Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

c: drive missing from disk management, i suspect a rootkit, can anyone help?


  • Please log in to reply
6 replies to this topic

#1 doc7

doc7

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:47 AM

Posted 29 July 2010 - 11:03 PM

Hi All
as the description says...
my harddrives paritularly C: show up healthy in the device manager but disk management shows no C: drive at all.
i've had serious infiltrations by rogue security rootkits (Security tools) in the past and i heard that this can be a symptom of a particularly invasive rootkit.

Can anyone suggest how i diagnose and clean this &^%$#@! off long enough for me to sand my c: drive down to bare metal, shake the dust of XP from my feet, and start life anew with Win 7?

Many Thanks!
-doc

Edited by hamluis, 30 July 2010 - 02:00 PM.
Moved from XP to Am I Infected forum ~ Hamluis.


BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 55,734 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:05:47 AM

Posted 30 July 2010 - 07:03 AM

Can you post a screeenshot from Disk Management?

Louis

#3 doc7

doc7
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:47 AM

Posted 30 July 2010 - 09:10 AM

Hi Louis
i att'd a screenshot of compmgmt.msc to this reply.
my c:drive shows up as normal in the device manager

Thank You for your help
-Mike 'Doc' Murphy

PS
I have combofix, hijack this and rootkit revealer loaded from previous incidents

Attached Files



#4 hamluis

hamluis

    Moderator


  • Moderator
  • 55,734 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:05:47 AM

Posted 30 July 2010 - 10:42 AM

Start/Run...type diskmgmt.msc and hit Enter.

Post that screenshot, please.

Louis

#5 doc7

doc7
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:47 AM

Posted 30 July 2010 - 01:46 PM

Here you go Louis
diskmgmt.msc
Thanks!
-mm

Attached Files



#6 abauw

abauw

  • Members
  • 951 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kebun Kelapa
  • Local time:05:47 PM

Posted 30 July 2010 - 01:59 PM

does this appear after serious infiltrations by rogue security rootkits (Security tools) you say or before...
if appear after that...how long after you clean that and the problems show up...

do you use any norton product...there are some issue that norton related with missing drive in disk management...

:guitar: Take me to a place where time is frozen
You don't have to close your eyes to dream :busy:
You can find escape inside this moment :smash:
And I will follow  :whistle:


#7 doc7

doc7
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:47 AM

Posted 30 July 2010 - 05:20 PM

hi abauw
i use no norton products. my only consistent antivirus program is Eset Smart Security 4

and
sorry, but i cant provide a very good timeline because i just discovered this problem by trying to migrate from XP to W7.

My computer has been scanning clean with Eset SS4 ever since March 2010 . i was infected by Security Tools (and probably others after that rootkit opened a hole) in October 2009. It still scans clean. But Eset SS4 was not installed until December 2009 and i've heard that there is malware that can hide very effectively from SS4 if the infection precedes the installation. SS4 routinely tells me that it 'blocked an address' when i use a browser but i can't get them to tell me much about what that implies.

thanks!
-mm




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users