A virus that eats up disk space. The Rombertik virus mercilessly destroys computer users' disks

What is Rombertik virus and how to protect yourself from it?

Rombertik virus under magnifying glass

Rombertik belongs to a family of pests that have a self-destruct function. In other words, the worm is programmed to destroy data located on hard drives if detected.

Like most modern malware, Rombertik reaches its victims' computers via email. This method is called “spear phishing”, it consists of targeted attacks on a specific person. In this case it is used social engineering.

The Rombertik virus hides in emails as a malicious PDF file, which is actually a Windows executable file with a .scr extension. To confuse the recipient, attackers change the file icon to a known PDF or name the file<имя.pdf.scr>. By default, the display of known file extensions is disabled in Windows system settings, so the .scr prefix may not be visible to the user.

Once Rombertik is installed on its victim’s computer, it begins to collect login data and other information that is valuable from the user’s point of view, including confidential data. It also infiltrates Firefox, Chrome or Internet Explorer web browsers.

Once in the browser, the worm can copy data entered into forms on websites even with a secure HTTPS protocol, for example, on banking websites. It does this before the data is encrypted through this protocol. The collected information is transferred to the server of hackers, who then sell it on the black market.

Computer virus Rombertik is equipped with a security mechanism that makes it difficult for security experts to detect and analyze. Usually, computer viruses remove themselves the moment they are detected, Rombertik goes further. If it detects that it has been detected by antivirus software, it will try to overwrite the Master Boot Record on the computer's hard drive.

The MBR contains the system boot loader and partition table, and if it is modified, the system will not be able to start, causing endless reboots. If for some reason the virus fails to change the contents of the MBR (this happens, however, relatively rarely), all files located in the root directory of the computer (C:\Documents and Settings\<имя пользователя>).

How to fight the Rombertik virus

As we found out, Rombertik does not destroy the entire system, it only disrupts the boot sequence of hard drives. This requires the use of data recovery tools. There are a number of programs that can help you recover a damaged or deleted MBR. Some of them are on the Windows installation disk.

Depending on the amount of damage caused, if the MBR cannot be recovered, some users will be forced to reinstall the operating system.

Distributing malware in the form of .scr executable files is almost as old as the Internet itself. Criminals can also use files with the extensions .vbs, .bat, .com, and .pif.

Unless there is a clear need, we recommend blocking all such attachments or simply not downloading or opening them. In addition, it is advisable to enable the display of file extensions in Windows.

Question: Virus eating up space on drive C

Hello! help me please. I'm constantly loading up on space on my C drive. I haven't downloaded anything for a long time, and I can't figure out what's wrong.

Answer: If you can’t understand, then virus fighters are even more so. so please

Question: The virus is eating up space on drive C

Disk space is disappearing in real time AntiMalware did not help...

Question: Viruses eat

Good afternoon
Help us deal with the infection! At first the Opera browser crashed, now I see Mozilla is installed (although I suspect it’s a virus)

Question: I can't reinstall the OS using a DVD created with the Media Creation Tool

Hello! I have a MSI GE 70 2PL Apache laptop. Windows 10 SL x64. After performing a clean installation of Windows 10 (at one time updated from win 8.1), I installed the drivers from the manufacturer’s disk in the specified order. (The manufacturer does not have drivers specifically for windows 10, only for win 7 x64 and win8.1 x64, installed drivers for win 8.1 ) When installing the nvidia driver, the screen went blank and would not turn on. I had to turn off the laptop with a hard reset. And after that Windows stopped loading. During normal booting, the MSI logo appears with a rotating circle at the bottom and after 2-3 seconds! The lock screen appears. Now, after loading the BIOS, there was simply an endless cycle of loading Windows. Restoring didn't help. In the BIOS I reset the settings to default. I reinstalled Windows from a DVD created using the Media Creation Tool, having previously formatted the C drive. Now after the logo and the boot circle there was just a boot circle, after a long time a black screen appeared and only then the lock screen. Thinking that the boot files were also damaged, I booted from the disk again, deleting the system partition, MSR partition and recovery partition.
Disk partitions BEFORE manipulation Disk partitions AFTER manipulation Now, when I try to install windows in its original location - drive C, the following message appears. If you manually create remote partitions, they are assigned the "primary" type. The laptop BIOS supports UEFI.



If you need a 300 GB partition with Windows, then in disk management, compress the 565 GB partition with Windows to 300 GB, then create a 265 GB partition in the free space and transfer 170 GB of data from your 353 GB partition there. Then delete the 353 GB partition, and expand the 265 GB partition to the free space on the right. So you will have 300 GB Windows and a 608 GB data partition. The only caveat that may arise is the 500 meg recovery partition, which may unexpectedly appear after installing 10, but it can be deleted through diskpart.

Question: The virus creates virtual disks

Hello, I caught an infection that creates virtual drives, 50 of them at each boot (1 picture), I tried to delete the created disks via "Control Panel > Administrative Tools > Computer Management > Disk Management", it turns out that only the drive letter is erased and at the next boot everything is created anew and at the same time old drives without a letter remain, in total I now have 256 virtual CD-ROMs created (2 fig.)
I still can’t understand what Kaspersky was doing at the time of infection.
The task manager does not open until the virus has created all the disks, so it is impossible to track whose activity it is.
I tried CCleaner to disable all suspicious elements in startup - it didn’t help.
I scanned with Kaspersky - nothing was found, I downloaded Dr.Web Cureit - when scanning in safe mode, I found 22 infected files, treated something there, but did not fix the problem.
Can you please tell me what to do?

Answer: Fine.
To close vulnerabilities in your system, make a log.
Copy and post the log that opens, you don’t need to post the file itself, then download and install all updates from the links.

Question: The virus creates virtual disks of more than 100 pieces, which slows down the PC

About a week ago, about 100 virtual disks began to be created with each boot of Win7. When working with Explorer, freezes occur for 10-30 seconds.
I deleted them with DAEMON and they appear again.
I downloaded AutoLogger from YOU.
I'm sending you the logs.
I am hope for your help!


Message from mkc

How and with what?

It would be better to tell you about this.

The logs are in order.

Question: Virus without a file on an old hard drive

I have an old 809 MB hard drive. From an old 486 computer (I'm into retro technology). It runs MS-DOS 5.0, FAT16 file system. I was going to install Windows 95 on it. To copy the installation files onto it, I connected it to a modern computer via a USB adapter. Kaspersky swears at viruses. Virus.DOS.Onehalf. Several files were infected, for example, Fdisk.exe, command.com. Cured. So Casper continues to complain about the same virus, but does not show the name of the infected file. Writes:
Treat (recommended).
I click “Treat”, he asks to reboot, they say, treatment with a reboot is the most effective method of treatment.
Or offers an option without rebooting. In short, this way and that, he writes that treatment is impossible, removal is also impossible, he recommends skipping it. And every time this drive is connected, it again swears at this virus, without showing the file. I have already formatted this disk, there are no files on it, but there is a virus! Boot virus? How to get rid of it? Formatting, even complete, does not help. Kaspersky cannot remove the virus. Where did he settle down?

Added after 2 minutes
Acronis deleted the section from it. The virus still remains!

Answer: Thank you, it helped!

Added after 8 minutes
Probably Kaspersky could not remove the boot virus because the drive is connected via USB. It can remove this virus (make changes to the MBR) only when the system boots. However, the USB disk driver has not loaded yet. It would be necessary to connect the screw directly to the motherboard, but modern motherboards do not have an IDE.

Question: [Solved] News app is eating up space

I noticed that...calm, just calm...free space on the system partition began to disappear. The eternal question: Who is to blame and what to do? The culprit was quickly found - Microsoft.BingNews, the folder is located C:\Users\User\AppData\Local\Packages. Its size has already reached 3.26 GB. I use the news application often and each visit, according to my observations, “costs” the screw 30-60 MB. I assume that there is no cleaning from previous runs. How to fix the situation? Or is this how it should be?


Quote gorill:

Is there a way to move this folder to another screw?

You should also understand that the installed applications do not belong to Microsoft and are not related to Windows, so a regular cleaner cannot know about them.
Use CClean by adding your custom folders for cleaning.

Also, applications for Vkontakte create a bunch of garbage in the application folder (in its own folder) where it stores watched videos, pictures and, most importantly, audio files. I deleted 150 MB from myself

  • C:\Users\konstantin\AppData\Local\Packages\C6965DD5.VK_v422avzh127ra\AC\Microsoft\CLR_v4.0\NativeIma ges\
  • C:\Users\konstantin\AppData\Local\Packages\C6965DD5.VK_v422avzh127ra\LocalCache\
  • C:\Users\konstantin\AppData\Local\Packages\C6965DD5.VK_v422avzh127ra\LocalState\audios\
Remember that the folder C6965DD5.VK_v422avzh127ra and Users\ constantin may vary for you.

