Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Virus - Access denied - H:\system volume information

24 Apr 2013   #21
cottonball

Windows 7 Home Premium
 
 

If you do not wish to use avast!,let's download Dr.Web CureIt!
Scroll down to the bottom of the page to download the free version.
Save to the Desktop.


After the file downloads, temporarily disable your antivirus program and disconnect from the Internet.
Info: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides

Right-click the cureit.exe file and select: Run as Administrator


At the Dr.Web CureIt console, License and Updates prompt, agree to participate, and select: Continue
At the Scan Mode prompt, click: Select objects for scanning

At the next prompt, Custom Scan, check all the items except:
Temporary files
System Restore points.


Next, press: Click to select files and folders
Under Browse, select the drives to scan making sure the drive containing the Operating System, normally C:, is selected, as well as the external Hard Drive. When done, click: OK


Reboot computer to Safe Mode (Tap F8 key before the Microsoft logo appears. Select Safe Mode from the options).


Back at Dr.Web, click: Start Scanning


Please do not run any other programs while the scan is in progress.
The time needed for a full scan depends on factors, such as system performance, available memory, running processes, number of drives and files, etc. Please be patient since it may take a while.


If a threat is detected, a screen similar to the following appears:




For each entry detected, click on the down arrow by Action, and select: Cure (or Ignore, if it is something you recognize):




For the program to apply the selection on the Action column, click: Neutralize


When the actions are applied, a message appears: All security threats were neutralized successfully!


Now, click on the green: Open Report
The report appears in Notepad, and is called: Cureit.log
Save the report to the Desktop.


Close Dr.Web Cureit

Restart the computer to allow the files in use to be acted upon during reboot.


After the reboot, attach the Cureit.log, saved previously, in your reply.


Also re-enable your antivirus program when done.



Next, do the following:

Please download the Farbar Recovery Scan Tool
Select the 64-bit version.





Save it to your Desktop.
  • Double-click the downloaded file to run it.
  • When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • When done, FRST64 makes a log (FRST.txt) in the same directory from which the tool is run (Desktop).
Please copy/paste the FRST.txt in your reply. <<---
The first time the tool is run, it also makes another log: Addition.txt
Please post the Addition.txt in your reply also. <<---


My System SpecsSystem Spec
.
01 May 2013   #22
Jamal NUMAN

Windows 7 Ultimate x64
 
 

Quote   Quote: Originally Posted by cottonball View Post
If you do not wish to use avast!,let's download Dr.Web CureIt!
Scroll down to the bottom of the page to download the free version.
Save to the Desktop.


After the file downloads, temporarily disable your antivirus program and disconnect from the Internet.
Info: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides

Right-click the cureit.exe file and select: Run as Administrator


At the Dr.Web CureIt console, License and Updates prompt, agree to participate, and select: Continue
At the Scan Mode prompt, click: Select objects for scanning

At the next prompt, Custom Scan, check all the items except:
Temporary files
System Restore points.


Next, press: Click to select files and folders
Under Browse, select the drives to scan making sure the drive containing the Operating System, normally C:, is selected, as well as the external Hard Drive. When done, click: OK


Reboot computer to Safe Mode (Tap F8 key before the Microsoft logo appears. Select Safe Mode from the options).


Back at Dr.Web, click: Start Scanning


Please do not run any other programs while the scan is in progress.
The time needed for a full scan depends on factors, such as system performance, available memory, running processes, number of drives and files, etc. Please be patient since it may take a while.


If a threat is detected, a screen similar to the following appears:




For each entry detected, click on the down arrow by Action, and select: Cure (or Ignore, if it is something you recognize):




For the program to apply the selection on the Action column, click: Neutralize


When the actions are applied, a message appears: All security threats were neutralized successfully!


Now, click on the green: Open Report
The report appears in Notepad, and is called: Cureit.log
Save the report to the Desktop.


Close Dr.Web Cureit

Restart the computer to allow the files in use to be acted upon during reboot.


After the reboot, attach the Cureit.log, saved previously, in your reply.


Also re-enable your antivirus program when done.



Next, do the following:

Please download the Farbar Recovery Scan Tool
Select the 64-bit version.





Save it to your Desktop.
  • Double-click the downloaded file to run it.
  • When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • When done, FRST64 makes a log (FRST.txt) in the same directory from which the tool is run (Desktop).
Please copy/paste the FRST.txt in your reply. <<---
The first time the tool is run, it also makes another log: Addition.txt
Please post the Addition.txt in your reply also. <<---


Thank you very much cottonball for the distinct help,

I couldn’t manage to install the cureit.exe. Please, have a look on the attached file


Does everyone need all of these tools just to kill this virus?

Best

Jamal


Attached Thumbnails
-clip_1081.jpg  
My System SpecsSystem Spec
01 May 2013   #23
cottonball

Windows 7 Home Premium
 
 

Jamal NUMAN,

Quote:
Does everyone need all of these tools just to kill this virus?
There is an arsenal of tools available. Have only provided instructions on a few, and sometimes one or more tools were just presented as options.

Unfortunately, in Post # 17 the avast! Scan Log was requested, and was not provided.

In Post # 18 running the Farbar Recovery Scan Tool (FRST) was requested.
Your reply:
Quote:
... I couldn’t follow the instructions that you have sent! Sounds to be long and I got confused. By the way, as an end user, do I need to struggle all my life just to kill this virus!
The instructions provided to run FRST are written as simple and explicit as possible to assist individuals that are not computer savvy. The tool has been used successfully numerous times by Users with limited computer knowledge. It normally provides helpful information in resolving the issue at hand. However, the report produced by the tool was not provided.

In Post # 20 AutorunExterminator was suggested along with the use of your current AntiVirus or avast!.
Additionally, Post # 21 also suggested the use of Dr. Web CureIt, and a new, and very easy to use version of Farbar Recovery Scan Tool. Have no clue as to whether AutoRunExterminator was used, and information from Dr. Web CureIt or the new version of FRST was not provided.


My apology, Jamal NUMAN, for my incompetence in handling this issue, blindly. For several years I have dedicated much time and effort helping individuals remove malware from their computers, and this time, I'll jump out of the boat.

Respectfully, I withdraw from this thread, and welcome anyone to resume its work to help you with the issue. Good luck.
My System SpecsSystem Spec
.

02 May 2013   #24
Jamal NUMAN

Windows 7 Ultimate x64
 
 

Quote   Quote: Originally Posted by cottonball View Post
Jamal NUMAN,

Quote:
Does everyone need all of these tools just to kill this virus?
There is an arsenal of tools available. Have only provided instructions on a few, and sometimes one or more tools were just presented as options.

Unfortunately, in Post # 17 the avast! Scan Log was requested, and was not provided.

In Post # 18 running the Farbar Recovery Scan Tool (FRST) was requested.
Your reply:
Quote:
... I couldn’t follow the instructions that you have sent! Sounds to be long and I got confused. By the way, as an end user, do I need to struggle all my life just to kill this virus!
The instructions provided to run FRST are written as simple and explicit as possible to assist individuals that are not computer savvy. The tool has been used successfully numerous times by Users with limited computer knowledge. It normally provides helpful information in resolving the issue at hand. However, the report produced by the tool was not provided.

In Post # 20 AutorunExterminator was suggested along with the use of your current AntiVirus or avast!.
Additionally, Post # 21 also suggested the use of Dr. Web CureIt, and a new, and very easy to use version of Farbar Recovery Scan Tool. Have no clue as to whether AutoRunExterminator was used, and information from Dr. Web CureIt or the new version of FRST was not provided.


My apology, Jamal NUMAN, for my incompetence in handling this issue, blindly. For several years I have dedicated much time and effort helping individuals remove malware from their computers, and this time, I'll jump out of the boat.

Respectfully, I withdraw from this thread, and welcome anyone to resume its work to help you with the issue. Good luck.

Let me first thank you for the massive effort and considerable time you have offered to help.

With your district help, I could recover the hidden files and the shortcuts but the virus is still living in my machine.

I’m sorry to bother you again and again. All what I wanted is a simple tool to kill the virus and then to have a deep breath.


