Site icon Winhelponline

System32 Folder Occupies 300 GB; Filled with Gibberish EXE Files

Of late, many users are complaining that the System32 folder is consuming colossal disk space (e.g., 150 GB – 300 GB) all of a sudden. On a user’s computer, more than 200,000 .exe files were generated. Those files were almost generated every minute, consuming over 200 GB on the C drive.

Here’s a screenshot from another computer showing more than 150,000 files in System32, which is very unusual. And the total size of the files was 148 GB.


The MSI NBFoundation Service executable causes the above issue. The MSI software executable OmApSvcBroker.exe was compromised recently. The offending file path is below:

C:\Program Files (x86)\MSI\MSI NBFoundation Service\OmApSvcBroker.exe

It creates those 1074 KB gibberish executable files in the System32 folder or the OS partition’s root directory.

The incident happened only on May 18th, 2023. However, some users noted that the above executable stopped generating the junk .exe files with random characters in the file name.

The 1074 KB junk executables can be deleted. They’re created by an MSI executable (OmApSvcBroker.exe) which was compromised recently. For more information, check out the following links:

In the above link, a poster commented:

“A malware, which generates additional files under random names in .exe file format. Came from MSI’s Center, probably got breached in that day. It would run up to two processes from created files to create even more files – in the end, fills up hard-drive and Windows\System32 folder with 1,074 kb files. The signature is valid, belongs to “micro-star international co., ltd.”, which is used to bypass detections.”


To prevent the junk files from filling up the hard drive, stop and disable the MSI NBFoundation file OmApSvcBroker.exe.

Open an admin Command Prompt and run this command:

schtasks /delete /tn "\OmApSvcBroker" /f

You should see the output “SUCCESS: The scheduled task “\OmApSvcBroker” was successfully deleted.

Restart Windows and delete the following file:

C:\Program Files (x86)\MSI\MSI NBFoundation Service\OmApSvcBroker.exe

Download Malwarebytes Antimalware and run a full scan.

Exit mobile version