Question: Drive letters are swapped

There are 3 partitions. C, D, E. After installing the second Windows 7 on partition E, then removing it and installing a new Windows 7 on partition C, Windows reassigns drive E to the place of drive D, also when you run the Paragon Partition disk partitioning program, it also swaps drives E and D. The first C and second D are my primary ones, the third E is logical. How to fix it?

Answer: Andrey1224
There is some truth about the situations: for example, installation in a vhd file - I don’t remember how the letters are assigned there.
But I wrote about the usual settings and my words were also not taken out of my nose.
XP has a different principle for assigning letters and it seems inappropriate to compare it, especially if the topic is about 7.

Question: Virus brontok.a 10

The situation is this: my nephew sat at his laptop and picked up viruses. In the browser on the green screen there is some kind of nonsense and the inscription Brontok.a 10. I ran dr.web curelt several times - it finds, deletes, after a reboot it and the other 20 viruses are still there. Avira and Kaspersky immediately crash when starting the scan (writes something about the registry dll) and reboots. Tell me, help. OS Win xp.

Trojan No free disk space

Greetings, dear readers. Today is another article on the topic “Where to put your irrepressible energy and spoil your neighbor,” and now I will present you an article on how to create a false virus that will completely consume your hard drive space. Well... what a joke, of course... In this article you will see with your own eyes how a Trojan is created and launched.

he can get to the victim in this form

The essence of the virus is that, having launched at the root of the system disk, it creates a rapidly expanding file (depending on the computer configuration - up to 1 Gb/sec), which fills all the free space on the disk and brings the system into a not quite working state with all flowing out. With all this, not every antivirus is able to detect it. But when testing, to avoid errors, you can disable the antivirus. However, this is where its harmfulness ends; it will no longer cause any damage to the system.

The trick of filling disk or flash drive space can be done faster. Windows itself is capable of this. But you will need access to the victim's computer.

Moreover, you can try it on your system, after saving all important documents. The Space Eater in this form is not a full-fledged virus for several reasons (because several actions were deliberately taken - although they are easily fixable):

  • requires a meaningful launch on the part of the user (although disguised as an antivirus program)
  • packer missing
  • during file execution there is support in Russian, which describes the actions, consequences and the ability to get rid of the Trojan
  • the file that will fill the disk space does not have the attributes Hidden and available for deletion
  • has an interface and its action is not hidden from the user’s eyes (the work of the Trojan is easily monitored through the Task Manager)
  • the code has been corrected for a one-time action per volume

If you are not familiar with the topic of Trojans, you can take a closer look at this issue in the articles:

Trojan No free disk space. Let's get started.

I won’t bother you with how the body of the virus is prepared. Let me just say that this is a modified version of a good person’s Trojan, written in C++ and compiled according to the example of the article. There you will see the source code of the Trojan and, if you want, you can compile it to suit your needs. You can download the Trojan in the form of an executable file in the archive using the link. If you wish, it can be turned into a brutal weapon, and all the “shortcomings”, because of which I will not call it a ready-made Trojan, can be easily corrected: I have everything for this on my website. Read. In the meantime...

Before running in the folder C:\Windows\System32 create a file junk.dll- he will be the cause of misfortune.

After launching the Trojan, your disk will be filled to 0. It’s easy to fix the situation: in the folder C:\Windows\System32 you will find the file you created with the name junk.dll and delete it. It won’t be difficult to find it again - it’s huge. If something goes wrong and the file is lost, it will be easy to find it using the utility SpaceSniffer:


The hard drive is considered one of the main components of a computer system, since without it the system simply cannot work. It is capable of storing a large amount of data that can be accessed at any time. However, sometimes you run the risk of losing important data, for example if your hard drive gets damaged in some way. A hard drive can fail after bad sectors accumulate over a long period of time or suddenly crash. Gradual hard drive failure is difficult to detect because its symptoms mimic other computer problems, such as viruses and malware. These symptoms are usually file corruption and poor PC speed.

Hard drive failures usually occur due to an increase in the number of bad sectors that accumulate over time. Hard drive failure can be sudden, complete, gradual or partial in nature and in most cases, data recovery is the only solution. However, data recovery can never be guaranteed with complete certainty. In this article we will try to answer the question: is it possible to repair a faulty hard drive and how advisable is it in various situations? So, what kind of malfunctions can repair a hard drive?

Electronics board fault

Typically this problem occurs due to power outages, power surges, etc. In 99% of cases, this malfunction can be diagnosed by a complete lack of response to power supply. The HDD should not spin the spindle or give any signs of operability at all; also, if there is a short circuit, some of the elements on the board may become very hot.

HDD repair is possible in this situation. It can be elemental, i.e. Individual elements on the electronics board are changed, and the board can be replaced with a similar one. However, the second repair option involves only restoring the disk's functionality, but not restoring data. The thing is that the data recovery process differs from the repair process in that when data is extracted, a similar electronics board is adapted to the “patient bank”, and in the case of hard drive repair, on the contrary, the “bank” is adjusted to the board, and a new one is created accordingly service information and user data will no longer be available.

The presence of a small number of unreadable sectors in the user area of ​​the hard drive.

Repairing the hard drive in this case is only possible if the amount of damage is small and can be hidden in factory defect lists, or if unreadable sectors have appeared in a certain area and it is possible to cut off part of the user area to prevent the appearance of even more problem areas. However, we consider such repairs acceptable only if this drive will not be used to store important data. The fact is that the appearance of bad blocks usually has an avalanche-like character and it is very unlikely to restore life to a “broken” disk for a long time!

Damaged service area of ​​the hard drive

This problem has begun to occur quite rarely in recent years, and nevertheless, there are cases when the creation of a new service area (translator, defect lists, etc., leads to the full return of the drive’s functionality). Sometimes this requires running a full scan and creating a new “service”, sometimes only small manipulations, such as clearing SMART, recalculating the translator, or shifting service zones by small amounts. In case of mechanical damage, it is no longer possible to restore the functionality of the hard drive under any circumstances. Even when opening the hermetic zone of a hard drive under special conditions, it is almost always impossible to achieve its normal operation. Therefore, if your disk has been subjected to any physical impact, with a very high degree of probability the disk cannot be repaired, or it is completely impractical, since it cannot guarantee its normal operation.

Damaged files

System file corruption usually occurs when the system shuts down suddenly, making it impossible to access your hard drive and therefore your system. Some of the causes of corrupted files include power surges, the use of malware, accidental closing of a running program, and improper shutdown of the PC. The solution, or rather the prevention of this problem, is to close all running programs before turning off the computer. In addition, it is best to turn off the computer itself in the standard way, and not hold down the start button or even pull out the network cable from the outlet (although hardly anyone else does this nowadays). In addition to this, you should avoid installing malware in general and regularly scan and clean your HDD to ensure that no unwanted programs remain there for long.

Viruses and malware

Computer viruses and malware are the next factor that can have an extremely negative impact on the performance of a hard drive. They infect the system and damage the system files stored on it. They usually enter the system from an external source, such as the Internet or an external drive. The attacks of these viruses and malware are initially aimed primarily at the hard drive, and subsequently can spread to other computers if they are connected to the infected machine via a local network. Updating your computer's operating system is one solution to this problem. Moreover, another possible solution is to install and frequently update a quality antivirus program. This antivirus will protect your system and your hard drive and make sure it remains safe from their threats. So, if the data stored on your hard drive is of great value to you, then you should not skimp on antivirus.

Manufacturing defect

Oddly enough, this point should also not be overlooked if you want the HDD to serve you as long and efficiently as possible. Hard drives that have not been tested beforehand may fail even after months of use. This problem occurs mainly with new hard drives. The reason for this most often lies, of course, in a manufacturing defect, which leads to hard drive failure. The best way to prevent this problem is to approach the issue of purchasing a new hard drive as carefully as possible and, if necessary, seek qualified assistance. It is extremely important to test a new hard drive before installing it on your computer system, if possible. And yet, you can never be one hundred percent sure that this will not happen to your purchase. So, in such a case, the only way out is to return and replace.


Overheating is also one of the most common problems that cause hard drives to fail. If the system is overloaded, the cooler may begin to spin more slowly, causing the system to begin to heat up immediately after booting. Moreover, there is a high probability of hearing extraneous clicks, which indicates that the hard drive is overheating. This is caused by a lack of proper ventilation or a faulty CPU cooler that overheats the system to the point that the hard drive begins to fail. Part of the solution to the problem is to install the cooler correctly and provide sufficient cooling for the hard drive. In addition, you can install a special program that will notify you about the temperature of the hard drive. If it starts to exceed the maximum limit, turn off the computer for a while and let it cool down before resuming operation, but in the future, of course, carry out proper diagnostics.

