New
#61
Thanks.
Here is all that you asked for:
Strange!!!!
1. When you ran WinRAR for the first time following jumanji's procedure and double clicked on MQ15- Disk E, what did you see? Did it show you any contents? Did you delete anything? Was that label given by you?
2. What exactly prompted you to try WinRAR or the procedures outlined in this thread? Did you get the same exact error message or what was it?
I am surprised here because if you double click on the drive, it should show the contents of that drive but here it takes you to Computer and shows blank.
You may do well if you restate your problem from the beginning.
Mystery resolved.
Curious, I just ran a quick trial.
I tried WinRAR on an empty 1 GB pen drive. ( I always start with a clean drive. So I did a low level format and then a regular format with HP Tool, which I ever use)
When I run WinRAR, explore the computer and then double click on my empty I drive, though the Title bar takes me to the I drive, WinRAR stays in computer - contents blank.
And so, mq15, your pen drive really has got nothing in its belly. ( WinRAR will show even hidden files, which is why we used it here to see the virus hidden files and suspicious files)
Now what exactly is your problem?
might I recommend trying out the easus free recovery software? If he did not low level format it might recover some things. Free Download Data Recovery Software, Backup Software, Partition Manager and Clean Software for Windows and Mac.
Also might I suggest a clean thread
Hi,
I have a very similar issue but am unsure how to read into the data.
When I open my Toshiba external, it now shows a shortcut to the external like this:
Image - TinyPic - Free Image Hosting, Photo Sharing & Video Hosting
It's never done that before. Now, when I click this new shortcut, this pops up:
Image - TinyPic - Free Image Hosting, Photo Sharing & Video Hosting
I ran disk management (healthy). I skipped past WinRAR and decided to check to make sure the source wasn't my computer. This is where I could really use some help and guidance! Here's the report after I ran a scan on malware threats (ran through RogueKiller)
Is the source of my problem in this data at all? My main concern is that the issue stems from the computer and not the external!Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Owner [Admin rights]
Mode : Scan -- Date : 05/11/2013 08:26:28
| ARK || FAK || MBR |
¤¤¤ Bad processes : 1 ¤¤¤
[SVCHOST] svchost.exe -- C:\Windows\SysWOW64\svchost.exe [x] -> KILLED [TermProc]
¤¤¤ Registry Entries : 6 ¤¤¤
[DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{FD384747-C343-4AE3-B338-90B3725EC0E4} : NameServer (203.144.95.100 203.144.65.2) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSearch (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\Users\Owner\AppData\Local\{1f957569-cd63-6237-8ca9-0c9e5cb16265}\n) [-] -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] n : C:\Users\Owner\AppData\Local\{1f957569-cd63-6237-8ca9-0c9e5cb16265}\n [-] --> FOUND
[ZeroAccess][FILE] @ : C:\Users\Owner\AppData\Local\{1f957569-cd63-6237-8ca9-0c9e5cb16265}\@ [-] --> FOUND
[ZeroAccess][FOLDER] U : C:\Users\Owner\AppData\Local\{1f957569-cd63-6237-8ca9-0c9e5cb16265}\U --> FOUND
[ZeroAccess][FOLDER] L : C:\Users\Owner\AppData\Local\{1f957569-cd63-6237-8ca9-0c9e5cb16265}\L --> FOUND
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_32\Desktop.ini [-] --> FOUND
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_64\Desktop.ini [-] --> FOUND
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ Infection : ZeroAccess ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: ST950032 5AS SATA Disk Device +++++
--- User ---
[MBR] 9b221d57aa32fe731e936f545e8a54d3
[BSP] 48b55f46929f8f3b3a0db8344e9d9e6e : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 461216 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 944979968 | Size: 15420 Mo
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 976560128 | Size: 103 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive2: TOSHIBA External USB 3.0 USB Device +++++
--- User ---
[MBR] 06fc92b188bd3f212a572364a023fc21
[BSP] d5d076cfc99131223e5e5999a68b254c : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 305243 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
Finished : << RKreport[1]_S_05112013_02d0826.txt >>
RKreport[1]_S_05112013_02d0826.txt
Your PC is definitely infected and needs to be cleaned - no doubt about it.
I am sending a PM to mate cottonball to look into the RogueKiller report and advise ..
So hang on.
Last edited by jumanji; 11 May 2013 at 09:43.
Thanks, jumanji!
ducat1base,
Since this is a malware issue, please start your own topic in the following forum:
System Security - Windows 7 Help Forums
Please title the topic: ZeroAccess! Attention: cottonball
Also, post the RogueKiller report.
Will be glad to assist you there. :)
i read about all your discussions and it really helped me. i also encountered the same problem and this really helped.. thanks to everyone.. cheers!
Hi efren buada,
Welcome to SevenForums and you are, without doubt, on a distinguished road.
Glad that you could find your way through from this longwinding thread.
Inasmuch as the hidden data was important, the HDD was gotten rid of all alien files and folders using WinRAR and the data files in it were unhidden with the attrib command. In order to sanitise the HDD, the data was backed up elsewhere and low level formatting it was undertaken.
At this stage, the malware from the PC kicked in and aborted the lowlevel formatting quarterway through :) making it inaccessible again. Mate cottonball helped the OP to cleanse the PC. Once the PC was clean, the ext HDD was seen automatically and was formatted.
ducat1base (post #66) has a similar problem. He skipped the WinRAR procedure and wanted to have the PC and the ext. HDD treated together to get rid of the problem.
Mate cottonball is helping out ducat1base here https://www.sevenforums.com/system-se...ottonball.html
Well, that throws out an interesting question whether one should treat the ext. HDD and the PC separately or to treat these together as in the zeroAccess thread.
That, I would think, will depend upon how paranoid the OP is in retrieving his data first.:)