Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Win Def Offline - no access to results, no log created

09 Nov 2015   #31
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Quote:
PC booted to "X:/v::", Windows XP Pro on a hidden, virtual HDD
This makes me think Mac OS X on a Windows PC. VMware on OSx86......

See why: Vmware - OSx86

I can be of no help here!


My System SpecsSystem Spec
.
10 Nov 2015   #32
UsernameIssues

W7 Pro SP1 64bit
 
 

Quote   Quote: Originally Posted by UberGoober View Post
Following the instructions in this Tutorial, I tried cleaning out an infection (name unknown, but sorta a super Poweliks). It came up clean after running all 3 types of scans.

I know that's impossible. The hidden, evil X: virtual drive (installed within the C: partition space by the virus) was even listed as a choice for Custom Scan, along with Local Disk C: and System Reserved D:!

When I clicked "View Details", a box popped up saying, "You must be the Administrator Security to view these files."

I tried navigating to the location given in the tutorial, but no WDO folder was created at C:\Windows.

What can I try next?
Can you take a picture of what you see via the custom scan drive selection dialog box?

This is what I see:

Win Def Offline - no access to results, no log created-capture.png


My System SpecsSystem Spec
10 Nov 2015   #33
UsernameIssues

W7 Pro SP1 64bit
 
 

Quote   Quote: Originally Posted by UberGoober View Post
~~~
However, I may be blocked from actually affecting settings by the virus...

What you show in that screenshot is normal.




Quote   Quote: Originally Posted by UberGoober View Post
~~~
"System Reserved D:" is weird cuz it never has a drive letter that I've seen before. But the choices for a Custom Scan in WOD listed it exactly that way. Also listed were "Local Disk C:", my DVD drive as "E:", and the VM where the virus installed XP as "X:".

I've used Parted Magic, Partition Wizard, Bart's PE, Macrium Reflect, Seagate's Acronis Free. HP's hard drive manager, Paragon, D-Ban, Daricks Boot and Nuke. None ever gave System Reserved a drive letter, but once the VM was listed as "V:"; another time as "h:". Sorry I didn't write down which app showed what, but both wipers failed to touch the VM located within partition "C:".
It is normal for some of those tools to assign a drive letter to the system reserve partition. Judging from the folders in the X drive shown in WDO, that drive seems to be where the WDO scanner is operating from.
My System SpecsSystem Spec
.

10 Nov 2015   #34
UsernameIssues

W7 Pro SP1 64bit
 
 

Quote   Quote: Originally Posted by Layback Bear View Post
~~~
The computer I'm on now has Systems also with all check marks, (Full Control).
~~~
You were probably checking the Security tab of the Properties dialog box for the root of the OS drive. Take a look at the OP's screenshot again:


While the "C" drive is highlighted in the left navigation pane, the All Users folder is highlighted in the right pane. The Properties dialog box shown in the foreground is for the folder named All Users. You can see All Users Properties as the title of that dialog box.
My System SpecsSystem Spec
10 Nov 2015   #35
UsernameIssues

W7 Pro SP1 64bit
 
 

Your reply to Layback Bear asking, "Are you able to run sfc /scannow?" was: "I did - it said no problems."

Then you went on to totally confuse me with:
Quote   Quote: Originally Posted by UberGoober View Post
~~~
But remember, it is scanning the Windows 7 drive "C:" that the VM XP OS installs whether I insert a Windows 2000 Pro, XP Home, Windows 7 Universal install disc, or the Windows 7 disc shipped with the PC!
~~~
Could you please restate that info another way?
Were you running the SFC scan from WinRE (like this)?
My System SpecsSystem Spec
10 Nov 2015   #36
UsernameIssues

W7 Pro SP1 64bit
 
 

