Recovering from a fatal error (trojan and virus)

[larry_lavaughn]

I had a catastrophic trojan error a few days back. Here's my system: 2 Maxtor
sata drives (6l200mo {200gb sata}, 6l300so {300gb sata} 1 WD 400bb {40gb
IDE} AMD Athlon 64 x2 3800+ (2.0ghz); I just got another 2 gb of ram
installed, so I'm up to 3 gb; my mobo is a Fatality an8-sli. Before the fatal
error, I was running the 200gb as my Windows drive and the 300gb held all my
games, music and photos and stuff like that. I was using the 40gb IDE drive
as a strict system swap drive, to offload all the work from the 200gb and not
keep it filled. I had an adminstrator account and a Winlogon password...
after redoing the 40 and using that as my Windows drive now, I cannot get to
the 200gb drive to get anything off of that and move it to the 40gb. I can't
access the 200gb at all... Windows has it as read only. Is there a way to fix
this issue so I can save my pics and movies and things like that? or do I
have to re-do the 200gb and lose some of the things I want to keep? I have
installed AVG-free 8 on the 40gb and it found the trojan and some other
viruses in the system restore files on the 200gb drive, which is no longer my
active Windows drive. I have tried to explore my way to the Windows folder on
the drive in question, but when I attempt to do anything with it, I get the
error noise and the dialog box that says that it's not accessable. Any
suggestions?

 

[Pegasus \(MVP\)]

I had a catastrophic trojan error a few days back. Here's my system: 2
Maxtor
sata drives (6l200mo {200gb sata}, 6l300so {300gb sata} 1 WD 400bb {40gb
IDE} AMD Athlon 64 x2 3800+ (2.0ghz); I just got another 2 gb of ram
installed, so I'm up to 3 gb; my mobo is a Fatality an8-sli. Before the
fatal
error, I was running the 200gb as my Windows drive and the 300gb held all
my
games, music and photos and stuff like that. I was using the 40gb IDE
drive
as a strict system swap drive, to offload all the work from the 200gb and
not
keep it filled. I had an adminstrator account and a Winlogon password...
after redoing the 40 and using that as my Windows drive now, I cannot get
to
the 200gb drive to get anything off of that and move it to the 40gb. I
can't
access the 200gb at all... Windows has it as read only. Is there a way to
fix
this issue so I can save my pics and movies and things like that? or do I
have to re-do the 200gb and lose some of the things I want to keep? I have
installed AVG-free 8 on the 40gb and it found the trojan and some other
viruses in the system restore files on the 200gb drive, which is no longer
my
active Windows drive. I have tried to explore my way to the Windows folder
on
the drive in question, but when I attempt to do anything with it, I get
the
error noise and the dialog box that says that it's not accessable. Any
suggestions?

To me any OS that has been infected by a virus is a compromised OS,
requiring a complete reload. In your case your best bet would be to
retrieve your files from your backup. Since you probably don't have one,
this is a good time to review your backup policy, unless you prefer to
wait until the next disaster happens.

In the meantime you should concentrate on salvaging your data rather
than repairing your PC. The safest way is to connect your IDE and
SATA disks to some other WinXP PC and copy the files to a spare
disk. The IDE disk must be connected as a slave disk. If you don't
have access to another PC then you could boot your own PC with
a Bart PE boot CD and copy the files to a spare disk. Unfortunately
you have to make your own Bart CD. Here is what's required:
- A PC running WinXP.
- A WinXP Professional CD (but no product key)
- A CD burner
- About three hours of your time.

 

[Kayman]

I had a catastrophic trojan error a few days back. Here's my system: 2 Maxtor
sata drives (6l200mo {200gb sata}, 6l300so {300gb sata} 1 WD 400bb {40gb
IDE} AMD Athlon 64 x2 3800+ (2.0ghz); I just got another 2 gb of ram
installed, so I'm up to 3 gb; my mobo is a Fatality an8-sli. Before the fatal
error, I was running the 200gb as my Windows drive and the 300gb held all my
games, music and photos and stuff like that. I was using the 40gb IDE drive
as a strict system swap drive, to offload all the work from the 200gb and not
keep it filled. I had an adminstrator account and a Winlogon password...
after redoing the 40 and using that as my Windows drive now, I cannot get to
the 200gb drive to get anything off of that and move it to the 40gb. I can't
access the 200gb at all... Windows has it as read only. Is there a way to fix
this issue so I can save my pics and movies and things like that? or do I
have to re-do the 200gb and lose some of the things I want to keep? I have
installed AVG-free 8 on the 40gb and it found the trojan and some other
viruses in the system restore files on the 200gb drive, which is no longer my
active Windows drive. I have tried to explore my way to the Windows folder on
the drive in question, but when I attempt to do anything with it, I get the
error noise and the dialog box that says that it's not accessable. Any
suggestions?

http://michaelstevenstech.com/cleanxpinstall.html - Clean Install How-To
http://www.elephantboycomputers.com/page2.html#Reinstalling_Windows - What
you will need on-hand
http://cquirke.mvps.org/reinst.htm

 

[Patrick Keenan]

I had a catastrophic trojan error a few days back. Here's my system: 2
Maxtor
sata drives (6l200mo {200gb sata}, 6l300so {300gb sata} 1 WD 400bb {40gb
IDE} AMD Athlon 64 x2 3800+ (2.0ghz); I just got another 2 gb of ram
installed, so I'm up to 3 gb; my mobo is a Fatality an8-sli. Before the
fatal
error, I was running the 200gb as my Windows drive and the 300gb held all
my
games, music and photos and stuff like that. I was using the 40gb IDE
drive
as a strict system swap drive, to offload all the work from the 200gb and
not
keep it filled. I had an adminstrator account and a Winlogon password...
after redoing the 40 and using that as my Windows drive now, I cannot get
to
the 200gb drive to get anything off of that and move it to the 40gb. I
can't
access the 200gb at all... Windows has it as read only.

Can you access this drive if you connect it to another system?

Is there a way to fix
this issue so I can save my pics and movies and things like that? or do I
have to re-do the 200gb and lose some of the things I want to keep? I have
installed AVG-free 8 on the 40gb and it found the trojan and some other
viruses in the system restore files on the 200gb drive, which is no longer
my
active Windows drive.

If restore points were infected, you should turn System restore off, to
delete all the points, and then turn it on again after the system is
cleaned. Yes, this means that you can't go back, but if the restore points
were infected, those aren't places you want to go back to.

I have tried to explore my way to the Windows folder on
the drive in question, but when I attempt to do anything with it, I get
the
error noise and the dialog box that says that it's not accessable. Any
suggestions?

Connect the drive to another working system to take your Windows install out
of the equation. Use a USB2 drive case or adapter for this purpose; they
are very useful and not expensive.

If you can see the drive properly when attached to another system, consider
wiping and redoing your Windows install, rather than wasting time trying to
figure out what to fix.

HTH
-pk

 

[larry_lavaughn]

--
If U always do what you always did...
you';; always get what you always got!

To me any OS that has been infected by a virus is a compromised OS,
requiring a complete reload. In your case your best bet would be to
retrieve your files from your backup. Since you probably don't have one,
this is a good time to review your backup policy, unless you prefer to
wait until the next disaster happens.

In the meantime you should concentrate on salvaging your data rather
than repairing your PC. The safest way is to connect your IDE and
SATA disks to some other WinXP PC and copy the files to a spare
disk. The IDE disk must be connected as a slave disk. If you don't
have access to another PC then you could boot your own PC with
a Bart PE boot CD and copy the files to a spare disk. Unfortunately
you have to make your own Bart CD. Here is what's required:
- A PC running WinXP.
- A WinXP Professional CD (but no product key)
- A CD burner
- About three hours of your time.


Funny that you would say that, because I understand that a backup strategy is the best thing when working with compters these days, since viruses are prolific. Here's the thing, I DO have a 250gb backup drive, but it is filled to capacity as I tried to use the Microsoft OneCare solution and it created such a HUGE backup block that there is no room left for me to even burn it to a CD, or DVD. I have long since uninstalled OneCare, but I have no way to offload anything from my backup drive and any attempts at a daily backup have failed since the drive no longer has room to create anymore backups. My future solution is to get another, larger backup drive (1TB) that I intend to back up the 250gb backup to then scrub the 250 and start over, since now I essentialy have a new system.

The problem that I have mentioned is the fact that I cannot get past seeing
the drive and maybe exploring my way to my named folder in Documents and
Settings on the 200gb drive in question. Any further attempts at accessing
anything deeper is met with the error msg about the folder not being
accessible. I have tried through the properties dialog to remove the
read-only attribute, and I have tried to -R-A-S-H the drive through the cmd
box, but all to no avail. No I am not sure if this is because this was
previously my Windows system drive and password protected (Win Logon). I will
try to keep you guys informed with my attempt at what the other guy said
about taking ownership.

Thanks to everyone that responded to this post.

 

[Pegasus \(MVP\)]

--
If U always do what you always did...
you';; always get what you always got!



The problem that I have mentioned is the fact that I cannot get past
seeing
the drive and maybe exploring my way to my named folder in Documents and
Settings on the 200gb drive in question. Any further attempts at accessing
anything deeper is met with the error msg about the folder not being
accessible. I have tried through the properties dialog to remove the
read-only attribute, and I have tried to -R-A-S-H the drive through the
cmd
box, but all to no avail. No I am not sure if this is because this was
previously my Windows system drive and password protected (Win Logon). I
will
try to keep you guys informed with my attempt at what the other guy said
about taking ownership.

Thanks to everyone that responded to this post.

Prolific viruses are not the main reason why regular backups are
essential - they are just one of many potential threats.

You write "Any further attempts at accessing anything deeper is met
with the error msg about the folder not being accessible." You need
to quote specific error messages if you require further assistance.

 

[larry_lavaughn]

Thanks to everyone... I posted this issue in another forum by mistake, and
another MS-MVP came up with what worked... take ownership of the folder.

 

[Pegasus \(MVP\)]

Thanks to everyone... I posted this issue in another forum by mistake, and
another MS-MVP came up with what worked... take ownership of the folder.
--

I suspected something like this, which is why I asked you
to quote the error message verbatim instead of your
personal interpretation.

 

[larry_lavaughn]

The error msg dialog box read the following: "This folder is not accessable.
Access is denied."

 

[Pegasus \(MVP\)]

The error msg dialog box read the following: "This folder is not
accessable.
Access is denied."

As soon as we see "Access is denied" we know that you're
dealing with a permission issue. Seizing ownership of the
folder is the standard solution, as you were advised by the
other MVP.

My overall recommendation for future posts is: Quote full
error messages, not your own version. Respondents in this
newsgroup usually know what issue generates which error
message.