Unable to access any drive Thread poster: Jarnail Gill
|
Jarnail Gill India Local time: 02:43 Member (2006) English to Punjabi + ...
Dear All... Greetings of the day. I have Windows XP SP-II installed on my Pentium-4 based system. Zone alarm firewall and AVG anti virus (fully updated) is also installed. 4 days ago, when I received my laptop from a repair centre (it had an AC power supply problem) and turned it on, I could see a warning about a trojan horse Shahrokh which was detected and eliminated by my anti virus program. However since then, when I open 'My Computer' fol... See more Dear All... Greetings of the day. I have Windows XP SP-II installed on my Pentium-4 based system. Zone alarm firewall and AVG anti virus (fully updated) is also installed. 4 days ago, when I received my laptop from a repair centre (it had an AC power supply problem) and turned it on, I could see a warning about a trojan horse Shahrokh which was detected and eliminated by my anti virus program. However since then, when I open 'My Computer' folder and subsequently tries to open any Drive either by right click or double click, I get a message "Access Denied". But when I right click the 'My Computer' folder and choose 'Explore', then from left hand pane, I can see and run any file on any drive but I cant do so when I directly try to open any drive. I have run registry cleaning softwares, I have tried Norton Internet Security 2009 (fully updated) but to no avail. I tried system restore but there is so System restore point to resort to. I guess some malicious virus or trojan horse has run some scripts on my system and disabled certain options. Can anyone help me please? ▲ Collapse | | |
Delete some registry entries manually | Dec 6, 2008 |
Start regedit. Navigate to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 . Note that it starts from HKEY_CURRENT_USER. You will find many keys under that branch. Most of them have names that look like GUIDs - that is, they look like {03a8c6e7-82e8-11dd-9def-0011d8c2eb15}. Delete all keys that have names like that. Leave the keys with names like A, C, etc. That's it. If the malware has been really cleaned, this will be enough.
[Edited at 2008... See more Start regedit. Navigate to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 . Note that it starts from HKEY_CURRENT_USER. You will find many keys under that branch. Most of them have names that look like GUIDs - that is, they look like {03a8c6e7-82e8-11dd-9def-0011d8c2eb15}. Delete all keys that have names like that. Leave the keys with names like A, C, etc. That's it. If the malware has been really cleaned, this will be enough.
[Edited at 2008-12-06 09:56 GMT] ▲ Collapse | | |
Natalie Poland Local time: 23:13 Member (2002) English to Russian + ... Moderator of this forum SITE LOCALIZER
Use some clean computer to download AntiVir Rescue System and burn it on CD. Use the CD to boot the infected computer, perform a full scan and remove all malware. HTH, Natalia | | |
Antivirus blocked your drives? | Dec 6, 2008 |
Hi, I had a similar problem with Kasperskiy. It produced some warning about a trojan and then, without notification, denied access to all drives. Perhaps you need to fix this manually by properly configuring your antivirus software. Hope this helps. Best, Andrei | |
|
|
show hidden files & system files | Dec 6, 2008 |
Hello, Show hidden files and system files. I think the antivirus deleted the malicious files while he left the autorun. When you show up all the hidden files(including system files) just explore your drive and look out for autorun.ini once you delete it you'll be able to open your drive easily if my guess is right. Regards, | | |
Jarnail Gill India Local time: 02:43 Member (2006) English to Punjabi + ... TOPIC STARTER the key you referred is untraceable | Dec 6, 2008 |
[quote]bsb_2 wrote: Start regedit. Navigate to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 . Hi. thanks for your kind help. I navigated upto HKEY_CURRENT_USER\Software\Microsoft\Windows\ but under this, there was no 'CurrentVersion' to be found. I believe the Registry cleaning software which I used, already deleted this. My system is still facing the same problem. | | |
Jarnail Gill India Local time: 02:43 Member (2006) English to Punjabi + ... TOPIC STARTER all the settings checked but to no avail | Dec 6, 2008 |
[quote]Andrei Yefimov wrote: [Perhaps you need to fix this manually by properly configuring your antivirus software.] Dear Andrei, thanks for your help but I have checked all the settings. Even I have completely uninstalled and then re-installed the same antivirus program to no avail. | | |
Jarnail Gill India Local time: 02:43 Member (2006) English to Punjabi + ... TOPIC STARTER tried this too but autorun.ini file is not to be found | Dec 6, 2008 |
[quote]Mohamed Mehenoun wrote: [Show hidden files and system files. I think the antivirus deleted the malicious files while he left the autorun.] Dear Mohamed, thanks for your tip. I have enabled 'Show Hidden Files and Folders' option but I could not find any autorun.ini file. There is one 'autorun' file but it doesnt have a .ini extension. | |
|
|
Jarnail Gill India Local time: 02:43 Member (2006) English to Punjabi + ... TOPIC STARTER will definitely try | Dec 6, 2008 |
[quote]Natalie wrote: Use some clean computer to download AntiVir Rescue Systemand burn it on CD. Use the CD to boot the infected computer, perform a full scan and remove all malware. Dear Natalia, thanks for the link. I am downloading it right now and will let you know with many thanks if it helps. | | |
Hello, Can you tell me what is the extension ? and send me a screenshot of your drive ? You may also want to enable extensions (don't common extension). Also if there is a desktop.ini file just delete it. Cheers ! Moh | | |
Ahmet Murati Germany Local time: 23:13 English to Albanian + ... small correction | Dec 6, 2008 |
you should check for autorun.inf. Many trojans use this file to auto run everytime you open that disk. Usually it is stored on the root of the drives. the autorun.inf has a line open=[the name of the trojan] so in case if the Antivirus has deleted to trojan then the action tries to find specific program and it can't find so it does nothing | | |
repair centre | Dec 6, 2008 |
Isn't this something the repair centre should take care of? | |
|
|
Jarnail Gill India Local time: 02:43 Member (2006) English to Punjabi + ... TOPIC STARTER found one autorun.inf | Dec 7, 2008 |
[quote]Ahmet Murati wrote: [you should check for autorun.inf.] Hi.. I checked the for 'autorun.inf' and i found one with following contents: [autorun] open=.\autorun.exe shell\open\command=.\autorun.exe shell\Open\default=1 shell\explore\Command=.\autorun.exe I dont think that its harmful. am i right? please advise. | | |
Jarnail Gill India Local time: 02:43 Member (2006) English to Punjabi + ... TOPIC STARTER its hardware repair centre not software | Dec 7, 2008 |
ReneevB wrote: Isn't this something the repair centre should take care of? Hi.. The repair centre deals with hardware problems only. I approached them for a power supply problem which they rectified perfectly. | | |
Jarnail Gill India Local time: 02:43 Member (2006) English to Punjabi + ... TOPIC STARTER successful in accessing 3 drives except root drive | Dec 8, 2008 |
Dear All... after deleting lot of desktop.ini files and autorun.inf files found in different folders, I am able to access Drives D:, E:, F: but stilll cant access Drive C:. If anyone could offer some additional advice please?? Thanks to everyone for valuable time and suggestions. | | |