Jump to content

wmcagent got a hold of my laptop and I need some help.

lewis896
 Share

Recommended Posts

lewis896

lewis896

Posted
  • Author
Posted

Well, there is no option to unhide it because it's not reading it as a hidden drive (as per attachment).  However, once I go into command prompt, volumes 4 and 5 are still listed as hidden.  It also wasn't a clean install of the program; two atttachments show that my options were to abort retry or ignore.  I retried a bunch of time, then just ignored.  It's like it's always one step ahead!  I've been tinkering around with PCs for quite some time, and have seen nothing like this, for the record.

no option to unhide.pdf

movefilefail1.pdf

movefilefail2.pdf

Link to post
Share on other sites
  • Replies 74
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Posted Images

kevinf80

kevinf80

Posted
Posted

I want you to create GParted live CD, we can boot from that CD and remove hidden flag from 33 GB partion... The following instructions are from an old C/R for a previous type of infection. Please for now ignore all entries related to BOOT flags in the instructions, we old need to amend "HIDDEN" flags.

  • Download Gparted Live CD ISO from Here and save where you can easily find it.
  • Create a bootable CD by burning that ISO image to a CD.
  • Boot your system from the GParted Live CD. You should see the following:

    user posted image

     
  • Press ENTER

    user posted image

     
  • By default, "do not touch keymap" is highlighted. Leave this setting alone and just press ENTER.

    user posted image

     
  • Choose your language and press ENTER. English is default

    user posted image

     
  • Once again, at this prompt, press ENTER You will now be taken to the main GUI screen below:

    user posted image

     
  • Right click on the 33 GB Partion and select "Manage Flags"
  • Remove the Ticks from Hidden as follows:

    user posted image

     
  • You now need to confirm that action as follows:

    user posted image

     
  • Recheck 33 GB partion under "Flags" to ensure hidden flag is gone
  • If the above is correct double click on the user posted image Button.
  • At the next window select "Reboot" then "OK" Boot into Normal Windows, check that all is OK.


    user posted image

When you`ve boot back to windows is the hidden volume now unhidden...?

Thanks,

Kevin

Link to post
Share on other sites
lewis896

lewis896

Posted
  • Author
Posted

Kevin,

It's still showing hidden under command prompt but there's a CHANCE I didn't do it right from the boot cd--I was never given the option to apply as it was greyed out the entire time.  I will try again tomorrow, but your instructions were pretty clear.

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Hiya Mark,

When your system is running from GParted live CD all hard drive partions should be able to be manipulated as all are not mounted (in use), obviously any that are part of the normal Windows boot action must be left alone or the system will not boot normally.

Your Acer laptop probably had an Acer Recovery process saved to the same Hard Drive, they being sda4 and sda6 To access the recover process and iniate a factory reset I believe alt and F10 keys are selected together. You aready stated earlier that there was no working recovery partition, but you do have a recovery CD.

sda1 is your boot partition, which in turn actions sda3 your OS partition. Those partitions must not be altered, or your system will not boot.... I would also leave sda2 partition alone.

sda2 is Microsoft reserved partition which will have been created earlier by a Windows update for future use....

Partitions sda4 and sda6 should be able to be formated. For now just concentrate on sda6. Select that partition, see if it can be formatted, or deleted and then formatted...

Thanks,

Kevin...

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted (edited)

Hiya Mark,

Not sure what that partition is, as it shows unallocated I would say use Aomei in normal windows to merge with sda6 (that will show as 5 in normal windows) you could also merge sda4 that recovery partition is no good as it has no image available to be used for a factory reset...

One other point can you plug in a USB stick and see if GParted reads it as present, I believe it should be identified as sdb with a digit number also....

When you back to normal windows open the patition marked as I and see what that 86.78 of used data is...?  if that partition or volume still shows in normal windows lets try for a fix with FRST as follows:

From your spare PC download, unzip fixme.zip to a flashdrive so you have fixme.exe that is frst renamed.

Next,

With sick PC in normal mode Transfer fixme.exe from flashdrive to volume now reassigned as I:\

Next,

We now can try running frst (renamed fixme) from recovery environment....

For sick PC with Windows 7 enter System Recovery Options as follows.

Enter System Recovery Options I give two methods, use whichever is convenient for you.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select Your Country as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.


To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select Your Country as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.


On the System Recovery Options menu you may get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
 
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your drive letter and close the notepad.
  • In the command window type I:\fixme64. Press Enter
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on I drive. Please copy and paste it to your reply.


Thanks,

Kevin...

fixme.zip

Edited by kevinf80
typing error
Link to post
Share on other sites
lewis896

lewis896

Posted
  • Author
Posted

There is no way you’ll believe this because I don’t believe it—the 33GB drive shows up as I: in normal mode, but in recovery mode, it goes right back to E:.  This sh!t is flatout insane. 

I even tried typing the I:\fixme64 command in prompt and it had no idea of what drive I was talking about.  

I really wanna think it’s something I’m doing wrong, but the instructions are so easy, plus the sick laptop hasn’t done one thing correctly.

AA564F5F-C2CE-419B-83E1-1187C6322A49.thumb.jpeg.2feafb8d4580030e1bfa374b2ab335f2.jpeg

Link to post
Share on other sites
lewis896

lewis896

Posted
  • Author
Posted

Kevin, I really appreciate your help but I don't think I'm good enough to keep up with these elusive drive changes as such.  I can't even get "sda"s to show up anymore, the program wouldn't let me merge anything with anything (AOMEI) and GParted I have no idea how I even got into that one in the first place because I burned the image to a CD and I just can't plain get it to work.  I REALLY hate this, but I'm thinking the recovery tool is my only option.  What do you think? 

I'm sorry I didn't get back with you earlier I just had a hellish weekend.  You are a true warrior for trying to help me like this.

Mark

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread.

Thanks

 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.