Spyware curruption. Now C Drive is RAW and cannot chkdsk or Defrag without recovery console.

bbrunning
bbrunning used Ask the Experts™
on
I picked up 2 computers today which had some spyware on it. Removed the spyware, but when I attempted to run defrag it cannot start. I also looked in disk management and the hard drives are not listed. The services for these are running correctly. I set chkdsk on reboot and I get the error, the type of file system is raw and it won't check. I booted from a WInXP disc I have and chkdsk worked just fine. Both computers ran chkdsk but when rebooted the same problem occurred. I've never actually seen this happen before. I attempted a repair install on one of the machines and it gets the error: Device installer error, Windows could not load the installer for Net.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
You should use the recovery console again and let windows repair the registry using system restore. The worst that happens then is that the spyware you removed gets put back on, but then you can always take it off again, just more carefully this time ;)

C:Windows\System32\Restore\rstrui.exe

Author

Commented:
System restore is the last thing to use with a machine that's been infect. It was disabled as well before removing this.
Not for spyware. Spyware can easily be removed without damaging the system. It's likely that something you did accidentally while removing it caused the corruption and so system restore would have been your best option. It certainly couldn't get you in any worse a situation than when you first took the computer into your care. If you disabled system restore then you will either need to use a tool to rebuild the registry on the computer or reinstall the operating system. There are some linux based boot CD's that can attempt to repair windows XP registries. I suggest searching for one that suits your situation.
11/26 Forrester Webinar: Savings for Enterprise

How can your organization benefit from savings just by replacing your legacy backup solutions with Acronis' #CyberProtection? Join Forrester's Joe Branca and Ryan Davis from Acronis live as they explain how you can too.

Author

Commented:
Let me rephrase my original post. Virus/Spyware/Malware. It was infected from some crap they downloaded from limewire. It had multiple problems. Virii...does indeed have effects that corrupt the system once infected. I have seen spyware/malware do the same in the past with other systems. Removing them tears them from the system and, yes, does mess it up more in some cases. This is happening on 2 systems which were infected with the same files. I have mainly been working on the first system this whole time but took a look at the second one. It has the same problem (ie File system is RAW when attempting to run chkdsk). Most programs will not even open but windows boots just fine, that's why I was trying to figure out what would cause it to show up as raw. There is no encryption in place as well.

Author

Commented:
malwarebytes and combofix were the only 2 antispyare programs files I've run. Acted the same before as after.
Can't seem to find solution so I'm formatting both systems.
Sorry you couldn't find a more agreeable solution.

--
Alain

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial