Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Win Def Offline - no access to results, no log created

10 Nov 2015   #41
UsernameIssues

W7 Pro SP1 64bit
 
 

Uninstall every Java version that you can find in Programs and Features. You will probably never miss it. If you do find something that needs it, create a new thread and let's discuss then need vs. the risk.

Quote   Quote: Originally Posted by UberGoober View Post
~~~
I wonder if the SSV architecture is 32-bit because the OS of the VM the malware installed in my C: partition is XP. It's controlled from a remote server, so they might need the Java stuff. I certainly don't want any Browser Helper Objects.
~~~
I'm still not seeing any evidence of a VM. The Documents and Settings folder is a part of Windows 7. It is not evidence of a 32-bit XP VM (in case that is what you were thinking).


My System SpecsSystem Spec
.
10 Nov 2015   #42
UberGoober

Windows 7 Pro 64 bit
 
 

Quote   Quote: Originally Posted by Jacee View Post
Quote:
PC booted to "X:/v::", Windows XP Pro on a hidden, virtual HDD
This makes me think Mac OS X on a Windows PC. VMware on OSx86......

See why: Vmware - OSx86

I can be of no help here!
I think it is something structured like the OS X or Sub Virt. But UsernameIssues has some stuff for me to work on, so I'll go get started.

Thanks a million anyway, Jacee. I really appreciate your effort to help. All the best, UG
My System SpecsSystem Spec
10 Nov 2015   #43
UberGoober

Windows 7 Pro 64 bit
 
 

Wow, UsernameIssues! (May I call you UNI?) You have spent a lot of time already looking into this for me. I thank you very much!

"Can you take a picture of what you see via the custom scan drive selection dialog box?" (Post #32)

Here it is, operating from my User Account "A", a member of the Administrators Group:

Win Def Offline - no access to results, no log created-wdodrives.png


My System SpecsSystem Spec
.

10 Nov 2015   #44
UberGoober

Windows 7 Pro 64 bit
 
 

My replies in purple
Quote   Quote: Originally Posted by UsernameIssues View Post
Quote   Quote: Originally Posted by UberGoober View Post
~~~
However, I may be blocked from actually affecting settings by the virus...

What you show in that screenshot is normal.
Why is "A" locked? I haven't seen that in other W7 installations.

Note the "Date Modified" on my user account "A" - 1/09/1980! The last clean custom reinstall of W7 I did was in early October, I think.

The malware had set a password for entering Setup, so I couldn't change the date & time in CMOS. If there is no hidden VM, where did the ability to do that come from? I was able to use Date & Time in the OS after installation.

Where is Guest user? And I've never seen a user called Default, Default User, or Public before. I didn't set them up - it was Deus ex Machina, I think !

Lemme show you the real list of All Users (4 snips)

Win Def Offline - no access to results, no log created-allusersgroups1.png

Win Def Offline - no access to results, no log created-allusersgroups2.png

Win Def Offline - no access to results, no log created-allusersgroups3.png

Win Def Offline - no access to results, no log created-allusersgroups4.png

Are they all normally set up by Windows?



Quote   Quote: Originally Posted by UberGoober View Post
~~~
"System Reserved D:" is weird cuz it never has a drive letter that I've seen before. But the choices for a Custom Scan in WOD listed it exactly that way. Also listed were "Local Disk C:", my DVD drive as "E:", and the VM where the virus installed XP as "X:".

I've used Parted Magic, Partition Wizard, Bart's PE, Macrium Reflect, Seagate's Acronis Free. HP's hard drive manager, Paragon, D-Ban, Daricks Boot and Nuke. None ever gave System Reserved a drive letter, but once the VM was listed as "V:"; another time as "h:". Sorry I didn't write down which app showed what, but both wipers failed to touch the VM located within partition "C:".
It is normal for some of those tools to assign a drive letter to the system reserve partition. Judging from the folders in the X drive shown in WDO, that drive seems to be where the WDO scanner is operating from.
OK, UNI, let me put in the WDO disk and see what I get for drives now. Back later...and thanks again, so much! UG


My System SpecsSystem Spec
10 Nov 2015   #45
UsernameIssues

W7 Pro SP1 64bit
 
 

You are welcome.

