WinRE (G:) Drive suddenly appeared in Windows Explorer?

Page 1 of 2 12 LastLast

  1. Posts : 30
    m
       #1

    Hello dear forumers,

    I am worrying about WinRE (G:) drive which suddenly appeared in Computer (Windows Explorer) window since today. It was never displayed there, and I knew its a system drive that is hidden by default.

    Under the name and the used space bar, it says "3,35 GB free of 11,9 GB".

    Is this somenhow normal? Any possibility for a fix? Because it was never viewable in Computer screen before.. and I think it shouldn't. I also wondering if the drive should have 11,9 GB or it should have less by default?

    Thanks ahead of time.

    UPDATE:
    And now when rebooting, I get a _ that just is blinking... and nothing goes on...

    I think this is related to this somenhow...
    Last edited by Brink; 06 Jan 2012 at 10:47. Reason: merged
      My Computer


  2. Posts : 120
    Win7Ultimate x64 + x32, Win7Pro x64, XP x32, Win 2003, Ubuntu and OpenIndiana
       #2

    Yes, probably related.

    Something has altered your partition table. Unless you've been using diskpart or the disk management console, you likely have been infected with bootkit malware that has corrupted your partition table and/or boot loader.

    Reinstalling windows is the safest option, but if you don't want to do that, you'll need to boot from your install media or system repair disk, reset the active partition to your windows installation and rebuild your boot loader. Once this has been done, use Hitman Pro or some similar dedicated anti-bootkit tool to check for any leftover bootkit components.
      My Computer


  3. Posts : 30
    m
    Thread Starter
       #3

    Thank you. I am glad that I have upgraded to Windows 7 only a few weeks ago meaning I have not having much problems by reinstalling Windows. (My files are backuped, that's a bonus)

    I will try that and report back in a few hours.
      My Computer


  4. Posts : 30
    m
    Thread Starter
       #4

    Solidwave said:
    Yes, probably related.

    Something has altered your partition table. Unless you've been using diskpart or the disk management console, you likely have been infected with bootkit malware that has corrupted your partition table and/or boot loader.

    Reinstalling windows is the safest option, but if you don't want to do that, you'll need to boot from your install media or system repair disk, reset the active partition to your windows installation and rebuild your boot loader. Once this has been done, use Hitman Pro or some similar dedicated anti-bootkit tool to check for any leftover bootkit components.
    I have reinstalled windows, but the WinRE is still there in Explorer ... May you elobrate futher on how to rebuild my boot loader using the Windows Install CD?
      My Computer

  5.    #5

    If Malware is suspected, the first steps are to boot into Safe Mode to run a Malwarebytes full scan or boot Microsoft Standalone System Sweeper to scan the HD: Troubleshooting Win7

    How do you know this partition is WinRe? Is it a factory partition labeled System? Where did it come from?

    If you are not infected and have no related performance problems, then you can simply remove the drive letter in Disk Management. However I would first check that nothing was written to the partition. We can help you determine this.

    Please post back a screenshot of your full Disk management drive map with listings, using Snipping TOol in Start Menu.

    Please also post a screenshot of the folders contained within that partition.
      My Computer


  6. Posts : 30
    m
    Thread Starter
       #6

    gregrocker said:
    If Malware was suspected, the first steps are to boot into Safe Mode to run a Malwarebytes full scan or boot Microsoft Standalone System Sweeper to scan the HD, not reinstall Windows.

    How do you know this is WinRe? Is this a factory partition labeled System? Where did it come from?

    Please post back a screenshot of your full Disk management drive map with listings, using Snipping TOol in Start Menu.

    Please also post a screenshot of the folders contained within that partition.
    Hello, thanks for responding.

    I have run a full antivirus scan that found no results, just before opening this thread. Per your request, I have used the snipping tool and made some screenshots.
    WinRE (G:) Drive suddenly appeared in Windows Explorer?-winre.png

    Drive contents:
    WinRE (G:) Drive suddenly appeared in Windows Explorer?-winrecontents.png

    Thanks.
      My Computer


  7. Posts : 30
    m
    Thread Starter
       #7

    EDIT:
    If you are not infected and have no related performance problems, then you can simply remove the drive letter in Disk Management. However I would first check that nothing was written to the partition. We can help you determine this.
    Could you please help with that? I am not sure how I go about this. Also, a few more screenshots..

    WinRE (G:) Drive suddenly appeared in Windows Explorer?-1.png

    WinRE (G:) Drive suddenly appeared in Windows Explorer?-2.png

    WinRE (G:) Drive suddenly appeared in Windows Explorer?-3.png

    WinRE (G:) Drive suddenly appeared in Windows Explorer?-4.png

    WinRE (G:) Drive suddenly appeared in Windows Explorer?-5.png

    WinRE (G:) Drive suddenly appeared in Windows Explorer?-6.png
      My Computer

  8.    #8

    Where is the Disk Management screenshot? We need to see which is marked System Active. Type DIsk management in Start Search box, maximize window, make a full screen snip.

    What was done that might have caused the apparent boot partition and Winre to take a letter?

    You can remove it in Disk mgmt by rightclicking on it to Change Drive letter.

    But first get a full Malwarebytes scan of all drives.

    You'll have to wait til I take my dog to the beach now as I can't wait for the requested Screenshot.
      My Computer


  9. Posts : 30
    m
    Thread Starter
       #9

    gregrocker said:
    Where is the Disk Management screenshot? We need to see which is marked System Active. Type DIsk management in Start Search box, maximize window, make a full screen snip.

    What was done that might have caused the apparent boot partition and Winre to take a letter?

    You can remove it in Disk mgmt by rightclicking on it to Change Drive letter.

    But first get a full Malwarebytes scan of all drives.

    You'll have to wait til I take my dog to the beach now as I can't wait for the requested Screenshot.
    Hello,

    I have attached the Disk Management screenshot to this post, please forgive me for missing that out. And I won't mind you being away from the keyboard for the moment to spend your time with your dog. It's just great that you do that! I am not requesting speedy reply either, so I can wait. I am just wanting to know what this issue is caused by. (Particular the drive suddenly appearing out of nowhere)

    WinRE (G:) Drive suddenly appeared in Windows Explorer?-dskmanfull.png


    To add on this, I have done nothing but log inn into the PC. I just came from vacation yesterday. I am very sure there is no malware found, since I am running Bullguard Antivirus and it has never failed for me. But I will do what you have suggested, using the offline Microsoft Defender... I report the results back.
      My Computer


  10. Posts : 120
    Win7Ultimate x64 + x32, Win7Pro x64, XP x32, Win 2003, Ubuntu and OpenIndiana
       #10

    In disk management, right click on your WinRE partition and select "change drive letter and path." In the change drive letter dialog, select "F:" and click on "remove." This will hide the drive letter for your WinRE partition--making it inaccessible while you're running windows--but not delete the partition from the disk.
      My Computer


 
Page 1 of 2 12 LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 00:18.
Find Us