Windows Recovery on start up and No files on C drive found

Posted on 2011-05-02
Last Modified: 2013-12-06

When I boot up my PC in normal and safe mode it starts with Windows recovery telling me tht many things can't be found - mainly due to RAM and Hard Disk. I think Windows recovery might be a malware process?

Whan I go to Start > All Programs it is empty. Similarly if i open windows explorer and navigate to the C drive that too is empty.

I was wondering if anyone knows how to resolve this?

Question by:bowemc
    LVL 9

    Expert Comment

    can you boot to the recovery console off Windows CD?

    You could then take a browse around and see if there is anything obvosouly wrong and if all your files are actually there?

    Alternativly remove the drive from the PC and scan it, browse it from another PC.

    Also Many AV companies do boot disks that allow you to scan a machine for viruses and clean them from a cd rom

    Norton, Sophos for two examples.
    LVL 29

    Expert Comment

    by:Sudeep Sharma
    Little program that unhides your files after a virus and cleaning has left them hidden and invisible.

    I hope that would help.

    LVL 5

    Expert Comment


    Author Comment

    jason987 - that's the boy!

    One problem when I try to follow the resolution steps - I only have IE available to me beacuse of the virus and that can't seem to find an internet connection.
    LVL 5

    Expert Comment

    You can try to reset your tcp stack which may be comprimised:

    (manual method)

    Or you can find a thumb drive and put all of the application listin in the url on it and move it to the infected PC.  Be sure to not move it back and forth.
    LVL 9

    Expert Comment


    Expert Comment

    Oh, got this one on a few client PCs. Easy but prolonged fix

    Use Malwarebytes and either Vipre Rescue or AVG.
    You need to be in safe mode / safemode with networking to run the clean properly.
    After the Trojan is cleaned from the system then return back to normal mode to confirm its removal and then run a system restore back to before the infection started this will restore the links and files.
    The files are actualy just hidden but the links for startmenu exes are removed so a system restore is necessary or a profile recovery is required.
    LVL 47

    Expert Comment

    If you can't connect,
    You can download RKill and MalwareBytes offline database using another PC with internet access into a USB. Download the renamed RKill(iExplore.exe) and also unhide.exe
    Note: do not empty your temp folders until after you run unhide.exe

    Mbam Offline database:
    If it doesn't run, rename the mbam-rules.exe file to and install it.
    If after installation it won't run, go to its directory in Program Files and rename the mbam.exe to and run it.

    Also If you are bombarded with alerts from this rogue just use the code to register which then tricks the malware into thinking that you have already paid for it and the annoying windows will stop.
    To register (and help removal), copy paste this code: 8475082234984902023718742058948
    Click on Help & Support button.(Credit to S!ri author of Smithfraudfix)
    LVL 47

    Accepted Solution

    ComboFix as mentioned is also a good option. You may need to rename it also if it doesn't run. Do not use an older version of ComboFix. No need to use unhide.exe if using ComboFix.

    ComboFix by sUBs:

    STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
    Double click combofix.exe & follow the prompts.
    When finished, it will produce a log. Please save that log and attach it in your next reply.
    Do not mouse-click combofix's window while it is running. That may cause it to stall.

    ComboFix tutorial:


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Highfive Gives IT Their Time Back

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    There are many HijackThis tutorials on the web already, so this article is about tips that help utilize HijackThis' full potential as a diagnostic tool. Download HijackThis from a TrendMicro link or from known reliable sources only. http://free.…
    By the time you finish reading this article, you may have already lost all your money because you don't know the simple steps to securing your BitCoin wallet. BitCoin is an incredible invention. It is a decentralized currency system, which is the…
    To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
    Hi everyone! This is Experts Exchange customer support.  This quick video will show you how to change your primary email address.  If you have any questions, then please Write a Comment below!

    761 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    8 Experts available now in Live!

    Get 1:1 Help Now