Something weird affecting my laptop.
It has an 18.6 GB hard disk, with 5.3 GB free. However, Monday evening (May 8th) I got a message that the disk was full. Yep, only a few Megabytes left. When I checked folders very carefully, I found that the WINDOWS/TEMP folder was filled with files like this:
AcrF4.tmp, AcrF5.tmp, ..., AcrFF.tmp, Acr100.tmp, Acr101.tmp, ... etc. Counting up in hex.
Each file was around 4 MB in size (just under, just over, it depended) and they were being written into the folder around four times a minute, although the rate was also variable. Windows marked the application as unknown, and when I opened a file in Notepad, it was binary.
Aty first I suspected BOINC, the distributed science application platform. But I stopped it, and the problem continued. I checked the active processes, and nothing seemed amiss. It's a shame there is no disk access logger with XP though.
In desperation I have re-installed the McAfee antivirus program (I had some suspicions) and have used System Restore to back up to last Sunday. As of this time, the Acr files have stopped arriving. More later (if the problem recurs).
UPDATE: Thursday morning, May 11th 06
End of last evening, the problem had not gone away. This morning, I started by closing down systematically all my user processes (via the task manager) - checking at each stage whether the demonic file-writing would stop. It did not.
I then downloaded the freeware program: mst IsUsedBy, a utility which opens a window, into which you can drag a file. The program then tells you which process is using that file. It told me that the culprit was the Microsoft indexing program cidaemon.exe. Surprising, because although this program can apparently be a CPU hog, it is not flagged as dumping data.
I tracked it down to C:WINDOWS/system32 and renamed the process (prepended an 'x'). This may have cured the problem. However, re-checking in this folder, I see that Windows has put it back! Still ...
I also took the precaution of organising all my data, collecting my executables together, listing the programs I continue to use, and backing everything up to my external HD. This, because the next step is a full Windows XP re-install on the assumption that I have a piece of malware here. It has evaded McAfee antivirus, spybot S&D and Lavasoft ad-aware so it's pretty pernicious.
A re-install from Toshiba's 2003 CDs looks like an all-day operation (SP2 download all over again, etc) so it really is a last resort...
UPDATE Friday May 12th 9.00 a.m.
Now 24 hours without any reappearance of the problem. I guess we can say fixed. What seems to have happened is that the cidaemon.exe process appears to have gone 'rogue'. Whether this was a bit error, or some corruption of a config file or debug setting is completely unknown.
However, Windows recreated the process, presumably from a clean source, and the problem has gone away. By side effect, it did force a clean-up of my data and an audit of what I have as well as rehearsing the complete recovery process - which has value. Still, what a waste of time, overall.
