| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 96450 | 2009-01-11 02:03:00 | Virus - cannot acess 2nd partition | Nomad (952) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 737188 | 2009-01-11 02:03:00 | It says the following: D:\ is not accessible. The maximum number of secrets that may be stored in a single system has been exceeded. Going into safe mode D: say it is not formatted, do you want to format. I just want to get 2 excel files off it. Avast didn't help. It did say virus of "autorun.inf" on C: and D: Hackthis log appears to be clean now, before it had IP numbers on a few lines. Possible :dogeye: |
Nomad (952) | ||
| 737189 | 2009-01-11 02:13:00 | It sounds like one of those removable drive viruses, since its got autorun.inf on it. This doesnt normally exist on hdd's. Connect it to a working computer and scan it Or get trojan remover below update it then scan. Then select all options under utilities Then scan the partition with it |
Speedy Gonzales (78) | ||
| 737190 | 2009-01-11 02:14:00 | You got spyware on the drives - that autorun shouldn't be there - but dont simply go deleting it. get malwarebytes , spyware terminator from my sig - install and do full system scans. Also post back the Hijack log. if the above mentioned antimalware doest fix it, get Combofix (www.bleepingcomputer.com) and run that. BUT malware bytes and spyware terminator should fix it. |
wainuitech (129) | ||
| 737191 | 2009-01-11 02:19:00 | Thanks, trying spyware terminator now . Malwarebytes link does not work . . could you pls update it . :) |
Nomad (952) | ||
| 737192 | 2009-01-11 02:24:00 | It works, whatever you've got is probably stopping / blocking it Direct link (dw.com.com edc1%26part%3Ddl-10804572) |
Speedy Gonzales (78) | ||
| 737193 | 2009-01-11 02:28:00 | Can agree with Speedy - works fine. - Just tried it. | wainuitech (129) | ||
| 737194 | 2009-01-11 03:51:00 | if none of the above works try this and its only for removable device virus speedy was talking about reboot pc safe or normal mode ok DONT ATTEMPT TO OPEN ANY DRIVES IN EXPLORER this will activate the virus and unless you know the process name ( to stop the virus process) you will not be able to do anything with it ie delete it go to a cmd prompt type in the following cmds C: [takes you to root of the drive you are working on] attrib - s -h autorun.inf type autorun.inf you will then get the contents of the autorun.inf, look for the exe, vbs file it launches then back to the cmd prompt type in attrib - s -h [name of exe or vbs file id'ed earlier] del autorun.inf del [name of file id'ed earlier] attrib look for anything else suspect that may have a h or s (hidden or system) attribute if you post the file names back here someone well confirm yes or no to delete. repeat for other drives /partitions this need to be done in a cmd line enviroment as it does not activate the autorun command but opening your drive by double clicking on does |
beama (111) | ||
| 737195 | 2009-01-11 05:17:00 | Thanks heaps, I got my file back. I thought the locked partition may of been permanently lost. Beama - didn't need that but thanks :) Speedy and Wanuitech - thanks - Trojan Remover, Spyware Teminator worked, Malwarebytes worked eventually after some error screens. Upon restart I got the partition back. Saved me doing the last 6 months of monthly budgets. I have the papers thou. The hijackthis log as follows: Logfile of HijackThis v1.98.0 Scan saved at 6:20:09 p.m., on 11/01/2009 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\System32\ibmpmsvc.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\WINNT\system32\ati2evxx.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\Program Files\Spyware Terminator\sp_rsser.exe C:\WINNT\Explorer.EXE C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\tp4serv.exe C:\PROGRA~1\DAP\DAP.EXE C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe C:\WINNT\system32\Atiptaxx.exe C:\WINNT\system32\PRPCUI.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\ASUS\WLAN Card Utilities\Center.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe C:\WINNT\system32\internat.exe C:\WINNT\system32\wuauclt.exe C:\Program Files\Java\jre1.6.0_06\bin\jucheck.exe C:\WINNT\System32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Ray\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.xnet.co.nz/ O2 - BHO: DAPBHO Class - {0096CC0A-623C-4829-AD9C-19AF0DC9D8FE} - C:\Program Files\DAP\DAPIEBar.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" O4 - HKCU\..\Run: [internat.exe] internat.exe O4 - Global Startup: ColorVisionStartup.lnk O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL |
Nomad (952) | ||
| 737196 | 2009-01-11 05:25:00 | Uninstall all versions of Java its out of date, then update it Uninstall DAP Tick these then tick fix checked Close browsers O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKCU\..\Run: [internat.exe] internat.exe O4 - Global Startup: ColorVisionStartup.lnk O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE Update Avast then scan the whole hdd. Is this all of the log? If it isnt update HJT, its out of date |
Speedy Gonzales (78) | ||
| 737197 | 2009-01-11 05:52:00 | Yup a small hijackthis log. Its a P3 laptop that soon will be used just for writing journals. A new PC should be ordered about now ... :D You sure to delete colovision start up link? That is my custom color calibrator for my screen. |
Nomad (952) | ||
| 1 2 | |||||