Very much appreciated. Your help meant a lot to me

Best

Jamal
My System SpecsSystem Spec
07 Jul 2013   #25
tooca

Windows 7 Ultimate service pack 1 64bit
 
 

hi
I download RogueKiller and saved it to the desktop and performed the first scan with windows and browsers open. then realized that they should be closed so did another scan with everything closed. you can find both reports attached.
then as you instructed I used the "attrib -h -s -r -a /s /d G:\*.*"
my flash drive name is G:\
nothing seemed to happen in the command prompt as you see in the attached photo
then I checked my G:\ drive
the administrator shortcut still exists but the autorun.ini is gone for now. not sure if its permenantly gone though.
when i double click on the administrator shortcut i recevie this error: can not find script file "G:\Microsoft.exe".
at some point in the middle of these steps an unnamed folder showed up in the G:\ drive and a file with this extention: ".init" or something and one more file which sadly i can not recall its name. i shift+deleted them successfully.
after these steps I downloaded Rkill and ran scan. you can also find the report attached to this post.

I shoud also inform you that prior to these steps I used autorun exterminator for killing the autorun.ini but it did no good and kept cycling in a loop which the program deleted the autorun file but it kept regenerating itself over and over again.
oh and my anti virus does not detect any threats. it is ESET Smart Security.
there is also this wierd thing about my flash drive! the other day I inserted it into a pc at coffe net and on that pc I could see some stuff on my flash drive which I have deleted really long time ago(over 3years ago). what is wrong? how to fix it?
Is it possible that the virus aslo spread to my other flash drives or even my external hard drive?
one more thing! every time I insert this flash drive into my laptop, it says that it is recommanded to scan and fix the flash drive which I have done in a few times but the problem seems to resist no matter what!
could you plz check these out and help me with my problem?
My System SpecsSystem Spec
07 Jul 2013   #26
cottonball

Windows 7 Home Premium
 
 

tooca,


Please start your own topic right in this forum:
System Security - Windows 7 Help Forums
Just press the orange New Thread button.

Also, plug in the infected USB drive in your computer while pressing the left Shift key so that autorun is disabled (if present).

Press on with RogueKiller as follows...
•Quit all programs
•Right-click the RogueKiller file and select: Run as Administrator
•Wait until the Prescan finishes
•Press: Scan
•Then, press the [Delete] button.

Please post the new RKreport (Mode: Delete) (created on the Desktop) in your reply. <<---


Next, to find the User Name you are currently using, click the Start menu.
In the top right corner Windows 7 displays the current Windows profile that is running, right below your account picture.


Now, go to Start > All Programs > Accessories > Command Prompt
Right-click Command Prompt, and select: Run as Administrator

Please copy (with mouse) the entire contents of the quote box below, paste it at the blinking cursor of the Command Prompt, and press: Enter

Quote:
g:
attrib -s -h -a -r /s /d *.*
dir/b /s > C:\Users\username\Desktop\dirlist.txt
Note: Assumes g, on the first line, is the letter of your USB drive.
Replace username with yours.

Please provide the contents of the dirlist.txt (created on the Desktop) in your reply.

Also, please quote this post in the new thread you create.

Thanks!
My System SpecsSystem Spec
19 Jul 2013   #27
Jamal NUMAN

Windows 7 Ultimate x64
 
 

Quote   Quote: Originally Posted by tooca View Post
hi
I download RogueKiller and saved it to the desktop and performed the first scan with windows and browsers open. then realized that they should be closed so did another scan with everything closed. you can find both reports attached.
then as you instructed I used the "attrib -h -s -r -a /s /d G:\*.*"
my flash drive name is G:\
nothing seemed to happen in the command prompt as you see in the attached photo
then I checked my G:\ drive
the administrator shortcut still exists but the autorun.ini is gone for now. not sure if its permenantly gone though.
when i double click on the administrator shortcut i recevie this error: can not find script file "G:\Microsoft.exe".
at some point in the middle of these steps an unnamed folder showed up in the G:\ drive and a file with this extention: ".init" or something and one more file which sadly i can not recall its name. i shift+deleted them successfully.
after these steps I downloaded Rkill and ran scan. you can also find the report attached to this post.

I shoud also inform you that prior to these steps I used autorun exterminator for killing the autorun.ini but it did no good and kept cycling in a loop which the program deleted the autorun file but it kept regenerating itself over and over again.
oh and my anti virus does not detect any threats. it is ESET Smart Security.
there is also this wierd thing about my flash drive! the other day I inserted it into a pc at coffe net and on that pc I could see some stuff on my flash drive which I have deleted really long time ago(over 3years ago). what is wrong? how to fix it?
Is it possible that the virus aslo spread to my other flash drives or even my external hard drive?
one more thing! every time I insert this flash drive into my laptop, it says that it is recommanded to scan and fix the flash drive which I have done in a few times but the problem seems to resist no matter what!
could you plz check these out and help me with my problem?
Hi tooca,

I used the RogueKiller.exe (or RogueKillerX64.exe) and worked fine for me

Best

Jamal
My System SpecsSystem Spec
06 Aug 2014   #28
afada

Windows 7 Professional x64
 
 
Hi there, Hidden Virus Remove

Type these on command prompt,
assume if your drive is f

f:\
attrib -a -s -r -h /s /d
del /f /q *.lnk
del /f /q *.ini
del /f /q *.inf
del /f /q *.db

remember press enter after a line

type %temp% on RUN then OK.. select all files then press shift+del on keyboard. close that window.
then type %userprofile% on RUN then OK.. find an un-proper file name and del that file or folder. thats a virus.
type msconfig on RUN then OK.. go to startup tab, un-tick an item that its command path aim to user account then save and restart your computer.

If you do it right, you might solve that virus manually without antivirus.
My System SpecsSystem Spec
10 Aug 2014   #29
Jamal NUMAN

Windows 7 Ultimate x64
 
 

Quote   Quote: Originally Posted by afada View Post
Type these on command prompt,
assume if your drive is f

f:\
attrib -a -s -r -h /s /d
del /f /q *.lnk
del /f /q *.ini
del /f /q *.inf
del /f /q *.db

remember press enter after a line

type %temp% on RUN then OK.. select all files then press shift+del on keyboard. close that window.
then type %userprofile% on RUN then OK.. find an un-proper file name and del that file or folder. thats a virus.
type msconfig on RUN then OK.. go to startup tab, un-tick an item that its command path aim to user account then save and restart your computer.

If you do it right, you might solve that virus manually without antivirus.
Thanks afada

Best

Jamal
My System SpecsSystem Spec
Reply

 Virus - Access denied - H:\system volume information




Thread Tools





Similar help and support threads
Thread Forum
External disk -folders not visible -access denied system volume info
The folders on my external hard disk are not visible. I followed Cottonball's suggestion from one of the threads on using Roguekiller to eliminate the virus. I downloaded RogueKiller and scanned my disk. After that i deleted the malware it detected. Subsequently, I also tried the following...
General Discussion
Access denied storage volume 4
Vista Ultimate SP2 Need help please? Clean reinstall of vista plus SP2 Went to computer management and changed drive letters to be in order, have done this many times before on all my versions. Before changing the drive letter, I had access to the storage partition I now get "F:\is not...
Installation & Setup
How to remove $Recycle.Bin and System Volume Information virus?
I run a 32-bit Windows 7 machine as well as a 64-bit Windows 7 laptop. I also have a few USBs and Hard-Drives infected with the $Recycle.Bin. I am not sure if it is a virus; however, on my Hard-Drive it has made everything hidden and the FOLDER PROPERTIES (not FOLDER AND SEARCH OPTIONS) wont let me...
General Discussion
Removing System Volume Information virus with $recycle bin
Buddies, With some of steps with this link, i got to delete the folder RECYCLER. However, the System Volume Information folder dont allow the access to delete it (MSDOS or Explorer). I know that have to manage folder options, to show hidden files, etc... run CMD as Administrador and the...
System Security
~8-9 GB used in C:\System Volume Information\ ?
I was defragging with defraggler and i noticed that there were a few defragmented files in System Volume Information but they were huge files which added to about 8gb. It could be more as only the fragmented files add to 8gb. I was wondering where these files came from? They have long, random...
Performance & Maintenance
Sanitizing & access denied to System Volume Information
I am ready to pull my hair out here! I can't wait for help. I am trying to use Heidi Eraser ver. 6.0.8.2273 to sanitize a small (80 GB HDD) secondary drive. I receive the following error message "Files in E:\System Volume Information did not have its cluster tips erased because of the following...
Performance & Maintenance

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 06:27.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App