Can not use defragment or scan disk or system restore

[Ed8757]

I have windows XP. The scan disk does not work in normal mode or in

safe mode, or from the cmd prompt (chkdsk). The message says the volume

is being used by another process. The defragmenter does not work. The

system restore does not work. All restore points are gone. Can not

create a restore point. Antivirus does not detect any virus or malware.

System Tray does not show any unusual processes. I recently was

infected by something called win police pro. The antivirus removed it

but that is when I noticed the problem. No software or application

have been recently installed.

 

[Gordon]

I have windows XP. The scan disk does not work in normal mode or in

safe mode, or from the cmd prompt (chkdsk). The message says the volume

I think you'll find chkdsk will only start when you next start up the
computer...

 

[M]

I have windows XP. The scan disk does not work in normal mode or in

safe mode, or from the cmd prompt (chkdsk). The message says the volume

is being used by another process. The defragmenter does not work. The

system restore does not work. All restore points are gone. Can not

create a restore point. Antivirus does not detect any virus or malware.

System Tray does not show any unusual processes. I recently was

infected by something called win police pro. The antivirus removed it

but that is when I noticed the problem. No software or application

have been recently installed.

It's time to back up your data and reinstall XP.

M

 

[db]

usually what happens is that when
an infection is removed by the
anti virus,

it cannot replace any system files
that became corrupted "or" zapped
into oblivion by the anti virus.

perhaps, it is also why there are no
system restore points, because they
became the host for the infections.

------------------

my suggestion is to run a repair
installation.

the method above will replace missing
or corrupted system files with genuine
ones from the xp cd.

however, there is a caveat to the above

the method can only work if you have
an xp cd that is the same version as the
o.s. on the hard drive.

in other words, a cd that is xp sp2 can
not repair an sp3 o.s.

----------------

keep us apprised of your stats.


