Hi all,

Im not sure why, but one of my clients is experiencing VERY large temp files which seem to come from NOD32. They sit in the c:\winnt\temp folder, are usually bigger then a few GB (sometimes, they have been as big as 6gb+), usually a few of them and all start with 'nod' and then some letters.

We reinstalled Windows XP Pro and still experience the same problem. I have put the latest download of nod32 onto his machine, all the updates for windows, office and nod32. He is using Outlook XP and his PST is about 1.5gb in size. I think it’s related to email? At the same time of these files, the nod32 kernel is using about 90% of his CPU.

Anyone got any idea of what could be causing this? The files dont seem to disapear either. He needs to reboot to delete the files

Alan

I assume the temp file is created when NOD32 is trying to unpack an archive. One of the logical explanations is that the client received an email with a larger archive packed with a high compression ratio. For instance, if you got a 1 MB archive which, after it's been unpacked, would be 4 GB large, it might cause NOD32 to make large temp files. Therefore, I suggest you have the client try to identify the particular file (probably an archive) in question, e.g. by turning on the List all files option. Also, he could try not scanning pst files or disabling archive scanning to see if the problem goes away.

Good idea,

I will give them a try in the morning and let you know how it goes

This seems to be the case,

We were receiving nightly tar files from our hosting provider, but they were only 8kb in size but the archive said they were usally between 1.5gb and 4gb in size.

For everyone elses refrence, the files were named like the following

NOD7D4.tmp
NOD35.tmp
etc etc etc

I could pinpoint excatly where it was by using the NOD32 control system to do a full scan of every find on my machine etc using basicly all tick boxes in the setup page and then just waited until it would take forever on a single file or email. I then found it was based in email, loaded up outlook and found what message it was stuck on - opened the attachment and saw that it was 8kb atachment which contained over 2gb of data.

Thanks for your time,

Alan Lee

Were those actually legitimate files? Given the compression ratio, there certainly couldn't have been much valuable data in those. Might it have been a compression bomb?

http://www.wilderssecurity.com/showthread.php?t=24319&highlight=compression+bomb