Sure, UNI is fine/simpler.

re: post #43:
I was looking for a picture (probably taken with a camera) of the Custom Scan dialog box from Windows Defender Offline; not Windows Defender while Windows is running from your user account "A". Such a picture should show the X drive that you mention in your original post.
My System SpecsSystem Spec
10 Nov 2015   #46
UsernameIssues

W7 Pro SP1 64bit
 
 

re: post #44:
I have read that the lock icon on a folder indicates that the folder has access restrictions. A non-admin user should not be able to navigate into your "A" folder. To a non-admin user, the All Users folder will be restricted to read-only access.

Were you ever able to get into BIOS on this computer? Did you update the BIOS firmware at some point? This info might help you get rid of that password. I would try option 2.

The Guest user account and the Guests user group are built into Windows 7.

The folder named Default is also normal. It contains some of the default files and folders that are used by Windows when creating a new user account folder. By default, these folders are not shown to a user (so you might not have seen them before). You are not using the default settings within Windows (file) Explorer; so, you are seeing folders and files that are designed to be hidden. (e.g. the Documents and Settings folder that we discussed earlier.)

If you were using the default settings for Windows (file) Explorer; you would still see the user folder named Public. This folder is normal. It is where files and folders so that are shared between users... even users on other computers - if sharing is setup that way.


When you install Windows 7, you are asked to pick a username for one account. In the screenshots below, that username is username. Here are the normal/default user accounts (as far as I know):

USERS:

Win Def Offline - no access to results, no log created-users.png


GROUPS:

Win Def Offline - no access to results, no log created-groups.png

You can get to the Computer Management console by right clicking on Computer and selecting Manage from the context menu. There might be a Computer shortcut/icon on your desktop. There is a Computer object in the navigation pane of Windows (file) Explorer and on the right pane of the Start Menu.


My System SpecsSystem Spec
12 Nov 2015   #47
UberGoober

Windows 7 Pro 64 bit
 
 

Purple again...
Quote   Quote: Originally Posted by UsernameIssues View Post
You are welcome.

Sure, UNI is fine/simpler.

re: post #43:
I was looking for a picture (probably taken with a camera) of the Custom Scan dialog box from Windows Defender Offline; not Windows Defender while Windows is running from your user account "A". OOPS! Such a picture should show the X drive that you mention in your original post. Yes, it does. Unfortunately, I can't send the camera pix I took . Windows isn't trying to install drivers for the USB camera card adapter I inserted!
My System SpecsSystem Spec
12 Nov 2015   #48
UsernameIssues

W7 Pro SP1 64bit
 
 

Quote   Quote: Originally Posted by UberGoober View Post
Purple again...
Quote   Quote: Originally Posted by UsernameIssues View Post
You are welcome.

Sure, UNI is fine/simpler.

re: post #43:
I was looking for a picture (probably taken with a camera) of the Custom Scan dialog box from Windows Defender Offline; not Windows Defender while Windows is running from your user account "A". OOPS! Such a picture should show the X drive that you mention in your original post. Yes, it does. Unfortunately, I can't send the camera pix I took . Windows isn't trying to install drivers for the USB camera card adapter I inserted!
Okay - at least you can see that the X drive is not some evil VM. It is normal :-)
My System SpecsSystem Spec
12 Nov 2015   #49
UberGoober

Windows 7 Pro 64 bit
 
 

Green this time.

Quote   Quote: Originally Posted by UsernameIssues View Post
Your reply to Layback Bear asking, "Are you able to run sfc /scannow?" was: "I did - it said no problems."

Then you went on to totally confuse me with:
Quote   Quote: Originally Posted by UberGoober View Post
~~~
But remember, it is scanning the Windows 7 drive "C:" that the VM XP OS installs whether I insert a Windows 2000 Pro, XP Home, Windows 7 Universal install disc, or the Windows 7 disc shipped with the PC!
~~~
Could you please restate that info another way? OK. I had wiped the HDD with the newest version of DBAN and was able to see the VM still within the C: partition using one of my bootable partition tool CDs (can't remember for sure, but probably PartedMagic). All actions the program could have taken were grayed out and did nothing when clicked, so I could not delete, shrink, expand, move to another partition, relabel or anything else.