--
db·´¯`·...¸><)))º>
DatabaseBen, Retired Professional
- Systems Analyst
- Database Developer
- Accountancy
- Veteran of the Armed Forces
- @Hotmail.com
- nntp Postologist
~ "share the nirvana" - dbZen

~~~~~~~~~~~~~~~

 

[BillW50]

In db typed on Thu, 1 Oct 2009 10:24:31 -0500:
[...]

my suggestion is to run a repair
installation.

the method above will replace missing
or corrupted system files with genuine
ones from the xp cd.

however, there is a caveat to the above

the method can only work if you have
an xp cd that is the same version as the
o.s. on the hard drive.

in other words, a cd that is xp sp2 can
not repair an sp3 o.s.

It is worse than that I understand. If you try to repair say XPSP2 with
XPSP2, but IE or WMP is a different version between the two. I hear tell
that you will toast that OS and it won't be good for anything. <sigh>

 

[Jose]

I have windows XP. The scan disk does not work in normal mode or in

safe mode, or from the cmd prompt (chkdsk). The message says the volume

is being used by another process. The defragmenter does not work. The

system restore does not work. All restore points are gone. Can not

create a restore point. Antivirus does not detect any virus or malware.

 System Tray does not show any unusual processes.  I recently was

infected by something called win police pro.  The antivirus removed it

but that is when I noticed the problem.  No software or application

have been recently installed.

Reduce the number of questions, guessing and trying things that might
work by supplying more information:

Click Start, Run and in the box enter:

msinfo32

Click OK, and when the System Summary info appears, click Edit, Select
All, Copy and then paste
back here.

There would be some personal information (like System Name and User
Name) or whatever appears to
be only your business that you can delete from the paste.

Reduce the chances of malicious software by running some scans.

Download, install, update and do a full scan with these free malware
detection programs:

Malwarebytes (MBAM): http://malwarebytes.org/
SUPERAntiSpyware: (SAS): http://www.superantispyware.com/

These can be uninstalled later if desired.

When the scans run clean, attack and resolve one problem at a time -
your pick.

Try to be more specific with your symptoms by replacing "does not
work" with what you see that you think you should not see or what you
do not see that you think you should see.

 

[Ed8757]

The problem is fixed. Everything works again. The Malwarebytes found a long
list of items and cleaned them. Why didn't My antivirus (Trend Micro)
prevent/find these?

 

[Ed8757]

Problem is fixed. Problem was caused by Rootkit.tdss. This thing is nasty.
This was left behind when Windows Police Pro malware was removed by the
antivirus (Trend Micro). The rootkit was carefully concealed so the
antivirus would not see it. The MalwareBytes software was able to remove
it.

 

[Jose]

The problem is fixed.  Everything works again.  The Malwarebytes found a long
list of items and cleaned them.  Why didn't My antivirus (Trend Micro)
prevent/find these?

It is nasty, but mostly just annoying.

There is no single program that seems to know about every kind of
malicious software - they change all the time!

It is definietly a good idea to have more than one in your malware
arsenal.

I have never used TM.

I have faith in MBAM, hence I start with it.

Glad it is working again - and no reinstall.

 

[BillW50]

In
Jose typed on Thu, 1 Oct 2009 09:10:47 -0700 (PDT):

Download, install, update and do a full scan with these free malware
detection programs:

Malwarebytes (MBAM): http://malwarebytes.org/
SUPERAntiSpyware: (SAS): http://www.superantispyware.com/

These can be uninstalled later if desired.

Hi Jose, I never tried these two so I downloaded them and installed them
one at a time.

Malwarebytes found three files in an unused part by XP called
$RECYCLE.BIN. One file was called explorer.exe interesting enough. I
forgot what the other two were. All three files MBAM had called worms.
Oddly enough when it finished, I got no warning and it rebooted. This is
a very bad thing to do IMHO. It should warn you before it does this. I
could have had lots of unsaved work.

SUPERAntiSpyware found like 162 spyware cookies, which I see as no big
deal. Although it stated it needed to reboot to clear some of them out.
Ok, no problem. Rebooted and Windows hangs about 20 seconds into it.

Safe Mode works, but refuses to uninstall SUPERAntiSpyware and states
that the Windows Installer service may not be running. But it does allow
Malwarebytes to be uninstalled interesting enough. So the only way I
could get XP to boot normally is by renaming the folder that
SUPERAntiSpyware lives in. Once loaded, I renamed it back and then it
would uninstall.

I don't know about you? But both of these programs are acting like
malware themselves. And I am not that impressed. I am running Avast 4.8
and MS EWF is disabled.

 

[Richard]

In Jose typed on Thu, 1 Oct 2009 09:10:47 -0700 (PDT):

