Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Windows Recovery on start up and No files on C drive found

Posted on 2011-05-02
9
Medium Priority
?
375 Views
Last Modified: 2013-12-06
Hi,

When I boot up my PC in normal and safe mode it starts with Windows recovery telling me tht many things can't be found - mainly due to RAM and Hard Disk. I think Windows recovery might be a malware process?

Whan I go to Start > All Programs it is empty. Similarly if i open windows explorer and navigate to the C drive that too is empty.

I was wondering if anyone knows how to resolve this?

Thanks
0
Comment
Question by:bowemc
  • 2
  • 2
  • 2
  • +3
9 Comments
 
LVL 9

Expert Comment

by:IntegrityOffice
ID: 35508861
can you boot to the recovery console off Windows CD?

http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/recovery_run_console.mspx?mfr=true

You could then take a browse around and see if there is anything obvosouly wrong and if all your files are actually there?

Alternativly remove the drive from the PC and scan it, browse it from another PC.

Also Many AV companies do boot disks that allow you to scan a machine for viruses and clean them from a cd rom

Norton, Sophos for two examples.
0
 
LVL 30

Expert Comment

by:Sudeep Sharma
ID: 35508894
Little program that unhides your files after a virus and cleaning has left them hidden and invisible.

http://download.bleepingcomputer.com/grinler/unhide.exe

I hope that would help.

Sudeep
0
 
LVL 5

Expert Comment

by:jason987
ID: 35508900
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:bowemc
ID: 35692267
jason987 - that's the boy!

One problem when I try to follow the resolution steps - I only have IE available to me beacuse of the virus and that can't seem to find an internet connection.
0
 
LVL 5

Expert Comment

by:jason987
ID: 35692368
You can try to reset your tcp stack which may be comprimised:

http://support.microsoft.com/kb/299357

(manual method)

Or you can find a thumb drive and put all of the application listin in the url on it and move it to the infected PC.  Be sure to not move it back and forth.
0
 
LVL 9

Expert Comment

by:IntegrityOffice
ID: 35710159
combofix
0
 

Expert Comment

by:PhishStix
ID: 35839074
Oh, got this one on a few client PCs. Easy but prolonged fix

Use Malwarebytes and either Vipre Rescue or AVG.
You need to be in safe mode / safemode with networking to run the clean properly.
After the Trojan is cleaned from the system then return back to normal mode to confirm its removal and then run a system restore back to before the infection started this will restore the links and files.
The files are actualy just hidden but the links for startmenu exes are removed so a system restore is necessary or a profile recovery is required.
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 35839655
If you can't connect,
You can download RKill and MalwareBytes offline database using another PC with internet access into a USB. Download the renamed RKill(iExplore.exe) and also unhide.exe
Note: do not empty your temp folders until after you run unhide.exe

Mbam Offline database:
http://www.malwarebytes.org/mbam/database/mbam-rules.exe
If it doesn't run, rename the mbam-rules.exe file to mbam-rules.com and install it.
If after installation it won't run, go to its directory in Program Files and rename the mbam.exe to mbam.com and run it.


Also If you are bombarded with alerts from this rogue just use the code to register which then tricks the malware into thinking that you have already paid for it and the annoying windows will stop.
To register (and help removal), copy paste this code: 8475082234984902023718742058948
Click on Help & Support button.(Credit to S!ri author of Smithfraudfix)
0
 
LVL 47

Accepted Solution

by:
rpggamergirl earned 2000 total points
ID: 35839676
ComboFix as mentioned is also a good option. You may need to rename it also if it doesn't run. Do not use an older version of ComboFix. No need to use unhide.exe if using ComboFix.

ComboFix by sUBs:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe 

STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log and attach it in your next reply.
Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

ComboFix tutorial:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

PREFACE The purpose of this guide is to provide information to successfully add specific IIS 7.0 role services for the Symantec Endpoint Protection Manager (SEPM) to function properly when installed on Windows 2008. AUDIENCE Information Technol…
If you thought ransomware was bad, think again! Doxware has the potential to be even more damaging.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

578 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question