Win Def Offline - no access to results, no log created

Page 1 of 6 123 ... LastLast

  1. Posts : 44
    Windows 7 Pro 64 bit
       #1

    Win Def Offline - no access to results, no log created


    Following the instructions in this Tutorial, I tried cleaning out an infection (name unknown, but sorta a super Poweliks). It came up clean after running all 3 types of scans.

    I know that's impossible. The hidden, evil X: virtual drive (installed within the C: partition space by the virus) was even listed as a choice for Custom Scan, along with Local Disk C: and System Reserved D:!

    When I clicked "View Details", a box popped up saying, "You must be the Administrator Security to view these files."

    I tried navigating to the location given in the tutorial, but no WDO folder was created at C:\Windows.

    What can I try next?
      My Computer


  2. Posts : 25,847
    Windows 10 Pro. 64/ version 1709 Windows 7 Pro/64
       #2

    First off you must be logged in as administrator.

    I don't understand this from your post.

    System Reserved D
    Please complete this tutorial by Golden so we can have a look.

    Disk Management - Post a Screen Capture Image
      My Computer


  3. Posts : 44
    Windows 7 Pro 64 bit
    Thread Starter
       #3

    Thanks for replying, Layback Bear. Glad to have your help. The image you requested is attached.
    Win Def Offline - no access to results, no log created-dskmgmt.png

    My "C:/Users/A" account is a member of the Administrators group.

    Win Def Offline - no access to results, no log created-useracctpermissions.png

    Win Def Offline - no access to results, no log created-nospecialpermissions.png

    However, I may be blocked from actually affecting settings by the virus...

    Win Def Offline - no access to results, no log created-allusers.png

    "System Reserved D:" is weird cuz it never has a drive letter that I've seen before. But the choices for a Custom Scan in WOD listed it exactly that way. Also listed were "Local Disk C:", my DVD drive as "E:", and the VM where the virus installed XP as "X:".

    I've used Parted Magic, Partition Wizard, Bart's PE, Macrium Reflect, Seagate's Acronis Free. HP's hard drive manager, Paragon, D-Ban, Daricks Boot and Nuke. None ever gave System Reserved a drive letter, but once the VM was listed as "V:"; another time as "h:". Sorry I didn't write down which app showed what, but both wipers failed to touch the VM located within partition "C:".
      My Computer


  4. Posts : 25,847
    Windows 10 Pro. 64/ version 1709 Windows 7 Pro/64
       #4

    You will find that some 3rd party programs will change partition letters and drive numbers around.

    What I do is change the name of each drive and partition so when a program changes the partition letters or drive numbers I can use the name to make sure I know which one is which.

    The computer I'm on now has Systems also with all check marks, (Full Control).

    I have also ran Windows Defender Offline and never got a log I could find. I always thought that if WDO didn't give any other instruction when it was completed; it didn't find any problems. I do not remember how I got that idea.

    Are you able to run sfc /scannow?
    If so what results do you get?
      My Computer


  5. Posts : 44
    Windows 7 Pro 64 bit
    Thread Starter
       #5

    Reply inserted into your quote in purple text. Thanks again!

    Layback Bear said:
    You will find that some 3rd party programs will change partition letters and drive numbers around. I've noticed that, but this is a Windows program.

    What I do is change the name of each drive and partition so when a program changes the partition letters or drive numbers I can use the name to make sure I know which one is which. Good idea. I hadn't worried about it since the whole disk is one partition used just to find out how to get rid of this infection. Done now, though, Layback!

    The computer I'm on now has Systems also with all check marks, (Full Control). That's not what I'm seeing. If you look at attachment 375091, only "Special permissions" is checked

    I have also ran Windows Defender Offline and never got a log I could find. I always thought that if WDO didn't give any other instruction when it was completed; it didn't find any problems. I must be getting really paranoid after months of fighting this thing! I always assume the infection has done something nefarious when a 7 Forums tutorial says I'll have a log and I don't. I do not remember how I got that idea.

    Are you able to run sfc /scannow? I did - it said no problems.

    But remember, it is scanning the Windows 7 drive "C:" that the VM XP OS installs whether I insert a Windows 2000 Pro, XP Home, Windows 7 Universal install disc, or the Windows 7 disc shipped with the PC!
    If so what results do you get? Text file attached.
    Win Def Offline - no access to results, no log created Attached Files
      My Computer


  6. Posts : 44
    Windows 7 Pro 64 bit
    Thread Starter
       #6

    Sometimes the oddest things can trigger an idea for an experienced person like you, Layback. I found the following really odd...

    One thing this infection does is allow hundreds of "Authenticated Users" to log onto my PC remotely, so I decided to look into that. To save lots of future clicks, I decided to make Brink's shortcut.

    I used Option One, the downloaded zip file. When I double-click the Troubleshooting desktop icon, it sends me to this target:
    Win Def Offline - no access to results, no log created-icontarget.png

    When I double-click "Troubleshooting" there, I get:
    Win Def Offline - no access to results, no log created-iconinstall.png

    That didn't seem right, so I signed back in to 7 Forums and went back to Brink's instructions for manual creation of the shortcut.

    Notice that Brink specifies "%systemroot%\system32\msdt.exe -id NetworkDiagnosticsInbound" as the shortcut's target.
    Win Def Offline - no access to results, no log created-virusbehavior1.png

    This is the page the virus redirected me to as if it were 7 Forums, with the target location changed!
    Win Def Offline - no access to results, no log created-virusbehavior2.png
    Last edited by derekimo; 10 Nov 2015 at 01:41. Reason: Fixed link
      My Computer


  7. Posts : 25,847
    Windows 10 Pro. 64/ version 1709 Windows 7 Pro/64
       #7

    You obviously have admin privileges because sfc /scannow worked for you.

    Some times when you can't find something on your system this free program will.
    Everything Search.

    Everything Search Engine
      My Computer


  8. Posts : 44
    Windows 7 Pro 64 bit
    Thread Starter
       #8

    Thanks, buddy Bear - I'll try that.
      My Computer


  9. Posts : 44
    Windows 7 Pro 64 bit
    Thread Starter
       #9

    No joy with Everything, LB. The Naughty VM still successfully hides itself.Is there a program out that truly wipes the whole HDD, ignoring partitions?Thanks again, UG
      My Computer


  10. Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       #10

    Please try ESET to remove Poweliks How do I remove a Fileless (Poweliks or Gootkit) infection?—ESET Knowledgebase How do I remove a Fileless (Poweliks or Gootkit) infection?
      My Computer


 
Page 1 of 6 123 ... LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 17:53.
Find Us