Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Virus - Access denied - H:\system volume information


30 Mar 2013   #11

Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
 
 

Jamal

Attrib commands and what they do

- Clears an attribute.

R Read-only file attribute.

A Archive file attribute.

S System file attribute.

H Hidden file attribute.

My System SpecsSystem Spec
.

30 Mar 2013   #12

Windows 7 Ultimate x64
 
 

Quote   Quote: Originally Posted by VistaKing View Post
Jamal

Attrib commands and what they do

- Clears an attribute.

R Read-only file attribute.

A Archive file attribute.

S System file attribute.

H Hidden file attribute.

Many thanks VistaKing,

1. Then what does the RogueKillerX64.exe do?

2. Why I got the message “access is denied” as I applied the command “attrib -h -s -r -a /s /d F:\*.*”

3. How about the shortcuts generated by the virus? How can we remove them automatically?

4. How to remove the virus itself?
My System SpecsSystem Spec
30 Mar 2013   #13

Windows 7 Home Premium
 
 

Jamal NUMAN,

RogueKiller is a program created by Tigzy, in France.
The author describes it as a program that scans processes running, and kills those that are malicious and block the execution of malware removal programs.

The program also cleans the Windows Registry, and has evolved to handle the following:
Read / Fix DNS Hijacks (DNS Fix button)
Read / Fix Proxy Hijacks (Proxy Fix button)
Read / Fix Hosts Hijacks (Hosts Fix button)
Restore shortcuts / files hidden by rogues of type "Fake HDD"
Read / Fix malicious Master Boot Record (MBR) -- Even hidden by rootkit
Find and restore system files patched / faked by a rootkit
It is also able to remove many infections, including ZeroAccess, TDSS, all rogues, and Ransomwares.


On your particular predicament, let's see if this helps...

Please go to Start > Run (or, press Windows key and the R key)
In the open area of the Run prompt, type the following and press OK: control folders
In Folder Options, click: View
Check: Show hidden files and folders
Uncheck: Hide protected operating system files
Press: OK

Now, please download RKill:
RKill Download
Save to the Desktop.

If rkill.exe does not run, then download and try to run iExplore.exe (a renamed RKill.exe), or RKill.com
You only need to get one of these to run.

If your antivirus warns you about this tool, ignore the warning, or temporarily disable your antivirus.
Info: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - BleepingComputer.com

Right-click on the downloaded RKill file and select: Run as Administrator

When the tool runs, a black DOS box briefly flashes and then disappears. This is normal and indicates the tool ran successfully.

>>Do not reboot the computer after running Rkill, as the malware programs will start again!
If the computer reboots, run Rkill again before continuing to the next step.<<

When the scan is done, Notepad opens with the RKill report.

Please post the RKill report in your reply.

The RKill report provides information on:
Malware services stopped
Processes terminated
Malware related Registry settings
...and other items.



Next, use avast! Free Antivirus to perform a complete scan of your external hard drive:

Download: AVAST 2013 | Download Free Antivirus Software for Virus Protection
Scroll down to: avast! Free Antivirus – World's most popular antivirus
Save to the Desktop

Temporarily disable your current antivirus.
Info: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - BleepingComputer.com

Double-click on the file to launch the installation of avast! Free, and follow the prompts.

If asked to run a Scan, hold off, and do the following:
Make sure the external drive’s power cable is plugged into a wall outlet before proceeding.

At the avast! program console, main menu, click: Scan Computer (left side)
The window that opens, Scan Now, features controls that allow you to scan the external hard drive.

Locate the section: Removable media scan
Click: More Details to expand this section.
In the Removable media scan section, click: Start

Any viruses or other types of infected files that are identified are immediately quarantined by avast!
Wait for the scan to complete. It may take a while depending on the size of the drive.

To get a report of what the program found, on the left side, click: Scan Logs

Please provide the avast! scan log in your reply.

Once we get the RKill and the avast! information, we will proceed.
My System SpecsSystem Spec
.