The computer cannot detect the hard drive or BIOS

The computer's inability to detect the BIOS or hard drive is due to interruptions in the power supply provided by the UPS. This causes the hard drive to not spin properly, causing the PC to not detect either the BIOS or the hard drive. The best way to solve this problem is to ensure that the power supply for your PC hardware components, especially the hard drive, is functioning properly. You can do this by simply replacing the cable connecting the UPS to the computer, and also replace the uninterruptible power supply itself with a model from a more reliable and proven company.

Unexpected computer crashes

When a hard drive gets too old, it starts to exhibit all sorts of problems that can cause your computer to crash unexpectedly. The reason for this is mainly due to the accumulation of bad sectors over a long period of time. As bad sectors accumulate, the drive's motor and read/write head become jammed. If this happens, you will begin to hear grinding noises and files and folders will suddenly begin to disappear. You can avoid this by periodically running various scans on your hard drive and (again) installing antivirus programs that protect your hard drive from the threat of viruses that can create bad sectors. Moreover, replacing the hard drive every 3-4 years is also a good way to solve this problem.

Human factor

Errors made by the user also have an impact on the occurrence of hard drive failures. For example, incorrectly installing the operating system, making changes to the system registry settings and changing the location of system files are all very common user errors that can cause irreversible damage to the hard drive. Avoid making any unnecessary changes to system registry settings or changing the location of system files. Also, make sure you install the operating system correctly.

Hard drives are vital to the proper functioning of a computer system. However, they are vulnerable to damage and problems that can lead to the loss of data that was stored on them. However, by taking the necessary precautions, you can avoid possible hard drive failures. Below are some tips to remember if you don't want to lose your precious data:

  • Install a good antivirus program on your computer and update it regularly.
  • Always back up your data to a separate location.
  • Never turn off your computer while any program is running.

For assistance in preparing the material, we thank the experts of the AIKEN laboratory.

The best programs for diagnosing a hard drive

If you don't know anything about the state of your hard drive, you may simply not have time to save your data when the critical moment comes. You must understand that any of the possible hard drive failures can take you by surprise, which is why you will need to know when it is time to back up your data. To monitor the condition of the hard drive, especially if there are no visible causes of any problems, it is best to install high-quality software to periodically diagnose its condition. You can find some of the most popular programs below.


This is a convenient free program that can monitor S.M.A.R.T. attributes, and will display basic information about the disk and its temperature. It comes in several versions that include more themes and support for multiple languages. The installer may offer other software, so be careful, as you probably don't want to install a couple of unnecessary programs along the way. The program uses a simple interface that will display information about the status of your hard drive's S.M.A.R.T. attributes, hardware characteristics and temperature. If a problem occurs, you can easily find it in the list of attributes.


HDDScan was created to support all types of hard drives, regardless of who makes them. This program is portable and once downloaded, you can run it directly without installing it. It can check the status of your hard drive's S.M.A.R.T. attributes, and in addition, you can access a wider range of tests and functions. It also supports working with RAID arrays, which allows it to conduct tests for them as well. These tests include writing, reading and erasing information on the HDD. All completed tests will be added to the Test Manager section, and will automatically be queued to run upon completion.

PassMark DiskCheckup

This hard drive testing software is free for personal use. To begin with, you will need to download a small file of 2 MB in size, and then simply install the program. In the corresponding S.M.A.R.T. tab. Info in the program, you will see the current status and attribute values, such as the disk package spin-up time, the error rate when reading data from the disk, errors that could not be recovered using hardware error recovery methods, and other S.M.A.R.T. parameters. In addition, the program records the history of the characteristics observed DickCheckup, which can be used for comparison if they get out of control or fail. DiskCheckup can also run two types of disk tests: short (5 minutes) and extended (up to 45 minutes).

HDD Regenerator

HDD Regenerator
can help reverse some of the negative effects bad sectors have on your hard drive. In some cases, it can repair problem areas, so if successful, you can continue using your computer as usual. In other cases, HDD Regenerator at least gives you a chance to get hold of important information before you need to replace your hard drive entirely. This program is quite useful because it supports many different types of hard drives. The developers claim that it can restore approximately 60% of hard drives. And although this is not the highest chance of success, this outcome is still better than nothing. The only subjective downside is that HDD Regenerator may be a little more difficult to master for novice users.

2024 gtavrl.ru.