HCHTech
Well-Known Member
- Reaction score
- 3,859
- Location
- Pittsburgh, PA - USA
I had a new business customer bring in a Dell all-in-one computer they used at their front desk. "It's slow and I'm getting 'out of disk space' messages, can you clean it up?"
After hardware diagnostics didn't find any problems, the first thing I find is an actual, honest-to-goodness virus (which SOMEHOW got through Microsoft Security Essentials - Imagine that!) living in the Windows System32 directory, that created about 600,000 copies of a file taking up about 50 gigabytes of space. After a thorough cleanup, the computer still wasn't right - better, but not right. It had passed the hardware diagnostics, so I decided to unhide everything and go spelunking through the hard disk to see what I could find.
I found a folder hidden in the user directory created by a software called "PC Tattletale". This software (that I could not tell was installed) was taking a screenshot somewhere between 5 and 20 times PER MINUTE, for the last 2 years. I also found a text file explaining how to remove evidence that the software was installed, so it was clearly installed on purpose.
This directory had, I'm not kidding 1.4 MILLION files in it. Holy freaking schnit. Some googling turned up this apparently legitimate (and I use that term loosely) software, so I called the customer and got some story about how this computer used to belong to an employee of his who went through a nasty divorce a couple of years ago.
In the end, I had to reinstall the software to put back the proper uninstaller, then uninstall it, then clear out that directory. I ended up doing that in linux because Windows isn't very happy when you try to delete a folder with that many files in it. It still took several hours to delete everything. Wow. After that, it ran like new again!
After hardware diagnostics didn't find any problems, the first thing I find is an actual, honest-to-goodness virus (which SOMEHOW got through Microsoft Security Essentials - Imagine that!) living in the Windows System32 directory, that created about 600,000 copies of a file taking up about 50 gigabytes of space. After a thorough cleanup, the computer still wasn't right - better, but not right. It had passed the hardware diagnostics, so I decided to unhide everything and go spelunking through the hard disk to see what I could find.
I found a folder hidden in the user directory created by a software called "PC Tattletale". This software (that I could not tell was installed) was taking a screenshot somewhere between 5 and 20 times PER MINUTE, for the last 2 years. I also found a text file explaining how to remove evidence that the software was installed, so it was clearly installed on purpose.
This directory had, I'm not kidding 1.4 MILLION files in it. Holy freaking schnit. Some googling turned up this apparently legitimate (and I use that term loosely) software, so I called the customer and got some story about how this computer used to belong to an employee of his who went through a nasty divorce a couple of years ago.
In the end, I had to reinstall the software to put back the proper uninstaller, then uninstall it, then clear out that directory. I ended up doing that in linux because Windows isn't very happy when you try to delete a folder with that many files in it. It still took several hours to delete everything. Wow. After that, it ran like new again!
