Virus blocked access to all programs and drives

casper3806

Distinguished
Jan 3, 2012
3
0
18,510
Hello,
A virus invaded my system through a bogus email. Initially I was repeatedly prompted to purchase an anti-virus program, as windows popped up repeatedly telling me that I had a virus. I could do nothing else.
Eventually I was able to update McAfee and have eliminated the popus entirely.
Now I have no access to any programs other than McAfee and Internet Explorer; I initially did not have IE, but it came back up after I did a McAfee update.
When I click on Start the only thing available is McAfee.
If I start up in Safe mode and try to go to the C: directory to view files I get no files in any subdirectory; all is blocked.
If I do a scan with McAfee I can watch all the files and programs scanning, I just cannot access them from anywhere.
I tried System Restore through Safe Mode to an earlier date but with no results.
Open to suggestions; this is a second machine used only for internet access so it is no problem to lose any or all data to clear out the sytem and start over.
I am using Windows XP Home. I have the Windows software, but apparently Dell did not provide a full resotoration CD.
I am open to formatting the C drive and start over again, but do not know how if I cannot access any place to start.
 

Hello and welcome to Tom's Hardware Forums.

They are all still there but hidden - McAfee wasn't up to the job on its own; MalwareBytes would have done better. You now need to unhide them and if you're lucky, typing attrib c: -h at the Command Prompt might just do it. If it doesn't, you need to unhide each main folder individually by running the attrib command specifically for that folder, then right clicking it when it shows up and unhiding all the sub-folders by ticking for that option.

Start with Documents and Settings but don't forget Windows and Program Files.


 

casper3806

Distinguished
Jan 3, 2012
3
0
18,510
Thank you for replying.
Using the attrib commad at c: did not unhide folders; it appears that everything will have to be done manually.
There are no folders or files appearing in the Programs folder or the Documents and Settings folder after running attrib on those directories. I suspec this may mean that the files have been deleted by the virus.

When I start up Windows I get a message saying that Documents cannot be found; I can look at MyDocuments through Windows in safe mode but there is nothing there. There is still nothing other than McAfee when I look at Start/All Programs.

There is nothing on here that I need to keep so I tried to reformat the drive and start over. When I type format c: at the c:\> prompt I get a message that says the volume is in use by another process. If I try to "force a dismount on this volume" is says the volume is still in use.
 
How to Install Windows XP tutorial (part 1 to 4)
http://www.buildeasypc.com/sw/windows_xp.htm
http://www.buildeasypc.com/sw/windows_xp_p2.htm
http://www.buildeasypc.com/sw/windows_xp_p3.htm
http://www.buildeasypc.com/sw/windows_xp_p4.htm

How to format the drive from the Windows XP Installation CD
http://www.buildeasypc.com/sw/windows_xp_p3.htm
Step 10 - Choose format the partition using NTFS file system.This is the recommended file system. If the hard drive has been formatted before then you can choose quick NTFS format. We chose NTFS because it offers many security features, supports larger drive size, and bigger size files.
 


I'm still convinced that if you looked in the Properties of Documents and Settings>{yourname}>nameDocuments you'd find it was full of data - in other words, not zero Kb. At the Command Prompt, try attrib on that folder or, for example, Documents and Settings>Desktop and you might find it's still in there and if it is, so are lal the others.

However, as you're content to let it go, follow Chicano's advice. You were trying to persuade XP to format itself to death - turkeys and Christmas come to mind. :D Do it outside the GUI and it will work.


 

casper3806

Distinguished
Jan 3, 2012
3
0
18,510
I have been able to get to My Documents now. However, almost all programs are still hidden. The only ones that show are programs that I have opened by clicking on a file that uses the program; once it opens, it is visible, but that still only gives me Internet Explorer and Media Player as available programs.
I cannot reinstall Windows and clear out the hard drive as suggested because the computer does not recognize the DVD drive (drive D). When I look under My Computer, it does not show; when I install a DVD, it does not load, so I see no way to use the Windows disc to reinstall.
There is still considerable hidden programs and data on the machine, although slight progress has been made. The "attrib" command does not seem to want to work on every directory.
Any further suggestions will be greatly appreciated.