Trying to Format HD

M

MrDiehl332005

New Member
Ok im sure this is very simple but its been a long time since i messed with computer. So i downloaded a Virus and it messed my computer up big time. Im tryin to format my HD. I start my computer and hit F8 to bring up safemode with command prompt i have windows XP Pro by the way. I go into the administrator account and in the command prompt i type "format c:" and so on. I get to there it wont let me do it. It says format cannot run because he colume is in use by another provess. I try to dismount the volume and it Y .......... It says cannot lock the drive. The volume is still in use......


So anyone know another way i can fix this besides smashing it?
 
Windows won't format itself. Why don't we try and clean your infections.

Please download Malwarebytes' Anti-Malware from here or here and save it to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version. Please keep updating until it says you have the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • A log will be saved automatically which you can access by clicking on the Logs tab within Malwarebytes' Anti-Malware

If for some reason Malwarebytes will not install or run please download and run Rkill.scr, Rkill.exe, or Rkill.com. If you are still having issues running rkill then try downloading these renamed versions of the same program.

EXPLORER.EXE
IEXPLORE.EXE
USERINIT.EXE
WINLOGON.EXE

But DO NOT reboot the system and then try installing or running Malwarebytes. If Rkill (which is a black box) appears and then disappears right away or you get a message saying rkill is infected, keep trying to run rkill until it over powers the infection and temporarily kills it. Once a log appears on the screen, you can try running malwarebytes or downloading other programs.



Download the HijackThis installer from here.
Run the installer and choose Install, indicating that you accept the licence agreement. The installer will place a shortcut on your desktop and launch HijackThis.

Click Do a system scan and save a logfile

Most of what HijackThis lists will be harmless or even essential, don't fix anything yet.

When the hijackthis log appears in a notepad file, click on the edit menu, click select all, then click on the edit menu again and click on copy. Come back to your reply and right click on your mouse and click on paste.

Post the logfile that HijackThis produces along with the Malwarebytes Anti-Malware log
 
Ok So when i start my computer up and windows logs in i pops up id say a good 30-50 windows that say Windows- Delayed Write Failed. Failed to save all the components for the file \\system32\\0000390c. The file is corrupted or unreadable. This error may be caused by a PC Hardware Problem.. there nothing on my desktop and when i go to start i can only see All program and that only leads me to OpenOffice.org 3.2 and then thats empty.. My computer leeps tellin me the RAM memory reliability is extremely low.. I cant get to IE or anything
 
Boot to safe mode with networking and see if the same thing happens. If it does, do you have a operating system reinstallation cd or a system recovery CD?
 
ok i couldnt find IE but i tryied windows key and F and i searched web that way download the program and its installed and doing a quick scan.. I tried to do the reinstall from my CD but it gave me an Error i forget that it was tho. Its searched 35k files so far 4 infected so lets hope for the best lol . Thanks ill let you know when its done and the result
 
ok it found 13 infected and i deleted them and the error i had before was sparrow.sys could not be found thats what it gave me when i tried to reinstall windows so now i have two "OS" loaded i guess
 
Did it have errors when trying to copy files to install? Can you post the malwarebytes log?
 
ok so windows loads i dont get any errors anymore but have my stuff is missing and when i go to start i only see OpenOffice.org 3.2 and the malwarebytes and nothing else i had before is there... any ideas?
 
That is what is bad about this type of infection, it causes your programs and icons to disappear but sometimes we can fix that by running a program.

Please download and run UNHIDE.EXE.

The process may take a few minutes, just let it complete.
 
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7995

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10/21/2011 1:19:49 PM
mbam-log-2011-10-21 (13-19-49).txt

Scan type: Quick scan
Objects scanned: 174012
Time elapsed: 6 minute(s), 22 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 9
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
c:\documents and settings\all users\application data\xqanbmuopoary.exe (Rogue.UltraDefrag) -> 640 -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xQaNBmuoPoArY.exe (Rogue.UltraDefrag) -> Value: xQaNBmuoPoArY.exe -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowControlPanel (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDesktop (PUM.Hidden.Desktop) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\all users\application data\xqanbmuopoary.exe (Rogue.UltraDefrag) -> Delete on reboot.
c:\documents and settings\all users\application data\6dss92c31apgjk.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.




Thats what it gave me
 
Ok so everything came back it seems. Now i just have to figure out my last problem lol. When i tried to reinstall windows it messed up so now when i rreboot my computer it tries to load the messed up verison. So when i reboot i hit F8 and then choose start windows normally and i have start windows professional and start windows professional Setup and i have to hit the first one which brings me back to my old windows which is what i want. is there anyways to get rid of the other one?
 
All you need to do is edit your boot.ini file to remove the reference to the setup install.

Click on start, click on run, type "msconfig" without the quotes and click ok. When the system configuration utility loads click on the boot.ini tab and click on check all boot paths button. This should allow you to remove the setup install. If not, post what your boot.ini file looks like and I'll give you instructions on how to edit it.
 
Ok so i got everything back i needed and now i just need to figure out how to get rid of the Second copy of windows i tried to install but had an error on. Cause when i start my computer it brings up that error and i have to restart and hit F8 and then select the good copy of windows . My choices are Windows Professional or Windows Professional Setup which is the bad copy.. And ideas.. by the way your the best ..now i dont have to listen to my wife yell at me :)
 
Thats good to hear, now you know where to come when you need help next time. We try to save people from wasting time and getting into trouble with their spouses lol.
 
You must log in or register to reply here.
Back
Top