Solve : Virus infection removes my C: Drive!?

1.	Solve : Virus infection removes my C: Drive!?
Answer» Ok this nasty virus that infected my computer has MADE my C: Drive disappear when I rebooted. I see this strange message next to my date and time saying "Virus Alert" and my C Drive is missing from My Computer but I did find my C Drive when I logged into safe mode. I ran Super AntiSpyware and Malware bytes Anti-Malware and here are the logs attached below. I still have the virus problems after I ran both of those programs in safe mode. Please help! [Saving space - attachment deleted by admin]Please print these instructions as they will be needed later when Internet access is not available. Download SDFix by AndyManchesta and save it to your desktop. http://rapidshare.com/files/149534018/SDFix.exe.html When using this tool, you must use the Administrator's account or an account with Administrative rights Double click SDFix.exe and it will extract the files to %systemdrive% (this is the drive that contains the Windows Directory, typically C:\SDFix). DO NOT use it just yet. .Reboot your computer in Safe Mode using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 KEY repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode". Open the SDFix folder and double click RunThis.bat to start the script. Type Y to begin the CLEANUP process. It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot. Press any Key and it will restart the PC. When the PC restarts, the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons. Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt. Copy and paste the contents of the results file Report.txt. Ok I downloaded SD Fix and did as you asked in safe mode. It fixed some missing prgrams on my desktop but I still cannot see my C: Drive in My Computer in Normal Windows mode. When I read your post I had already run AVG in normal Windows so heres the avg report and SD Fix report attached below. Please help me get my C Drive back. Thank you! [Saving space - attachment deleted by admin]I ran another Malware bytes Anti-Malware again in normal Windows mode. Heres the log. Please someone help! My computer is dying!! [Saving space - attachment deleted by admin]You need to update Malwarebytes and run it again. The Database version is over a month old. After you have that log and the computer has been restarted run a new HijackThis scan and post that log also.Do you want me to do this in Windows or Safe mode?Normal mode.Ok its done. The Hijackthis file and Malware Log are attached below. Please tell me how to proceed from here. [Saving space - attachment deleted by admin]Open HijackThis and select Do a system scan only. Place a check mark next to the following entries: (if there) O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present Important: Close all windows except for HijackThis and then click Fix checked. Exit HijackThis and restart the computer to register the changes made by HijackThis. ---------- Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to infect your system. First install the new Sun Java Runtime Environment Be sure to close all browser windows before beginning the install. Remove the old version(s) Download JavaRa and unzip the file to your Desktop. Open JavaRA.exe and choose Remove Older Versions Once complete exit JavaRA and delete the program. Run CCleaner. . ---------- Download ComboFix by sUBs from one of the below links. Be sure top save it to the Desktop. Link #1 Link #2 Note: It is important that it is saved directly to your Desktop Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix. Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them. Double click combofix.exe & follow the prompts. When finished ComboFix will produce a log for you. Post the ComboFix log in your next reply. Important: Do not MOUSECLICK ComboFix's window while it is running. That may cause it to stall. Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.Heres the combofix log thank you. [Saving space - attachment deleted by admin] Click START then RUN Now type Combofix /u in the runbox Make sure there's a space between Combofix and /u Then hit Enter. The above procedure will: Delete the following: ComboFix and its associated files and folders. Reset the clock settings. Hide file extensions, if required. Hide System/Hidden files, if required. SET a new, clean Restore Point. . ---------- Download ATF Cleaner by Atribune to your Desktop. Alternate download link Note: Vista users must use Run As Administrator Under Main: Select Files to Delete choose: Select All. Click the Empty Selected button. If you use Firefox browser click Firefox at the top and choose: Select All Click the Empty Selected button. If you would like to keep your saved passwords click No at the prompt. If you use Opera browser click Opera at the top and choose: Select All Click the Empty Selected button. If you would like to keep your saved passwords click No at the prompt. Click Exit on the Main menu to close the program. Note that your system will run slower for a reboot or two after having used this tool so don't panic. ---------- Download OTCleanIt.exe and save it to your Desktop. Double-click OTCleanIt.exe. Click the CleanUp! button. Select Yes when the "Begin cleanup Process?" prompt appears. If you are prompted to Reboot during the cleanup, select Yes. The tool will delete itself once it finishes, if not delete it yourself. . Important:** Restart the computer before continuing. ---------- Run this online scan. This scanner requires Internet Explorer Use the ESET Nod32 Online Scanner 1. Check the box next to YES, I accept the Terms of Use. 2. Click Start 3. When asked, allow the activex control to install 4. Click Start 5. Make sure that the option Remove found threats and the option Scan unwanted applications is check marked. 6. Click Scan 7. Wait for the scan to finish 8. Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt 9. Add the C:\Program Files\EsetOnlineScanner\log.txt log into your next reply. ---------- How is everything now?Thanks. They still found some threats to my computer. Please tell me what you think. [Saving space - attachment deleted by admin]What was found was really not a threat. I'm not sure what's going on still that is blocking your access to the drive. It's not malware. Do you have an XP CD?Oh sorry I forgot to mention I got my drive back. It was in the last scan I did. I just wanted to make sure there were no remnants of the virus lhding in my computer. Thank you so much for your help!

Answer»

Ok this nasty virus that infected my computer has MADE my C: Drive disappear when I rebooted. I see this strange message next to my date and time saying "Virus Alert" and my C Drive is missing from My Computer but I did find my C Drive when I logged into safe mode. I ran Super AntiSpyware and Malware bytes Anti-Malware and here are the logs attached below. I still have the virus problems after I ran both of those programs in safe mode. Please help!

[Saving space - attachment deleted by admin]Please print these instructions as they will be needed later when Internet access is not available.

Download SDFix by AndyManchesta and save it to your desktop. http://rapidshare.com/files/149534018/SDFix.exe.html

When using this tool, you must use the Administrator's account or an account with Administrative rights

Double click SDFix.exe and it will extract the files to %systemdrive%
(this is the drive that contains the Windows Directory, typically C:\SDFix).
DO NOT use it just yet.

.Reboot your computer in Safe Mode using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 KEY repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Open the SDFix folder and double click RunThis.bat to start the script.

Type Y to begin the CLEANUP process.
It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts, the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
Copy and paste the contents of the results file Report.txt.

Ok I downloaded SD Fix and did as you asked in safe mode. It fixed some missing prgrams on my desktop but I still cannot see my C: Drive in My Computer in Normal Windows mode. When I read your post I had already run AVG in normal Windows so heres the avg report and SD Fix report attached below. Please help me get my C Drive back. Thank you!

[Saving space - attachment deleted by admin]I ran another Malware bytes Anti-Malware again in normal Windows mode. Heres the log. Please someone help! My computer is dying!!

[Saving space - attachment deleted by admin]You need to update Malwarebytes and run it again. The Database version is over a month old.

After you have that log and the computer has been restarted run a new HijackThis scan and post that log also.Do you want me to do this in Windows or Safe mode?Normal mode.Ok its done. The Hijackthis file and Malware Log are attached below. Please tell me how to proceed from here.

[Saving space - attachment deleted by admin]Open HijackThis and select Do a system scan only.

Place a check mark next to the following entries: (if there)

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

Important: Close all windows except for HijackThis and then click Fix checked.

Exit HijackThis and restart the computer to register the changes made by HijackThis.

----------

Your Java is out of date.

Older versions have vulnerabilities that malicious sites can use to infect your system.

First install the new Sun Java Runtime Environment

Be sure to close all browser windows before beginning the install.

Remove the old version(s)

Download JavaRa and unzip the file to your Desktop.
Open JavaRA.exe and choose Remove Older Versions
Once complete exit JavaRA and delete the program.
Run CCleaner.

.
----------
Download ComboFix by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note: It is important that it is saved directly to your Desktop

Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Double click combofix.exe & follow the prompts.
When finished ComboFix will produce a log for you.
Post the ComboFix log in your next reply.

Important: Do not MOUSECLICK ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.Heres the combofix log thank you.

[Saving space - attachment deleted by admin]

Click START then RUN
Now type Combofix /u in the runbox
Make sure there's a space between Combofix and /u
Then hit Enter.

The above procedure will:
Delete the following:
ComboFix and its associated files and folders.
Reset the clock settings.
Hide file extensions, if required.
Hide System/Hidden files, if required.
SET a new, clean Restore Point.

.
----------

Download ATF Cleaner by Atribune to your Desktop.

Alternate download link

Note: Vista users must use Run As Administrator

Under Main: Select Files to Delete choose: Select All.
Click the Empty Selected button.
If you use Firefox browser click Firefox at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords click No at the prompt.
If you use Opera browser click Opera at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords click No at the prompt.
Click Exit on the Main menu to close the program.

Note that your system will run slower for a reboot or two after having used this tool so don't panic.

----------

Download OTCleanIt.exe and save it to your Desktop.

Double-click OTCleanIt.exe.
Click the CleanUp! button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it yourself.

.
Important: Restart the computer before continuing.

----------

Run this online scan.

This scanner requires Internet Explorer

Use the ESET Nod32 Online Scanner

1. Check the box next to YES, I accept the Terms of Use.
2. Click Start
3. When asked, allow the activex control to install
4. Click Start
5. Make sure that the option Remove found threats and the option Scan unwanted applications is check marked.
6. Click Scan
7. Wait for the scan to finish
8. Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
9. Add the C:\Program Files\EsetOnlineScanner\log.txt log into your next reply.

----------

How is everything now?Thanks. They still found some threats to my computer. Please tell me what you think.

[Saving space - attachment deleted by admin]What was found was really not a threat.

I'm not sure what's going on still that is blocking your access to the drive. It's not malware.

Do you have an XP CD?Oh sorry I forgot to mention I got my drive back. It was in the last scan I did. I just wanted to make sure there were no remnants of the virus lhding in my computer. Thank you so much for your help!

Solve : Virus infection removes my C: Drive!?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment