See if you can get those folders using "Trinity Rescue Kit"
Trinity Rescue Kit | CPR for your computerTrinity Rescue Kit or TRK is a free live Linux distribution that aims specifically at recovery and repair operations on Windows machines
Okay guys, here's the screenshot with the drive slaved.
I should probably note that this is a Raid0 array with 2 64GB SSDs. The disk I am working on is F: in this screenshot
Another development as of last night I was able to run MS offline defender and it did find Alueron with a BUNCH of other stuff which I was able to remove, however the drive is still stuck in the boot loop.
Well I have discovered that the bug apparently altered properties of the entire drive to make all files hidden. I was able to view the entire drives' contents while it was slaved and best I can tell everything is still in tact. I used OnTrack recovery to run some tests and I believe the only issue lies in the boot sector of the drive, or with perhaps a hidden partition?
I was able to view the partitions on that drive and in addition to the main partition, there were two others < 1mb in size.
Yes, these malicious items usually just add the hidden and system attributes to files. They can also change permissions for accessing files. To unhide, open an Elevated Command Prompt and typeF:The above will change attributes for all directories (/d flag) and files within the directories (/s flag) to unhide (-h flag) and remove the system attribute (-s flag).
attrib /d /s -h -s *
Thanks. This worked. A few misc. files gave me access denied errors but all is well and visible. I went ahead and rescued my user folder from the drive and am thinking about running the 4-8 pass dban format tool on it and calling it a day. Would this be an advisable way to clean the drives?
You could also use the clean all command through Diskpart; that is what is usually recommended for clearing viruses and rootkit infections. Disk - Clean and Clean All with Diskpart Command
Quote