ET TU, NORTON? NAV, XP, and DHS

I haven't touched on the Inner Geek here in a while and it may be time. I'm using a 2005-ish Compaq laptop running XP-Pro. In general, laptops last two years; if you get two years out of one, then you did well. I've been real fortunate with this one. In general, I like the HP & Compaq brands, the hardware seems pretty sturdy and the manufacturer's proprietary stuff (recovery, etc) seems well thought out.

Over this unusual service life, my Inner Geek and my XP-Laptop have anthropomorphized a Love Relationship. I really like this laptop; I know where the wrinkles are, I've got it tweaked out with all the tools and toys that I rely on. I'm good with the features and the bugs.

It came with a 85-gig hard drive, which was massive in 2005. Now your phone probably has more room. Over the last year, the available hard drive space has been dwindling, and as it filled up the system performance has degraded. I've been offloading photos and documents into an external hard drive to free up space, but in a few weeks it's been filled up again - and I'm not storing that much. In the last ten days I've noticed that I've picked up a Google-Redirect malware that has taken up residency in my computer.

There are two issues going on and I conflated them. I ended up running a few different tools to isolate the Google Redirect malware, MalwareBytes and the Windows Malicious Software Removal Tool and Combofix, and then I removed and reinstalled my browsers, and it seems like the problem has gone away or is at least in remission.

The remaining issue is that all the files the malware wrote on my hard drive are still choking my machine. It was very difficult to find, needle in a haystack, just like you'd think it would be. I downloaded a different type of File Manager, a lot like the original XTree Gold, this one is called TreeSize and it displays the file directory based on the size of the folder including subordinate folders. This was a very helpful utility.

Come to find out, I've got 55gigs of files in c:\Program Files\Common Files\Symantec Shared\VirusDefs I did a google-search on the file types and the folder names and it turns out that when Norton Anti-Virus (NAV) downloads new virus definition files, it stores them on the hard drive in protected folders and nothing can delete them. They just grow like an algae bloom. There were hundreds of these folders, each with about 150 mg of protected files.

I'm astounded that Norton Anti-Virus, the product I'm relying on to keep me safe and in business, actually filled my computer up with so much useless, non-functional junk that I almost walked away from the computer. Et Tu, Norton 360?

The first solution was to boot into XP-Safe Mode with a DOS prompt. I remember when Win95 came out and it was the end of DOS, it seems like DOS has been there the whole time and now they're good with that again. From the DOS prompt you might enter:
    del TMP12C4.TMP /S /Q
and that will delete one folder containing protected files.

I couldn't figure out how to delete hundreds of these folders, since the DELETE command won't tolerate wildcards for folder removal. Eventually I figured out that I needed to use a script:
     for /D %f in (TMP*) do RMDIR %f /S /Q
and that removed all folders with names starting with TMP in that path.

I am astounded (and left feeling naive) at the stealthy ease with which a program that was supposed to keep me safe and functional ended up choking the system and rendering it disfunctional.


Which is sort of like DHS and TSA, making Americans line up to have their papers checked, frisking Grandma at the airport, and conducting spot-searches at political rallies and public highways.