Hi Jose, I never tried these two so I downloaded them and installed them
one at a time.

Malwarebytes found three files in an unused part by XP called
$RECYCLE.BIN. One file was called explorer.exe interesting enough. I
forgot what the other two were. All three files MBAM had called worms.
Oddly enough when it finished, I got no warning and it rebooted. This is a
very bad thing to do IMHO. It should warn you before it does this. I could
have had lots of unsaved work.

SUPERAntiSpyware found like 162 spyware cookies, which I see as no big
deal. Although it stated it needed to reboot to clear some of them out.
Ok, no problem. Rebooted and Windows hangs about 20 seconds into it.

Safe Mode works, but refuses to uninstall SUPERAntiSpyware and states that
the Windows Installer service may not be running. But it does allow
Malwarebytes to be uninstalled interesting enough. So the only way I could
get XP to boot normally is by renaming the folder that SUPERAntiSpyware
lives in. Once loaded, I renamed it back and then it would uninstall.

I don't know about you? But both of these programs are acting like malware
themselves. And I am not that impressed. I am running Avast 4.8 and MS EWF
is disabled.

Hi Bill,

I found your observations about the performance of those 2 anti-malware
products informative. Thanks. (Why doesn't your tag line say SP3?

I too find it strange that MBAM would reboot without warning. The times that
I ran MBAM on another family member's computer, it did not find anything. I
installed Avast 4.8 on that machine after the MBAM scan. Did you disable
your Avast before the MBAM scan? Of course, most people that would use MBAM
to root out malware would not likely be doing ordinary computer work, and
therefore have no work that needs to be saved before reboot. It is always
good advice to close all open programs before installing software, or
running any kind of "full scan" program that is likely to be CPU intensive.
(But yeah, a warning would be nice.

I'm not surprised that MBAM uninstalled without incident. One of the reasons
that it is better than most anti-malware at rooting out infections, is
because it relies less upon the Windows operating system, and doesn't have
its hooks in everything. (I'm thinking back to a faded memory of NAV.)

I'm guessing that the SAS uninstall problem was because it still had
unfinished business, due to a botched reboot. Thanks for pointing out the
method you used to get it to uninstall. I wouldn't have thought of that.

(Triple-click here, to be of good cheer.
--Richard
WinXP Pro SP3 IE6 NOD32
- - -

 

[Jose]

Hi Bill,

I found your observations about the performance of those 2 anti-malware
products informative. Thanks. (Why doesn't your tag line say SP3?

I too find it strange that MBAM would reboot without warning. The times that
I ran MBAM on another family member's computer, it did not find anything.I
installed Avast 4.8 on that machine after the MBAM scan. Did you disable
your Avast before the MBAM scan? Of course, most people that would use MBAM
to root out malware would not likely be doing ordinary computer work, and
therefore have no work that needs to be saved before reboot. It is always
good advice to close all open programs before installing software, or
running any kind of "full scan" program that is likely to be CPU intensive.
(But yeah, a warning would be nice.

I'm not surprised that MBAM uninstalled without incident. One of the reasons
that it is better than most anti-malware at rooting out infections, is
because it relies less upon the Windows operating system, and doesn't have
its hooks in everything. (I'm thinking back to a faded memory of NAV.)

I'm guessing that the SAS uninstall problem was because it still had
unfinished business, due to a botched reboot. Thanks for pointing out the
method you used to get it to uninstall. I wouldn't have thought of that.

(Triple-click here, to be of good cheer.
--Richard
WinXP Pro SP3 IE6 NOD32
- - -

I have never encountered nor can explain these reported behaviors.

 

[BillW50]

In Richard typed on Sat, 10 Oct 2009 17:23:48 -0400:

Hi Bill,

I found your observations about the performance of those 2
anti-malware products informative. Thanks. (Why doesn't your tag line
say SP3?

Hi Richard! Why is my XP at SP2? For a number of reasons actually.

1) Microsoft EWF doesn't work with SP3.

2) This modern netbook for example only has 4G and SP3 won't fit on it
anyway. And some of my other computers that I put SP3 on, I have
regretted it.

And I have found your observations very informative too. ;-)

 

[Richard]

Hi Richard! Why is my XP at SP2? For a number of reasons actually.

1) Microsoft EWF doesn't work with SP3.

2) This modern netbook for example only has 4G and SP3 won't fit on it
anyway. And some of my other computers that I put SP3 on, I have
regretted it.

And I have found your observations very informative too. ;-)

Hi Bill,

Another observation, the day after the above tag line, a new one appeared:

Asus EEE PC 702G4 ~ 2GB RAM ~ 16GB-SDHC