Quote   Quote: Originally Posted by UberGoober View Post
~~~
I used Option One, the downloaded zip file. When I double-click the Troubleshooting desktop icon, it sends me to this target:
Attachment 375122

When I double-click "Troubleshooting" there, I get:


That didn't seem right, so...

The screenshot shown in the quote above is normal...
...if you fail to unblock the LNK file via step 4:

My System SpecsSystem Spec
10 Nov 2015   #37
UsernameIssues

W7 Pro SP1 64bit
 
 

Quote   Quote: Originally Posted by UberGoober View Post
No joy with Everything, LB. The Naughty VM still successfully hides itself.Is there a program out that truly wipes the whole HDD, ignoring partitions?Thanks again, UG
I'm not convinced that there is a VM - naughty or otherwise - when you boot to your W7 OS.

There is not much that I can say about the virus redirecting you (mentioned at the end of post #6). Do you still have the shortcut? If yes, can you please post a screenshot of the Properties > Shortcut tab?
My System SpecsSystem Spec
10 Nov 2015   #38
UsernameIssues

W7 Pro SP1 64bit
 
 

Quote   Quote: Originally Posted by UberGoober View Post
~~~
This malware installs on whatever machine I'm using if I log onto my ISP webmail.
~~~
What makes you think that?
What evidence of infection do you see?
What antivirus app are you using?


Quote   Quote: Originally Posted by UberGoober View Post
~~~
I wonder if I was presented a substitute by the malware - there wasn't a "Report" button.


~~~
No. You were presented with the latest version.
Jacee's instructions are just old.
The Report button has been renamed.
My System SpecsSystem Spec
10 Nov 2015   #39
UsernameIssues

W7 Pro SP1 64bit
 
 

Quote   Quote: Originally Posted by UberGoober View Post
~~~
Still being redirected in Firefox; wasn't hijacked from IXQuick to another home page, but my settings won't hold.
Which settings won't hold? You will need to be more specific than that.

Quote   Quote: Originally Posted by UberGoober View Post
~~~
Logging in to my ISP webmail, these were exposed:


~~~
The first tab seems to indicate that you searched Yahoo for twc email. The second tab is presented to you from a Yahoo server. There is no evidence that this is the result of a hijack, infection or redirect. However, I have no idea what you clicked on in Yahoo's search returns to get to there.


Quote   Quote: Originally Posted by UberGoober View Post
~~~
I find this folder structure suspect, too.


There is nothing wrong with being denied access to the Documents and Setting folder. That is supposed to be that way. There is nothing wrong with the date/time stamp on the folder named PerLogs. The date/time stamp on the folder named Recovery might have been changed by one of the tools that you booted to for offline scans.

There are a few reasons why the autoexec.bat file might have been created. It is not hurting anything.
My System SpecsSystem Spec
10 Nov 2015   #40
UsernameIssues

W7 Pro SP1 64bit
 
 

Quote   Quote: Originally Posted by UberGoober View Post
Thanks, Jacee

Ran the batch file. Mozilla seems OK. Should I accept version 42 I'm being offered?

IE is still under the control of the malware, I think.
~~~
Again, what makes you think that? What are IE's symptoms?
My System SpecsSystem Spec
Reply

 Win Def Offline - no access to results, no log created




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
failed to sync offline file - access denied
Hi, seems like my case is quite different..offline status = offline (need to sync), i try to sync again but getting error = "access is denied"
Network & Sharing
Created Partition on Hard Drive but now cannot access rest of HDD
Hello all, I have a WD 750GB GB 2.5-INCH 5400 RPM SATA II HDD that I recently installed on my computer. When I attempted to do a clean install of windows, the windows setup could not find any drives. I formatted the HDD and created a primary partition. I admit I was rushing, and I clicked the...
Hardware & Devices
Cannot access Win 7 OS asking for P/W that I never created!
On my dual boot system while trying to get into SAFE MODE in 7-64 I made the mistake of hitting F-8 repeatedly. Now I get a screen with my name on it in the center and it's asking for a P/W. When I built the machine I never entered one because I am the only user. I have tried all the P/W that I...
General Discussion
Results of Windows Defender Offline Full Scan
Results of the Windows Defender Offline Full Scan: Trojan:Win32/Dynamer!dtc Severe Active Remove Exploit:Java/CVE-2012-1723.AQT Severe Active Remove Trojan:Win32/Alureon Severe Active Remove Providing the above per gregrocker in the...
System Security
Windows defender offline scan results problem
While using Windows Defender Offline (WDO) scans show that it detects some sort of virus. The problem is at the end of scan it doesn't allow me to review or remove the virus. I need Help.
System Security
Unable to access desktop a new one is created
Today when I loaded windows 7 I clicked on my account and after a slight delay a message appeared "preparing your desktop". When it appeared it was a new desktop and a message on the task bar stated "you can not access you files and folders". I have followed a few steps about unlocking locked...
General Discussion


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 02:32.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App