Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Win Def Offline - no access to results, no log created

02 Nov 2015   #1
UberGoober

Windows 7 Pro 64 bit
 
 
Win Def Offline - no access to results, no log created

Following the instructions in this Tutorial, I tried cleaning out an infection (name unknown, but sorta a super Poweliks). It came up clean after running all 3 types of scans.

I know that's impossible. The hidden, evil X: virtual drive (installed within the C: partition space by the virus) was even listed as a choice for Custom Scan, along with Local Disk C: and System Reserved D:!

When I clicked "View Details", a box popped up saying, "You must be the Administrator Security to view these files."

I tried navigating to the location given in the tutorial, but no WDO folder was created at C:\Windows.

What can I try next?


My System SpecsSystem Spec
.
02 Nov 2015   #2
Layback Bear

Windows 7 Pro. 64/SP-1
 
 

First off you must be logged in as administrator.

I don't understand this from your post.

Quote:
System Reserved D
Please complete this tutorial by Golden so we can have a look.

Disk Management - Post a Screen Capture Image
My System SpecsSystem Spec
02 Nov 2015   #3
UberGoober

Windows 7 Pro 64 bit
 
 

Thanks for replying, Layback Bear. Glad to have your help. The image you requested is attached.
Win Def Offline - no access to results, no log created-dskmgmt.png

My "C:/Users/A" account is a member of the Administrators group.

Win Def Offline - no access to results, no log created-useracctpermissions.png

Win Def Offline - no access to results, no log created-nospecialpermissions.png

However, I may be blocked from actually affecting settings by the virus...

Win Def Offline - no access to results, no log created-allusers.png

"System Reserved D:" is weird cuz it never has a drive letter that I've seen before. But the choices for a Custom Scan in WOD listed it exactly that way. Also listed were "Local Disk C:", my DVD drive as "E:", and the VM where the virus installed XP as "X:".

I've used Parted Magic, Partition Wizard, Bart's PE, Macrium Reflect, Seagate's Acronis Free. HP's hard drive manager, Paragon, D-Ban, Daricks Boot and Nuke. None ever gave System Reserved a drive letter, but once the VM was listed as "V:"; another time as "h:". Sorry I didn't write down which app showed what, but both wipers failed to touch the VM located within partition "C:".


My System SpecsSystem Spec
.

02 Nov 2015   #4
Layback Bear

Windows 7 Pro. 64/SP-1
 
 

You will find that some 3rd party programs will change partition letters and drive numbers around.

What I do is change the name of each drive and partition so when a program changes the partition letters or drive numbers I can use the name to make sure I know which one is which.

The computer I'm on now has Systems also with all check marks, (Full Control).

I have also ran Windows Defender Offline and never got a log I could find. I always thought that if WDO didn't give any other instruction when it was completed; it didn't find any problems. I do not remember how I got that idea.

Are you able to run sfc /scannow?
If so what results do you get?
My System SpecsSystem Spec
03 Nov 2015   #5
UberGoober

Windows 7 Pro 64 bit
 
 

Reply inserted into your quote in purple text. Thanks again!

Quote   Quote: Originally Posted by Layback Bear View Post
You will find that some 3rd party programs will change partition letters and drive numbers around. I've noticed that, but this is a Windows program.

What I do is change the name of each drive and partition so when a program changes the partition letters or drive numbers I can use the name to make sure I know which one is which. Good idea. I hadn't worried about it since the whole disk is one partition used just to find out how to get rid of this infection. Done now, though, Layback!

The computer I'm on now has Systems also with all check marks, (Full Control). That's not what I'm seeing. If you look at attachment 375091, only "Special permissions" is checked

I have also ran Windows Defender Offline and never got a log I could find. I always thought that if WDO didn't give any other instruction when it was completed; it didn't find any problems. I must be getting really paranoid after months of fighting this thing! I always assume the infection has done something nefarious when a 7 Forums tutorial says I'll have a log and I don't. I do not remember how I got that idea.

Are you able to run sfc /scannow? I did - it said no problems.

But remember, it is scanning the Windows 7 drive "C:" that the VM XP OS installs whether I insert a Windows 2000 Pro, XP Home, Windows 7 Universal install disc, or the Windows 7 disc shipped with the PC!
If so what results do you get? Text file attached.