Xandros Linux (build 2007-10-19 13:03)

Haven't seen that one before. (And reduced to using Thunderbird!

How many computers do you have now?

1. I thought that Windows XP Embedded Service Pack 3 works with Enhanced
Write Filter. (That's about as far as my EWF knowledge goes...

2. My WinXP-pro-SP3 CD has a total of 589 MB worth of files, 19.5MB of
which is the SP3.CAB, and about 22MB in extra tools and ValueAdd stuff.
It should be possible to install that on a partition as small as 2GB,
especially if another partition or drive is available for setup and temp
files. I just checked, and have apparently installed 83 items from Windows
Update since SP3. The uninstall files total 291MB, compressed to 250MB.

Not counting all the stuff that I don't need, my Windows folder contents
are less than 2GB. Out of the box, this computer had about 5 GB stuff on a
234GB (binary) drive, counting Windows XP-pro-SP3, MS Office 2007, and
lots of things I still haven't gotten around to checking out yet.

Of course, with a 4GB system drive, and 2GB RAM, the 2GB+1MB hiberfil.sys
file for hibernation would severely limit things. And then, with the old
rule of thumb of making the pagefile.sys initial size equal to 1.5 times
RAM, you would need another 3GB space, although a 2nd drive could be used.

Oh well, (grin,) I've just about talked myself out of even trying to run
WinXP-SP3 on any system smaller than about 10GB, so you're off the hook.

(Triple-click here, to be of good cheer.
--Richard

 

[BillW50]

In Richard typed on Wed, 21 Oct 2009 09:03:09 -0400:

Hi Bill,

Another observation, the day after the above tag line, a new one
appeared:

Haven't seen that one before. (And reduced to using Thunderbird!

Yeah... I really don't like using Thunderbird or Linux very much. As I
find it way too limiting. And I often call Linux a glorified PDA. ;-)

How many computers do you have now?

I don't really know? I do have ten in this very room though and two
PDAs.

1. I thought that Windows XP Embedded Service Pack 3 works with
Enhanced Write Filter. (That's about as far as my EWF knowledge
goes...

Oh there is a separate SP for XP Embedded? Oh well... then I am still
screwed. As I have intergraded it into XP SP2 Home versions. And I tried
SP3 on one of them and no errors or anything. But Windows remembers it
ran last time if you dump the RAM. As it reports it did not shutdown
properly. Windows XP EWF is supposed to be read-only and have no memory
of any later boots. SP2 works great though.

2. My WinXP-pro-SP3 CD has a total of 589 MB worth of files, 19.5MB of
which is the SP3.CAB, and about 22MB in extra tools and ValueAdd
stuff. It should be possible to install that on a partition as small
as 2GB, especially if another partition or drive is available for
setup and temp files. I just checked, and have apparently installed
83 items from Windows Update since SP3. The uninstall files total
291MB, compressed to 250MB.

Yeah that is under the best conditions. Although temps, expanding files,
etc. you need more like 1.5GB of free space. As that is how much I lost
on one of the few machines I was installing SP3 on. Microsoft claims
just under 500MB of space though. And after installation, you get about
a 1GB back. Still too much to give up on a 4GB system IMHO.

Not counting all the stuff that I don't need, my Windows folder
contents are less than 2GB.

That is what I have here too on this 4G machine. 1.82GB actually. My
Program Files folder is taking up 1GB.

Out of the box, this computer had about 5
GB stuff on a 234GB (binary) drive, counting Windows XP-pro-SP3, MS
Office 2007, and lots of things I still haven't gotten around to
checking out yet.
Of course, with a 4GB system drive, and 2GB RAM, the 2GB+1MB
hiberfil.sys file for hibernation would severely limit things. And
then, with the old rule of thumb of making the pagefile.sys initial
size equal to 1.5 times RAM, you would need another 3GB space,
although a 2nd drive could be used.
Oh well, (grin,) I've just about talked myself out of even trying to
run WinXP-SP3 on any system smaller than about 10GB, so you're off
the hook.
(Triple-click here, to be of good cheer.
--Richard

Thanks Richard! These computers with a SSD (solid state drive), doesn't
pay to have hibernation and pagefiles anyway. As writing a 2GB
hibernation file takes 90 seconds alone. Booting or standby works really
well though. And pagefiles with EWF is a big no-no anyway. As instead of
running two days from RAM alone before rebooting, a pagefile *can* limit
you to mere minutes and the RAM is all out of room already.

 

[BillW50]

Hi Bill,

I found your observations about the performance of those 2
anti-malware
products informative. Thanks. (Why doesn't your tag line say SP3?

I too find it strange that MBAM would reboot without warning. The
times that
I ran MBAM on another family member's computer, it did not find
anything. I
installed Avast 4.8 on that machine after the MBAM scan. Did you
disable
your Avast before the MBAM scan?...

Hi Richard! Oops! No I didn't. Did you?