"X:/v::" was the designation (label?). Are the 2 colons after v significant? I removed the CD and rebooted. The machine booted to XP Pro, which I don't even have a copy of! My user account wasn't there, and I couldn't get rights to create one.


I rebooted into the hidden admin account. Then I could view the contents of some folders. Trying to change anything popped up a dialogue box saying I had to have the permission of Trusted Installer, or immediately "disappeared" the folder.

A "low-level format" was recommended by several techs/geeks, so I inserted my Windows 2000 Pro disc to use tools on there and rebooted. The CD drive whirred, but what came up was the Windows 7 Pro install screen! Switched to each of the other OS discs I have, but the malware installed its modified copy of the CD.


I know, UNI - seems impossible...but I've been working with this for several months now, and I was able to see a folder that held copies of every disc I'd run, with copious Power Shell scripts added. I wish I had been more systematic and gotten screen shots back then. Little did I know that every secret thing I was able to access would disappear, never to be found again!

The links to Parts 1 - 4 in my post #28 explain what I'm seeing better than I can. It's asking an awful lot for your time to read them, but you might be able to add your skills to the efforts to find a solution to this world-wide invasion!

After some research I concluded that "X:/v::" was some type of virtual machine installed by malware. "SYSTEM" resides there, but the malware makes it appear as though it's in my W7 installation. When I get the camera going, I'll show you what I think is bogus.

Were you running the SFC scan from WinRE (like this)? Yes, I was following that exact tutorial, Method Two.

Dang it! I just clicked the "Submit Reply" button after making sure I was still logged in and got redirected to a sign-in page.

This has happened before, so I had copied my post to Notepad. I'm not able to do anything with the post unless I sign in on that page while I'm already signed in on the reply page. Then I'm brought back to the reply page, but all my input is gone.

Let's try that again...

Curses!
Attachment 375700
My System SpecsSystem Spec
12 Nov 2015   #50
UsernameIssues

W7 Pro SP1 64bit
 
 

Thank you for taking the time to write that out again. I somehow missed your post #28 on page 3 where you give similar details. I have never used DBAN. My cure for persistent infections is buying a new hard drive.

It is odd that you have to log into this forum multiple times to make a post.

re: post #28:
The "DO" in the URL is normal.


I'm not sure what the "X:\V::" could be or where the XP OS is coming from. Let's see if Jacee or other forum members know of tools that might wipe the drive better.
My System SpecsSystem Spec
Reply

 Win Def Offline - no access to results, no log created




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
failed to sync offline file - access denied
Hi, seems like my case is quite different..offline status = offline (need to sync), i try to sync again but getting error = "access is denied"
Network & Sharing
Created Partition on Hard Drive but now cannot access rest of HDD
Hello all, I have a WD 750GB GB 2.5-INCH 5400 RPM SATA II HDD that I recently installed on my computer. When I attempted to do a clean install of windows, the windows setup could not find any drives. I formatted the HDD and created a primary partition. I admit I was rushing, and I clicked the...
Hardware & Devices
Cannot access Win 7 OS asking for P/W that I never created!
On my dual boot system while trying to get into SAFE MODE in 7-64 I made the mistake of hitting F-8 repeatedly. Now I get a screen with my name on it in the center and it's asking for a P/W. When I built the machine I never entered one because I am the only user. I have tried all the P/W that I...
General Discussion
Results of Windows Defender Offline Full Scan
Results of the Windows Defender Offline Full Scan: Trojan:Win32/Dynamer!dtc Severe Active Remove Exploit:Java/CVE-2012-1723.AQT Severe Active Remove Trojan:Win32/Alureon Severe Active Remove Providing the above per gregrocker in the...
System Security
Windows defender offline scan results problem
While using Windows Defender Offline (WDO) scans show that it detects some sort of virus. The problem is at the end of scan it doesn't allow me to review or remove the virus. I need Help.
System Security
Unable to access desktop a new one is created
Today when I loaded windows 7 I clicked on my account and after a slight delay a message appeared "preparing your desktop". When it appeared it was a new desktop and a message on the task bar stated "you can not access you files and folders". I have followed a few steps about unlocking locked...
General Discussion


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 15:56.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App