Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Antivirus programs, Malwarebytes, SpyBot, AVG, RKill, etc. will not st


  • This topic is locked This topic is locked

#106
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,590 posts

Excellent! Now let's cripple this malware. Before we do, please confirm that everything is as before. Meaning Malwarebytes doesn't open, AVG doesn't run, etc.

 

Thanks.


  • 0

Advertisements


#107
carolinachris

carolinachris

    Member

  • Topic Starter
  • Member
  • PipPip
  • 80 posts

Excellent! Now let's cripple this malware. Before we do, please confirm that everything is as before. Meaning Malwarebytes doesn't open, AVG doesn't run, etc.

 

Thanks.

Brian,

 

Programs like Malwarebytes were removed during this process.

 

Though, I tried RKill and it wouldn't startup again.

 

It may not matter, but come to think of it, all this junk happened on or about the day I finally downloaded an Adobe update (Flash Player 18 Active X) that popped on my start up screen every day...


Edited by carolinachris, 09 September 2015 - 09:29 AM.

  • 0

#108
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,590 posts

Thanks for the info. I wouldn't be surprised if it came from a fake Adobe update. Please do the following.

 

Retrieve Disk/Partition Info

1. Click your Start button and then Right-Click on Computer and select Manage
2. Select Storage -> Disk management.

3. On the bottom half of the screen can you tell me what each partition shows? If you know how to take a screen shot, you can do this as well and attach which will be helpful. As an example, a VM I have shows the following.

Disk 0

System Reserved

100 MB NTFS

Health (System, Active, Primary Partition)

 

(C:)

59.90 GB NTFS

Healthy (Boot, Page File, Crash Dump, Primary Partition)

 

Thank you so much.

 

Capture.JPG


  • 0

#109
carolinachris

carolinachris

    Member

  • Topic Starter
  • Member
  • PipPip
  • 80 posts

Brian,

 

Retrieve Disk/Partition Info:

 

Attached is the screenshot...

Attached Thumbnails

  • Disc Management Screenshot.JPG

  • 0

#110
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,590 posts

Next Step...

 

Prepare for New System Partition

1. Go back to Disk Management.

2. Right-click on the (D:) partition and select Shrink Volume...

3. In the Enter the amount of space to shrink in MB box, type 450 and click the Shrink button.

 

Let me know if this is successful.


  • 0

#111
carolinachris

carolinachris

    Member

  • Topic Starter
  • Member
  • PipPip
  • 80 posts

Brian,

 

I have no idea if it was successful, but I have attached a screenshot for you:

Attached Thumbnails

  • DMS2.JPG

  • 0

#112
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,590 posts

Yes, it was successful. Now, please proceed with the following. If you have any issues with any step, please stop and ask.

 

Move Boot Files to the bigger Volume

1. Click your Start button and type cmd in the search box. Right-click on cmd that comes up in the results and select Run as administrator. Answer Yes to the UAC prompt if it appears.

2. Type or copy/paste the following lines one at a time and hit enter after each. If you get an error or anything unexpected when doing any one of the lines please stop and let me know.

diskpart

select disk 0                            << there is a space after the word select and after the word disk

create partition primary           << there is a space after the word create and after the word partition

format FS=NTFS LABEL="SYSTEM" QUICK      << there is a space after the word format and before the word quick

assign letter z     << there is a space after the word assign and after the word letter

active

exit

BCDBOOT C:\WINDOWS /S Z:       <<there is a space after the word BCDBOOT, before the /S and before the letter Z

 

3. After you do the last line from above it should say the following in the command prompt window.

Boot files successfully created.

 

4. Also, in Disk Management, the Z: partition should show Healthy (Active, Primary Partition).

 

5. If all this is correct, please reboot your machine. Let me know when this is complete. Things should begin to work once this is complete.


  • 0

#113
carolinachris

carolinachris

    Member

  • Topic Starter
  • Member
  • PipPip
  • 80 posts

Brian,

 

Move Boot Files to the bigger Volume
 
1.  C:\windows\system32\diskpart
     Microsoft DiskPart version 6.1.7601
     Copyright © 1999-2008 Microsoft Corporation.
     On computer: ADAMS-PC
2.  DISKPART> select disk 0
     Disc 0 is now the selected disk
3.  DISKPART> create partition primary   
     No usable free extent could be found. It may be that there is insufficient
     free space to create a partition at the specified size and offset. Specify
     different size and offset values or don't specify either to create the
     maximum sized partition. It may be that the disc is partitioned using the MBR di
     sk
     partitioning format and the disc contains either 4 primary partitions, (no 
     more partitions may be created), or 3 primary partitions and one extended
     partition, (only logical drives may be created).
     DISKPART>
 
Should I continue at this point or was that output not correct?

Edited by carolinachris, 10 September 2015 - 09:34 AM.

  • 0

#114
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,590 posts

Don't continue with the steps. That's not expected.

 

Please type the following instead and let me know what the output is.

 

list disk


  • 0

#115
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,590 posts

Looks like you already have four primary partitions which is the limit in Windows. So this will be a little tricky. I see that you have a D:\ drive but it doesn't appear that anything is on this drive. Is that correct?


  • 0

Advertisements


#116
carolinachris

carolinachris

    Member

  • Topic Starter
  • Member
  • PipPip
  • 80 posts

Don't continue with the steps. That's not expected.

 

Please type the following instead and let me know what the output is.

 

list disk

Brian,

 

Here is the output from "list disk":

 

Disk ###           Status         Size             Free          Dyn          Gpt

------------             --------         ------            -------         ------         -----

* Disk 0             Online       465 GB           0B

 

DISKPART>


Edited by carolinachris, 10 September 2015 - 10:01 AM.

  • 0

#117
carolinachris

carolinachris

    Member

  • Topic Starter
  • Member
  • PipPip
  • 80 posts

Looks like you already have four primary partitions which is the limit in Windows. So this will be a little tricky. I see that you have a D:\ drive but it doesn't appear that anything is on this drive. Is that correct?

Brian,

 

I am not qualified to answer that with certainty and refer you to my previous post, "Retrieve Disk/Partition Info:...with screenshot...


Edited by carolinachris, 10 September 2015 - 10:03 AM.

  • 0

#118
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,590 posts

No problem. Let's find out.

 

1. Type exit and hit enter to get out of the DiskPart utility.

2. Type d: and hit enter.   <---that's the letter d and a colon

3. Copy/Paste the following into the command-prompt window and hit enter.

ATTRIB > 1 && DIR >>1 && NOTEPAD 1

4. Notepad will open with some information in it. Please paste this into your next reply.


  • 0

#119
carolinachris

carolinachris

    Member

  • Topic Starter
  • Member
  • PipPip
  • 80 posts

Brian,

 

Attached is the output text from:

ATTRIB > 1 && DIR >>1 && NOTEPAD 1 

Attached Files


  • 0

#120
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,590 posts

Confirmed. There's nothing necessary on the D: drive. Please do the following.

 

Delete D: Partition

1. Go back to Disk Management.

2. Right-click on the (D:) partition and select Delete Volume...Go ahead and delete.

3. Provide a screen shot of what Disk Management now looks like after this is complete.

 

Let me know if this is successful.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP