My laptop starts defragging at (seemingly) random times. It's really annoying in class if it start, because it seems to run through the entire class. I'm assuming that that is what 'dfrgntfs' is, btw. I've checked the scheduled tasks, as well as the menus in the windows defrag tool, and I cannot find anything

What defrag program is doing it? Diskeeper? Windows defrag?

I'd have to say the windows program, as I haven't installed anything else.

Check to make sure that it isn't a scheduled task. In WinXP click Start, click All Programs, point to Accessories, point to System Tools, and then click Scheduled Tasks.

You can disable it there if it is a scheduled task.

Hope this helps. :)

It's not :(

I checked there before I posted.

run the defrag diagnostic, is the drive fragmented that bad? perhaps you're at like 90% fragmentation and windows has had enough of your untidiness. if it's a new install, then i say format c: and forget about it.

Possibly somebody on your network using the at command, and starting defrag to piss you off. Change the admin password and see if it stops

Edit:

If you don't know what the at command is go to a command window then type at /? and it will tell you. It schedules things on other peoples computers at specified times.

Um, defrag, if set to run when machine is off, will keep trying to run even if the Schedule Entry is eliminated, until it completes one cycle of defrag successfully. I would let it run as a background thing and use the laptop if you can.

If you can't, scan your box for any SDBot laden worms, Several worms carry one variety of the 35 variants of SDBot as side payload and multiple straight SDBot variants can use that name and a variant of it.

SDBot is an IRCBot spread product of somone's twisted imagination of another way to trojan the box of someone that person did not like, and since it is a BOT and not just a simple program that spreads it, it has been all over the web and isolated folks have gotten hit with it from the first version in late 2001 (estimated creation date of original) to present. NAV can kill it, and most variants, but if you look up on Symantec's site about SDBot and print the detailed instructions you will get about 1\3 of an inch of 20 lb paper output and have about 150 registry keys to check for detailled changes.

Let the silly thing run through once, reboot, then in a regedt32 run search for dfrgntfs and look for a run key value with that name. If found, remove(only the run key value), and reboot, then go to Symantec and print your reference book on SDBot and its variants and kill the rest of them please if others are also present.

THEN, let others (especially friends) know IRC is kinda dangerous right now-- not enough folks are letting Symantec know about SDBot infections for them to raise the security class for same, and no dedicated killer has been made for this yet. The virus mostly replicates, and the word trojan in this case refers to what is more normally these days a HYBRID package as newer worms also have the SDBot trojan in them. IT IS possible for this BOT to travel on P2P also, VERY possible.

A friend of mine had one on his business box, in a "bible music" movie his son had downloaded via KazaaLite-- file was preloaded with Hybrid worm thing as well as what was more expectable. Son insists he also got wrong movie, but that is debateable given the collection he turned out to have burned on CD.

John(wish I were kidding, I printed the first local copy of that book for my boss in part so he could show his son something tangible about the junk it took him 2 DAYS of registry editing to remove-- boss now knows XPs registry structure pretty good.).

;D ;D The story about that son is a riot!

Sorry, shwaip, I don't have anything else to contribute, I just couldn't resist but laugh about that kid with the Bible Music...

I'm pretty sure that Diskeeper will show up as 'dfrgntfs' in the Task Manager when it's running, or at least when it runs in 'set it and forget' mode. If it was the Windows de-frag I'm sure the whole program will load up into a Window and be blatently obvious, Diskeeper will run discreetly in the taskbar.

I suggest you have another good look at what applications you've got installed, and that includes having a sift through your msconfig startup list. But all of the above thoughts and suggestions are equally worth following up.

ok:

kanez: That is quite possible, however I tend to run defrag every now and then. I started it, and walked away. I'll see if it does it again.

Mancabus: I doubt that is what it is. It had been going on for the better part of a year, and I just now figured out what was actually making the hard drive spin up/write. (I've changed passwords several times, as it is required by the school)

Ageek: I'll keep that in mind, however, i very rarely use the laptop with filesharing programs, and I tend to run virus/trojan scans fairly regularly.

/me shakes fist at ghoosdum

Spinner: I just had a look through all the programs installed (I realized there might have been a possibility that it was installed by the techs at our school before we got them), and it was not installed. I also saw nothing in the msconfig starthp that shouldn't be there.

Thanks all.