Seems like a virus or rootkit, but...
I am having an issue with a server with disk space disappearing into nowhere. On the data partition (drive D) of the SBS 2003 server, every day ~1GB of disk space gets eaten up. This even happens on the weekends when no one is on the office using the system. Also, I cannot find any files or folders that are increasing in size. Out of 193GB, drive D now has 70GB remaining. However, when I do a folder-by-folder audit, only 9.5GB is used on drive D (unhiding all files first). I have even tried tools like DiskTective and TreeSize to find where the space is but with no new finds, they both report 9.5GB in files but only 70GB out of 193GB available on disk. The paging file is stored on drive C, Exchange badmail is not growing in size... I'm lost for an explanation. The only other thing that I noted is that the AutoProtect setting of Symantec Endpoint Protection on the server reports a malfunction. However, a full system scan reveals nothing.
Last weekend I disconnected the DSL modem from the network and the space stabilized / stopped decreasing for that time period. So it looks like whatever is happening is somehow Internet related. I have run many AV programs, rootkit detectors, malware detectors, and the like - all with no hits.
First, I would like to find what is using my drive space but cannot find any related files. Does anyone know of software to perform a more comprehensive audit? Then, I need to find whatever is eating the space and stop it. I do not know where to look next.
Ideas? Thanks!
I am having an issue with a server with disk space disappearing into nowhere. On the data partition (drive D) of the SBS 2003 server, every day ~1GB of disk space gets eaten up. This even happens on the weekends when no one is on the office using the system. Also, I cannot find any files or folders that are increasing in size. Out of 193GB, drive D now has 70GB remaining. However, when I do a folder-by-folder audit, only 9.5GB is used on drive D (unhiding all files first). I have even tried tools like DiskTective and TreeSize to find where the space is but with no new finds, they both report 9.5GB in files but only 70GB out of 193GB available on disk. The paging file is stored on drive C, Exchange badmail is not growing in size... I'm lost for an explanation. The only other thing that I noted is that the AutoProtect setting of Symantec Endpoint Protection on the server reports a malfunction. However, a full system scan reveals nothing.
Last weekend I disconnected the DSL modem from the network and the space stabilized / stopped decreasing for that time period. So it looks like whatever is happening is somehow Internet related. I have run many AV programs, rootkit detectors, malware detectors, and the like - all with no hits.
First, I would like to find what is using my drive space but cannot find any related files. Does anyone know of software to perform a more comprehensive audit? Then, I need to find whatever is eating the space and stop it. I do not know where to look next.
Ideas? Thanks!