Win Def Offline - no access to results, no log created

Page 4 of 6 FirstFirst ... 23456 LastLast

  1. Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       #31

    PC booted to "X:/v::", Windows XP Pro on a hidden, virtual HDD
    This makes me think Mac OS X on a Windows PC. VMware on OSx86......

    See why: Vmware - OSx86

    I can be of no help here!
      My Computer


  2. Posts : 10,485
    W7 Pro SP1 64bit
       #32

    UberGoober said:
    Following the instructions in this Tutorial, I tried cleaning out an infection (name unknown, but sorta a super Poweliks). It came up clean after running all 3 types of scans.

    I know that's impossible. The hidden, evil X: virtual drive (installed within the C: partition space by the virus) was even listed as a choice for Custom Scan, along with Local Disk C: and System Reserved D:!

    When I clicked "View Details", a box popped up saying, "You must be the Administrator Security to view these files."

    I tried navigating to the location given in the tutorial, but no WDO folder was created at C:\Windows.

    What can I try next?
    Can you take a picture of what you see via the custom scan drive selection dialog box?

    This is what I see:

    Win Def Offline - no access to results, no log created-capture.png
      My Computer


  3. Posts : 10,485
    W7 Pro SP1 64bit
       #33

    UberGoober said:
    ~~~
    However, I may be blocked from actually affecting settings by the virus...

    What you show in that screenshot is normal.




    UberGoober said:
    ~~~
    "System Reserved D:" is weird cuz it never has a drive letter that I've seen before. But the choices for a Custom Scan in WOD listed it exactly that way. Also listed were "Local Disk C:", my DVD drive as "E:", and the VM where the virus installed XP as "X:".

    I've used Parted Magic, Partition Wizard, Bart's PE, Macrium Reflect, Seagate's Acronis Free. HP's hard drive manager, Paragon, D-Ban, Daricks Boot and Nuke. None ever gave System Reserved a drive letter, but once the VM was listed as "V:"; another time as "h:". Sorry I didn't write down which app showed what, but both wipers failed to touch the VM located within partition "C:".
    It is normal for some of those tools to assign a drive letter to the system reserve partition. Judging from the folders in the X drive shown in WDO, that drive seems to be where the WDO scanner is operating from.
      My Computer


  4. Posts : 10,485
    W7 Pro SP1 64bit
       #34

    Layback Bear said:
    ~~~
    The computer I'm on now has Systems also with all check marks, (Full Control).
    ~~~
    You were probably checking the Security tab of the Properties dialog box for the root of the OS drive. Take a look at the OP's screenshot again:


    While the "C" drive is highlighted in the left navigation pane, the All Users folder is highlighted in the right pane. The Properties dialog box shown in the foreground is for the folder named All Users. You can see All Users Properties as the title of that dialog box.
      My Computer


  5. Posts : 10,485
    W7 Pro SP1 64bit
       #35

    Your reply to Layback Bear asking, "Are you able to run sfc /scannow?" was: "I did - it said no problems."

    Then you went on to totally confuse me with:
    UberGoober said:
    ~~~
    But remember, it is scanning the Windows 7 drive "C:" that the VM XP OS installs whether I insert a Windows 2000 Pro, XP Home, Windows 7 Universal install disc, or the Windows 7 disc shipped with the PC!
    ~~~
    Could you please restate that info another way?
    Were you running the SFC scan from WinRE (like this)?
      My Computer


  6. Posts : 10,485
    W7 Pro SP1 64bit
       #36

    UberGoober said:
    ~~~
    I used Option One, the downloaded zip file. When I double-click the Troubleshooting desktop icon, it sends me to this target:
    Attachment 375122

    When I double-click "Troubleshooting" there, I get:


    That didn't seem right, so...

    The screenshot shown in the quote above is normal...
    ...if you fail to unblock the LNK file via step 4:

      My Computer


  7. Posts : 10,485
    W7 Pro SP1 64bit
       #37

    UberGoober said:
    No joy with Everything, LB. The Naughty VM still successfully hides itself.Is there a program out that truly wipes the whole HDD, ignoring partitions?Thanks again, UG
    I'm not convinced that there is a VM - naughty or otherwise - when you boot to your W7 OS.

    There is not much that I can say about the virus redirecting you (mentioned at the end of post #6). Do you still have the shortcut? If yes, can you please post a screenshot of the Properties > Shortcut tab?
      My Computer


  8. Posts : 10,485
    W7 Pro SP1 64bit
       #38

    UberGoober said:
    ~~~
    This malware installs on whatever machine I'm using if I log onto my ISP webmail.
    ~~~
    What makes you think that?
    What evidence of infection do you see?
    What antivirus app are you using?


    UberGoober said:
    ~~~
    I wonder if I was presented a substitute by the malware - there wasn't a "Report" button.


    ~~~
    No. You were presented with the latest version.
    Jacee's instructions are just old.
    The Report button has been renamed.
      My Computer


  9. Posts : 10,485
    W7 Pro SP1 64bit
       #39

    UberGoober said:
    ~~~
    Still being redirected in Firefox; wasn't hijacked from IXQuick to another home page, but my settings won't hold.
    Which settings won't hold? You will need to be more specific than that.

    UberGoober said:
    ~~~
    Logging in to my ISP webmail, these were exposed:


    ~~~
    The first tab seems to indicate that you searched Yahoo for twc email. The second tab is presented to you from a Yahoo server. There is no evidence that this is the result of a hijack, infection or redirect. However, I have no idea what you clicked on in Yahoo's search returns to get to there.


    UberGoober said:
    ~~~
    I find this folder structure suspect, too.


    There is nothing wrong with being denied access to the Documents and Setting folder. That is supposed to be that way. There is nothing wrong with the date/time stamp on the folder named PerLogs. The date/time stamp on the folder named Recovery might have been changed by one of the tools that you booted to for offline scans.

    There are a few reasons why the autoexec.bat file might have been created. It is not hurting anything.
      My Computer


  10. Posts : 10,485
    W7 Pro SP1 64bit
       #40

    UberGoober said:
    Thanks, Jacee

    Ran the batch file. Mozilla seems OK. Should I accept version 42 I'm being offered?

    IE is still under the control of the malware, I think.
    ~~~
    Again, what makes you think that? What are IE's symptoms?
      My Computer


 
Page 4 of 6 FirstFirst ... 23456 LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 16:05.
Find Us