Problem with NOD32 and temp files

Discussion in 'ESET NOD32 Antivirus' started by gintuoklis, Sep 21, 2009.

Thread Status:
Not open for further replies.
  1. gintuoklis
    Offline

    gintuoklis Registered Member

    Hello, I've spotted that my disk space is disappearing rapidly. So i tried to find whose fault it is. And all leads show to NOD32.
    My Windows Version: 7 build 7100
    NOD32: 4.0.424.0
    Windows Media Player: 12.0.7100.0

    So the problem is when I launch Windows Media Player and watch local TV through internet, then NOD32 constantly writes to HTT*.tmp files in TEMP folder.
    screen shot1.png

    After shutting down Media Player then NOD32 just close whose files, but do not delete them.
    screen shot2.png
    So it keeps growing and growing… Yeseterday I deleted 16GB :)
    View attachment 212422
    Does anyone knows solution for this problem?
  2. Marcos
    Offline

    Marcos Eset Staff Account

    Would you please provide step-by-step instructions how to replicate the problem? Couldn't it be that you have Media Player set to work in active mode in the HTTP scanner setup? As an interim solution, you can exclude Media Player from HTTP checking by putting a red cross in the HTTP scanner -> Web browsers setup.
  3. gintuoklis
    Offline

    gintuoklis Registered Member

    Just launch WMP and play something from internet (radio, tv) and watch how htt*.tmp files are growing.
    I've tried the same thing on other machine (XP SP3). And it acts in differrent way. After closing WMP htt*.tmp files are deleted. So i guess it is problem with Windows 7.

    No.

    Maybe you can upload screenshot with settings, because i ca't find :(
  4. Bubba
    Offline

    Bubba Updates Team

    While the below pic is from the 3.0 tutorial, I believe the pic is the same as what would be in 4.0. Not in front of my 4.0 so I can not confirm :doubt:

    Alternately, the program help section is very well laid out and does show the area you are inquiring about.

    HTTP.gif
  5. gintuoklis
    Offline

    gintuoklis Registered Member

    there is no such settings in 4.0
  6. ccomputertek
    Offline

    ccomputertek Registered Member

    At least not with windows vista / 7.It's still there and works great for 3.0 NOD32 though ;)
  7. Bubba
    Offline

    Bubba Updates Team

    Yes, 4.0 does have those settings in certain Windows builds but it appears by what ccomputertek is saying, they are not present in "with windows vista / 7"
  8. loyukfai
    Offline

    loyukfai Registered Member

    I have just cleaned up about 6GB of HTTo_O?.tmp files from \WINDOWS\TEMP as well. Though they haven't come back, yet.

    Running 4.0.437.0 on Vista SP2.
  9. loyukfai
    Offline

    loyukfai Registered Member

    Just cleaned up about 10MB of these temporary files.

    I would like to mention that, these temporary files are not visible if you browse the directory without using an administrator account. In my case, I found them while I ran WinDirStat, and then ran "cmd" "as administrator" to delete them.
  10. haerdalis
    Offline

    haerdalis Registered Member

    This issue is still present in 4.0.474 when downloading files even though the file extensions are excluded in Web Access, Realtime, and Exclusions (the latter has the paths excluded too).

    I use Windows 7 Pro x64 retail.

    edit: these files used several GB on my computer the last time I removed them.
    Oh, and I don't use active mode for anything. Before you ask, it isn't possible to exclude an application in W7 x64.
    Last edited: Dec 7, 2009
  11. DenverESullivan
    Offline

    DenverESullivan Registered Member

    This definitely needs to be fixed... I'm seeing it with Windows Vista Ultimate (64-bit, SP2) as well. I just deleted 237MB of these things!

    My NOD32 details are:

    Virus signature database: 4667 (20091207)
    Update module: 1031 (20091029)
    Antivirus and antispyware scanner module: 1250 (20091207)
    Advanced heuristics module: 1099 (20091030)
    Archive support module: 1105 (20091029)
    Cleaner module: 1048 (20091123)
    Anti-Stealth support module: 1012 (20090526)
    SysInspector module: 1213 (20090902)
    Self-defense support module : 1009 (20090917)
  12. Marcos
    Offline

    Marcos Eset Staff Account

    It sounds an application on your computer transfers a non-standard stream via http which results in creation of tmp files that are not subsequently removed automatically. I'd suggest creating a pcap log using Wireshark, capturing the http traffic at the moment the temp files are created and conveying it to ESET for perusal.
  13. haerdalis
    Offline

    haerdalis Registered Member

    As far as I can see the common factor seems to be a download with a redirect,
    at least when using Mass Downloader or similar.
    If you give it the "Download" url from the webpage I linked it seems to consistently create a HTT*.TMP file that doesn't disappear until shutdown/reboot.
    Last edited: Dec 7, 2009
Thread Status:
Not open for further replies.