Attached Files
File Type: txt sfcdetails1.txt (38.8 KB, 4 views)
My System SpecsSystem Spec
03 Nov 2015   #6
UberGoober

Windows 7 Pro 64 bit
 
 

Sometimes the oddest things can trigger an idea for an experienced person like you, Layback. I found the following really odd...

One thing this infection does is allow hundreds of "Authenticated Users" to log onto my PC remotely, so I decided to look into that. To save lots of future clicks, I decided to make Brink's shortcut.

I used Option One, the downloaded zip file. When I double-click the Troubleshooting desktop icon, it sends me to this target:
Win Def Offline - no access to results, no log created-icontarget.png

When I double-click "Troubleshooting" there, I get:
Win Def Offline - no access to results, no log created-iconinstall.png

That didn't seem right, so I signed back in to 7 Forums and went back to Brink's instructions for manual creation of the shortcut.

Notice that Brink specifies "%systemroot%\system32\msdt.exe -id NetworkDiagnosticsInbound" as the shortcut's target.
Win Def Offline - no access to results, no log created-virusbehavior1.png

This is the page the virus redirected me to as if it were 7 Forums, with the target location changed!
Win Def Offline - no access to results, no log created-virusbehavior2.png


My System SpecsSystem Spec
03 Nov 2015   #7
Layback Bear

Windows 7 Pro. 64/SP-1
 
 

You obviously have admin privileges because sfc /scannow worked for you.

Some times when you can't find something on your system this free program will.
Everything Search.

Everything Search Engine
My System SpecsSystem Spec
03 Nov 2015   #8
UberGoober

Windows 7 Pro 64 bit
 
 

Thanks, buddy Bear - I'll try that.
My System SpecsSystem Spec
04 Nov 2015   #9
UberGoober

Windows 7 Pro 64 bit
 
 

No joy with Everything, LB. The Naughty VM still successfully hides itself.Is there a program out that truly wipes the whole HDD, ignoring partitions?Thanks again, UG
My System SpecsSystem Spec
04 Nov 2015   #10
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Please try ESET to remove Poweliks How do I remove a Fileless (Poweliks or Gootkit) infection?—ESET Knowledgebase How do I remove a Fileless (Poweliks or Gootkit) infection?
My System SpecsSystem Spec
Reply

 Win Def Offline - no access to results, no log created




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
failed to sync offline file - access denied
Hi, seems like my case is quite different..offline status = offline (need to sync), i try to sync again but getting error = "access is denied"
Network & Sharing
Created Partition on Hard Drive but now cannot access rest of HDD
Hello all, I have a WD 750GB GB 2.5-INCH 5400 RPM SATA II HDD that I recently installed on my computer. When I attempted to do a clean install of windows, the windows setup could not find any drives. I formatted the HDD and created a primary partition. I admit I was rushing, and I clicked the...
Hardware & Devices
Cannot access Win 7 OS asking for P/W that I never created!
On my dual boot system while trying to get into SAFE MODE in 7-64 I made the mistake of hitting F-8 repeatedly. Now I get a screen with my name on it in the center and it's asking for a P/W. When I built the machine I never entered one because I am the only user. I have tried all the P/W that I...
General Discussion
Results of Windows Defender Offline Full Scan
Results of the Windows Defender Offline Full Scan: Trojan:Win32/Dynamer!dtc Severe Active Remove Exploit:Java/CVE-2012-1723.AQT Severe Active Remove Trojan:Win32/Alureon Severe Active Remove Providing the above per gregrocker in the...
System Security
Windows defender offline scan results problem
While using Windows Defender Offline (WDO) scans show that it detects some sort of virus. The problem is at the end of scan it doesn't allow me to review or remove the virus. I need Help.
System Security
Unable to access desktop a new one is created
Today when I loaded windows 7 I clicked on my account and after a slight delay a message appeared "preparing your desktop". When it appeared it was a new desktop and a message on the task bar stated "you can not access you files and folders". I have followed a few steps about unlocking locked...
General Discussion


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 07:32.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App