Immunet Taking 100% Disk Space

[TouchOdeath]

Dear ritchie58,

 

I came across two different PCs that had the exact same problem, and they occured on the exact same day (today).  Whether that was coincidence or not, not sure.

 

Problem:

=======

100% disk space on Drive C:\ (windows install drive).  It would say 0 bytes free.

 

Cause:

======

C:\Program Files\Immunet\clamav\clamav.log-20151023_204525

 

there were several files with a similiar name as this above.  Each file was 102kb in size, and there were several of them.  These files were taking up ALL of the remainder disk space on clients PC.

 

Solution:

=======

Close sfc.exe to prevent anymore logs being written to disk to prevent any further space from being taken up.  Uninstall immunet, because it won't let you delete the log files.

 

If you encounter an error uninstalling, on one of the two computers I did.  If in that event, you need to remove the registry key "Immunet 3" which will be in one of these locations:

 

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Immunet Protect

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Immunet Protect

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Immunet Protect

 

Then re-run the original installer, and make sure you install in the same directory.  After Install, you should beable to uninstall.

 

I hope this helps someone.  ritchie58, I appreciate all your help on these forums and your deep insights.

[ritchie58]

Hi TouchOdeath, just as I recommended to Adrenaline & dbreagan since they seem to be experiencing the same bug could you please submit a Diagnostic Tool report directly to Support? Here is a link to a FAQ topic that will tell you how to submit a comprehensive support request. http://support.immunet.com/index.php?/topic/1672-how-do-i-submit-a-support-diagnostic-tool-report/

 

Best wishes, Ritchie...

[TouchOdeath]

Email sent... So heres the deal Ritchie.  The log files on these computers were taking up any remaining space the disk had.  I had to free up 'some' space in order to run your tool.  However, I couldn't let your tool finish because I didn't have enough disk space to let your tool do its thing, so I closed the window early.  Unfortunately doing that made a corrupt .7z file, which I'm just now realizing.  So... good luck on retrieving the log files..... :/.  If I would have known that closing the window early would have resulted in a corrupt .7z, I would have made my own .7z.  So big apologies for not testing the .7z at the time.

 

Heres an example of what the disk would look like:

 

1tb HD:

100gb = real data

900gb = log files

0bytes = free space

 

In the example above, you could only free up space from only the 100gb section.  7z does compress the 900gb to be a smaller size of course, but not enough.  So basically its impossible for your tool to finish.  Unless of course you were to change the desktop environmental variable to a seperate harddrive temporarily.

 

Another bit of information:  When I logged onto each computer, sfc.exe would be pegged at 25% cpu usage.

 

Since I didn't have physical access to these computers, my biggest concern was restoring these PCs to working order while I had the chance, so that was my main priority.  Also, for whatever reason, everytime I tried to uninstall Immunet, I got an NSIS error, or some error that wouldn't allow me to uninstall.  So I had to copy the original install file to the PC and perform an install so I could uninstall.  Thats around 16mb of data.  If you were to delete all the temp files off the PC, and say sfc.exe filled said space back up so you had 0 bytes again, you would either A:  find something else worthless to delete or B:  delete real data.  B of course wasn't an acceptable option for me.

[EugeneC]

Hi TouchOdeath,

 

Sorry to hear these issues are impacting your machines. If it is not possible to create a support package, are you able to get one of the clamav log files (C:\Program Files\Immunet\clamav\clamav.log-*) off the machine and sent to us? This may help us in tracking down what might be the issue.

 

Thanks,

Eugene

[TouchOdeath]

Hey EugeneC,

 

I just emailed you another instance on a different computer.  I copied quite a few log files, however not all of them.  In the screenshots I sent, notice how big the vertical scroll bar is.  Also, take note of the start and end date of the logs.  I appreciate both of you Ritchie and EugeneC.

 

On this computer, when I logged onto it, sfc.exe was pegged at 50% cpu.

[ritchie58]

I'm wondering if it's an inherent internal bug with Immunet or it's one or more ClamAV definition signatures that are over zealously flagging temp files as suspicious or malicious. It's got to be one of the two that's for sure!

[abhego]

I have the exactly same issue with 2 pc's now. A lot of logs files and the HD ran out of space. I needed to disable Immunet so I can delete all the logs files, but If I enable it again it start doing the same thing.

 

Regards

[jffulcrum]

Some PCs in my network showed same behavior, while others was OK. Unfortunately, my support engineers uninstalled Immunet before i reach PCs to make a support report.  Studying Windows Update logs i was found, that Immunet constantly prevents many updates from install, then WU starts installed them again and again, that`s why (probably) disk space was overrun by immunet. Here is how it looks in iptray.exe Quarantine item:

 

Details Event Type
Quarantine Failed
Detection Name
Clam.Win.Trojan.SdBot-8284
File Path
C:\Windows\WinSxS\Temp\PendingRenames\a094e7b5fc0cd201ac0c00004c98dc09.amd64_microsoft-windows-ndis-minwin_31bf3856ad364e35_6.3.9600.17933_none_4a48e22dfbdb75b0_ndis.sys_e2e1846f
 

There was a lot of such errors. Maybe excluding C:\Windows\WinSxS\Temp from Immunet will help with trouble.

[EugeneC]

Hello,

 

I've posted a way to reclaim the space used by the logs and avoiding the issue in the future. This info can be found here: http://support.immunet.com/index.php?/topic/3102-immunet-and-disk-space-usage/

 

Thanks,

Eugene