01 Apr 2013   #14

Windows 7 Ultimate x64
 
 

Quote   Quote: Originally Posted by cottonball View Post
Jamal NUMAN,

RogueKiller is a program created by Tigzy, in France.
The author describes it as a program that scans processes running, and kills those that are malicious and block the execution of malware removal programs.

The program also cleans the Windows Registry, and has evolved to handle the following:
Read / Fix DNS Hijacks (DNS Fix button)
Read / Fix Proxy Hijacks (Proxy Fix button)
Read / Fix Hosts Hijacks (Hosts Fix button)
Restore shortcuts / files hidden by rogues of type "Fake HDD"
Read / Fix malicious Master Boot Record (MBR) -- Even hidden by rootkit
Find and restore system files patched / faked by a rootkit
It is also able to remove many infections, including ZeroAccess, TDSS, all rogues, and Ransomwares.


On your particular predicament, let's see if this helps...

Please go to Start > Run (or, press Windows key and the R key)
In the open area of the Run prompt, type the following and press OK: control folders
In Folder Options, click: View
Check: Show hidden files and folders
Uncheck: Hide protected operating system files
Press: OK

Now, please download RKill:
RKill Download
Save to the Desktop.

If rkill.exe does not run, then download and try to run iExplore.exe (a renamed RKill.exe), or RKill.com
You only need to get one of these to run.

If your antivirus warns you about this tool, ignore the warning, or temporarily disable your antivirus.
Info: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - BleepingComputer.com

Right-click on the downloaded RKill file and select: Run as Administrator

When the tool runs, a black DOS box briefly flashes and then disappears. This is normal and indicates the tool ran successfully.

>>Do not reboot the computer after running Rkill, as the malware programs will start again!
If the computer reboots, run Rkill again before continuing to the next step.<<

When the scan is done, Notepad opens with the RKill report.

Please post the RKill report in your reply.

The RKill report provides information on:
Malware services stopped
Processes terminated
Malware related Registry settings
...and other items.



Next, use avast! Free Antivirus to perform a complete scan of your external hard drive:

Download: AVAST 2013 | Download Free Antivirus Software for Virus Protection
Scroll down to: avast! Free Antivirus – World's most popular antivirus
Save to the Desktop

Temporarily disable your current antivirus.
Info: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - BleepingComputer.com

Double-click on the file to launch the installation of avast! Free, and follow the prompts.

If asked to run a Scan, hold off, and do the following:
Make sure the external drive’s power cable is plugged into a wall outlet before proceeding.

At the avast! program console, main menu, click: Scan Computer (left side)
The window that opens, Scan Now, features controls that allow you to scan the external hard drive.

Locate the section: Removable media scan
Click: More Details to expand this section.
In the Removable media scan section, click: Start

Any viruses or other types of infected files that are identified are immediately quarantined by avast!
Wait for the scan to complete. It may take a while depending on the size of the drive.

To get a report of what the program found, on the left side, click: Scan Logs

Please provide the avast! scan log in your reply.

Once we get the RKill and the avast! information, we will proceed.

Thank you cottonball for the very integrated piece of answer. It worked like a charm.

I clicked the “fix shortcuts” and all issues are fixed.

Appreciated

Best

Jamal


Attached Thumbnails
Virus - Access denied - H:\system volume information-clip_748.jpg  
My System SpecsSystem Spec
01 Apr 2013   #15

Windows 7 Home Premium
 
 

Outstanding!! Good work, Jamal!!

Was not sure that RogueKiller was going to act on anything other than drive C:\, but, it did.

I believe at one point the program only scanned C:\, but I could be wrong. This program has developed by leaps and bounds, and is one of my favorites.

If you do not mind posting the RKreport (Shortcut Fix), it will help others with similar problems.

Thank you!!
My System SpecsSystem Spec
02 Apr 2013   #16

Windows 7 Ultimate x64
 
 

Quote   Quote: Originally Posted by cottonball View Post
Outstanding!! Good work, Jamal!!

Was not sure that RogueKiller was going to act on anything other than drive C:\, but, it did.

I believe at one point the program only scanned C:\, but I could be wrong. This program has developed by leaps and bounds, and is one of my favorites.

If you do not mind posting the RKreport (Shortcut Fix), it will help others with similar problems.

Thank you!!
Hi cottonball,

The “fix shortcuts” is an option in the Rogue Killer X64 software. Please, have a look on the attached screenshot


The only issue that remains unsolved is that the Rogue Killer does fix the problem but fails to kill the virus itself.

Best

Jamal


Attached Thumbnails
Virus - Access denied - H:\system volume information-clip_748.jpg  
Attached Files
File Type: zip RogueKiller.zip (1.50 MB, 0 views)
My System SpecsSystem Spec
02 Apr 2013   #17

Windows 7 Home Premium
 
 

Did you run avast! on your external drive?

Did it find anything? Do you have the avast! scan log ?
My System SpecsSystem Spec
02 Apr 2013   #18

Windows 7 Home Premium
 
 

Also, we can take a look at the system before Windows starts, but, we need to run a special tool.

However, to do so, need some info from you:
Do you have the Repair your computer option in the Advanced Boot Options menu?


To find out:
Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until the Advanced Boot Options menu appears.

Is the Repair your computer option listed?


If you do not have the option, do you have your Windows 7 installation CD/DVD available?


~~~~
>>> If you have the Repair your computer option, please run FRST from your bootable computer, as follows:


First, please check the size an name of the Hard Drive that has Windows Seven installed.
Start > double-click: Computer (Take note of the info.)


Also, you may want to print these instructions for reference after the process starts.


Next, download the Farbar Recovery Scan Tool:
http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/
Select the version that applies to computer (64-bit)

Save FRST64.exe to the Desktop


Right-click Start, and select: Open Windows Explorer

Look for drive C:\

On the Desktop, right-click FRST.exe, and move it into C:\
Confirm that FRST.exe is in C:\.


>>Restart the computer.


Tap the F8 key until the Advanced Boot Options menu appears.

Select: Repair your Computer

Select language settings, and User account. (In the User Account leave the passworrd field blank, if you do not have one.)


On the System Recovery Options menu, select: Command Prompt


In the Command Prompt window, at the blinking cursor, type: notepad

In Notepad, under the File menu selec: Open
Double-click: Computer
Double-click on the OS drive (May not show as C:\ in the Recovery Environment, but you already found out its size.)
Press: Open


At the Command Prompt window type: X:\frst64.exe, and press: Enter
(Replace X with the letter of drive that now shows.)


The tool starts and presents a prompt with:
The tool is setting up to read the Local Disk. Please wait...

Click OK to continue.


When presented with the disclaimer, press: Yes


When the FRST console appears, press the Scan button.


Once the scan finishes, a prompt appears stating:
Scan completed. The frst.txt has been saved in the same location FRST tool is run.

Close this prompt. Notepad shows that a log was created.


Close FRST64, and close everything else except System Recovery Options.
Press: Restart



Back in Windows, right-click Start, and select: Open Windows Explorer
Look for drive C:\, and open it.
A folder named: FRST is there.

Inside the FRST folder, there are three folders.
One of them is named: Logs

Open the Logs folder to find the text document resulting from the scan.


Please post the FRST.txt in your reply.
My System SpecsSystem Spec
24 Apr 2013   #19

Windows 7 Ultimate x64
 
 

Quote   Quote: Originally Posted by cottonball View Post
Also, we can take a look at the system before Windows starts, but, we need to run a special tool.

However, to do so, need some info from you:
Do you have the Repair your computer option in the Advanced Boot Options menu?


To find out:
Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until the Advanced Boot Options menu appears.

Is the Repair your computer option listed?


If you do not have the option, do you have your Windows 7 installation CD/DVD available?


~~~~
>>> If you have the Repair your computer option, please run FRST from your bootable computer, as follows:


First, please check the size an name of the Hard Drive that has Windows Seven installed.
Start > double-click: Computer (Take note of the info.)


Also, you may want to print these instructions for reference after the process starts.


Next, download the Farbar Recovery Scan Tool:
http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/
Select the version that applies to computer (64-bit)

Save FRST64.exe to the Desktop


Right-click Start, and select: Open Windows Explorer

Look for drive C:\

On the Desktop, right-click FRST.exe, and move it into C:\
Confirm that FRST.exe is in C:\.


>>Restart the computer.


Tap the F8 key until the Advanced Boot Options menu appears.

Select: Repair your Computer

Select language settings, and User account. (In the User Account leave the passworrd field blank, if you do not have one.)


On the System Recovery Options menu, select: Command Prompt


In the Command Prompt window, at the blinking cursor, type: notepad

In Notepad, under the File menu selec: Open
Double-click: Computer
Double-click on the OS drive (May not show as C:\ in the Recovery Environment, but you already found out its size.)
Press: Open


At the Command Prompt window type: X:\frst64.exe, and press: Enter
(Replace X with the letter of drive that now shows.)


The tool starts and presents a prompt with:
The tool is setting up to read the Local Disk. Please wait...

Click OK to continue.


When presented with the disclaimer, press: Yes


When the FRST console appears, press the Scan button.


Once the scan finishes, a prompt appears stating:
Scan completed. The frst.txt has been saved in the same location FRST tool is run.

Close this prompt. Notepad shows that a log was created.


Close FRST64, and close everything else except System Recovery Options.
Press: Restart



Back in Windows, right-click Start, and select: Open Windows Explorer
Look for drive C:\, and open it.
A folder named: FRST is there.

Inside the FRST folder, there are three folders.
One of them is named: Logs

Open the Logs folder to find the text document resulting from the scan.


Please post the FRST.txt in your reply.
Hi cottonball,

Sorry for the delay to get back to you.

· For the time being, I’m using Kespersky but is sounds to do noting as all other antivirus software! They just do nothing.
· From time to time, the issue of hidden folders and shortcuts appear on the machine

· Other three folders are created also due to the virus: $RECYCLE.BIN/ RECYCLER/ System Volume Information (attached)

Unfortunately, I couldn’t follow the instructions that you have sent! Sounds to be long and I got confused.

By the way, as an end user, do I need to struggle all my life just to kill this virus!

I’m not sure to to get rid of this virus from my machines!
· I do have antivirus
· I do user the “RogueKillerX64.exe”
BUT the virus is still there!

Best

Jamal




Attached Thumbnails
Virus - Access denied - H:\system volume information-clip_32.jpg  
My System SpecsSystem Spec
24 Apr 2013   #20

Windows 7 Home Premium
 
 

Please use the Autorun Exterminator (free) - Download
Save to the Desktop
Right-click the downloaded file and select: Extract to AutoRunExterminator-1.8\
Double-click the new AutoRunExterminator folder on the Desktop
Inside it, double=click the AutoRunExterminator application

Now, plug your external hard drive into the USB port you normally use.

If an autorun.inf file is detected, the program console reports the occurrence.
Right-click the red x in the yellow square on the Taskbar
Select: Config/About
When the program console appears, press: Open log
If available, please provide the contents of the report on your reply.


Now, assuming your external hard drive is H:\
And, you used the following command to remove attributes:
attrib -h -r -s /s /d h:\*.*


Set your current AntiVirus to scan removable drives, or, temporarily disable your AV program and use avast!:
Virus - Access denied - H:\system volume information
My System SpecsSystem Spec
Reply

 Virus - Access denied - H:\system volume information




Thread Tools



Similar help and support threads for2: Virus - Access denied - H:\system volume information
Thread Forum
External disk -folders not visible -access denied system volume info General Discussion
Access denied storage volume 4 Installation & Setup
Solved How to remove $Recycle.Bin and System Volume Information virus? General Discussion
Removing System Volume Information virus with $recycle bin System Security
Solved Sanitizing & access denied to System Volume Information Performance & Maintenance
System Volume Information 109 GB !! General Discussion
System Volume Information Performance & Maintenance

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 08:13 PM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33