic that will tell you how to submit a comprehensive support request. http://support.immunet.com/index.php?/topic/1672-how-do-i-submit-a-support-diagnostic-tool-report/

 

Best wishes, Ritchie...

Share this post


Link to post
Share on other sites

Email sent... So heres the deal Ritchie.  The log files on these computers were taking up any remaining space the disk had.  I had to free up 'some' space in order to run your tool.  However, I couldn't let your tool finish because I didn't have enough disk space to let your tool do its thing, so I closed the window early.  Unfortunately doing that made a corrupt .7z file, which I'm just now realizing.  So... good luck on retrieving the log files..... :/.  If I would have known that closing the window early would have resulted in a corrupt .7z, I would have made my own .7z.  So big apologies for not testing the .7z at the time.

 

Heres an example of what the disk would look like:

 

1tb HD:

100gb = real data

900gb = log files

0bytes = free space

 

In the example above, you could only free up space from only the 100gb section.  7z does compress the 900gb to be a smaller size of course, but not enough.  So basically its impossible for your tool to finish.  Unless of course you were to change the desktop environmental variable to a seperate harddrive temporarily.

 

Another bit of information:  When I logged onto each computer, sfc.exe would be pegged at 25% cpu usage.

 

Since I didn't have physical access to these computers, my biggest concern was restoring these PCs to working order while I had the chance, so that was my main priority.  Also, for whatever reason, everytime I tried to uninstall Immunet, I got an NSIS error, or some error that wouldn't allow me to uninstall.  So I had to copy the original install file to the PC and perform an install so I could uninstall.  Thats around 16mb of data.  If you were to delete all the temp files off the PC, and say sfc.exe filled said space back up so you had 0 bytes again, you would either A:  find something else worthless to delete or B:  delete real data.  B of course wasn't an acceptable option for me.

Edited by TouchOdeath

Share this post


Link to post
Share on other sites

Hi TouchOdeath,

 

Sorry to hear these issues are impacting your machines. If it is not possible to create a support package, are you able to get one of the clamav log files (C:\Program Files\Immunet\clamav\clamav.log-*) off the machine and sent to us? This may help us in tracking down what might be the issue.

 

Thanks,

Eugene

Share this post


Link to post
Share on other sites

Hey EugeneC,

 

I just emailed you another instance on a different computer.  I copied quite a few log files, however not all of them.  In the screenshots I sent, notice how big the vertical scroll bar is.  Also, take note of the start and end date of the logs.  I appreciate both of you Ritchie and EugeneC.

 

On this computer, when I logged onto it, sfc.exe was pegged at 50% cpu.

Edited by TouchOdeath

Share this post


Link to post
Share on other sites

I'm wondering if it's an inherent internal bug with Immunet or it's one or more ClamAV definition signatures that are over zealously flagging temp files as suspicious or malicious. It's got to be one of the two that's for sure!

Share this post


Link to post
Share on other sites

I have the exactly same issue with 2 pc's now. A lot of logs files and the HD ran out of space. I needed to disable Immunet so I can delete all the logs files, but If I enable it again it start doing the same thing.

 

Regards

Share this post


Link to post
Share on other sites

Some PCs in my network showed same behavior, while others was OK. Unfortunately, my support engineers uninstalled Immunet before i reach PCs to make a support report.  Studying Windows Update logs i was found, that Immunet constantly prevents many updates from install, then WU starts installed them again and again, that`s why (probably) disk space was overrun by immunet. Here is how it looks in iptray.exe Quarantine item:

 

Details Event Type
Quarantine Failed
Detection Name
Clam.Win.Trojan.SdBot-8284
File Path
C:\Windows\WinSxS\Temp\PendingRenames\a094e7b5fc0cd201ac0c00004c98dc09.amd64_microsoft-windows-ndis-minwin_31bf3856ad364e35_6.3.9600.17933_none_4a48e22dfbdb75b0_ndis.sys_e2e1846f
 

There was a lot of such errors. Maybe excluding C:\Windows\WinSxS\Temp from Immunet will help with trouble.

Edited by jffulcrum

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×