Page 2 of 5 FirstFirst 1234 ... LastLast
  1.    21 Jun 2016 #11
    Join Date : Jun 2016
    Posts : 31
    Windows 10 (64)
    Thread Starter

    I captured the results with Windows snipping Tool
    I didn't know about your technique so when "alt+PrtScrn" didn't give me a sign that it captured I moved on to the one I usually use.
    After I closed CP I see that it actually works...cool.

    Anyways, here's the pics.
    You can see I got confused at finding the "D" number.

    Click image for larger version. 

Name:	1.JPG 
Views:	4 
Size:	84.1 KB 
ID:	86151

    Click image for larger version. 

Name:	2.JPG 
Views:	4 
Size:	92.0 KB 
ID:	86152

    Click image for larger version. 

Name:	3.JPG 
Views:	4 
Size:	61.8 KB 
ID:	86153


    Can I copy the "D" Partition to another laptop?
      My ComputerSystem Spec
  2.    21 Jun 2016 #12
    Join Date : Oct 2013
    Penns Forrest
    Posts : 3,506
    Win_8.1-Pro, Win_10.1607-Pro, Mint_17.3

    Thanks for the data

    One more piece of the puzzle: I'd like to see your Disk Management

    1. Download dmDskmgr-vd.zip (contains dmDskmgr-vd.mmc)

    2. Double click dmDskmgr-vd.zip to open the compressed folder
      Double click dmDskmgr-vd.mmc to launch the custom Disk Management console

    3. Press Alt+PrtScn to grab a snapshot of just the Disk Management window
      Open Paint and Ctrl+V to paste it, then save the image

    4. Attach the image to a new post


    Thanks
    You could copy D: to another laptop, I was just trying to isolate the contents for two reasons.
    A possible real threat or a flase positive, and
    the Recovery isn't needed on your Win10 install. It's the OEM recovery partition,
    --> I'm fairly sure of that, but I'll review the thread just in case I'm thinking of another thread
      My ComputerSystem Spec
  3.    21 Jun 2016 #13
    Join Date : Apr 2015
    Posts : 12,999
    W10Prox64

    Quote Originally Posted by Koukol View Post
    Hello,
    First post here

    Lately my Windows Defender is finding a Trojan in the Recovery D (Trojan:Win32/Dynamer!ac)
    It only shows up after a full 3 hour search and not in the fast search
    A full search with Malwarebytes, Adware and Hitman Pro (free versions) will come up clean.

    Unlike some others online I've been successful in removing the trojan with WD only to find it back the next day.
    I even re-installed W10 and it's still there (I assume D was changed as well)

    This questionable trojan is in some stupid game.
    I don't play games on my PC and would love to rid my PC of any game that might be on it.

    I took a snapshot of WD trying to get rid of the damn thing at the usual point where it sticks for about an hour.

    Attachment 86032

    So, Is it a false positive as some have said online?
    And if yes how do I get WD to stop flashing red when it finds it?
    Hi.
    This looks to me to be a part of HP installed games, on your recovery partition? And, I think, normally your recovery partition would not have a drive letter assigned to it, so Defender wouldn't normally scan this partition. So, I think it's a FP, but am wondering why your recovery partition has a drive letter.
      My ComputerSystem Spec
  4.    21 Jun 2016 #14
    Join Date : Jun 2016
    Posts : 31
    Windows 10 (64)
    Thread Starter

    "One more piece of the puzzle: I'd like to see your Disk Management"

    Click image for larger version. 

Name:	Untitledjj.jpg 
Views:	3 
Size:	150.1 KB 
ID:	86181

      My ComputerSystem Spec
  5.    21 Jun 2016 #15
    Join Date : Jun 2016
    Posts : 31
    Windows 10 (64)
    Thread Starter

    Quote Originally Posted by simrick View Post
    Hi.
    This looks to me to be a part of HP installed games, on your recovery partition? And, I think, normally your recovery partition would not have a drive letter assigned to it, so Defender wouldn't normally scan this partition. So, I think it's a FP, but am wondering why your recovery partition has a drive letter.
    I guess HP products list the Recovery as "D"
    It also must be that the WD fast scan omits the Recovery drive while the full scan doesn't.
      My ComputerSystem Spec
  6.    21 Jun 2016 #16
    Join Date : Oct 2013
    Penns Forrest
    Posts : 3,506
    Win_8.1-Pro, Win_10.1607-Pro, Mint_17.3

    Thanks, just as I thought - GPT drive. Now I have to think a bit for the correct id to make it not an OEM partition.

    Yeah sometimes HP gives Recovery a letter, sometimes not.

    Koukol, you've done great with all of my requests - thank you.

    I'm running out of steam right now, maybe in a few hours or in the morning I'll pick up your thread again.

    Did you run the other scans I posted? Did they find the file as a threat? Did they clean up anything else?

    There are two paths
    1) backup the D: drive. Not difficult, but time consuming on a forum. and it's 35+ GBs - you'll need a place to put it - a new 64 GB thumbdrive is what I would recommend. So it's time and money
    It would be nice to have install discs (you didn't by chance make them when you got the machine did you?)
    Creating them now is an entirely different project. That's sort of why I was trying to save the D: drive. With a little tweaking it could be your OEM install media.

    Remind me - what version was upgraded (7 or 8)?

    2) Nuke the D drive after checking what's on it. If it's the previous Win OEM install pkg, then you probably won't use it ever again.
    You solve the malware question and you gain 35+ GBs

    Think about what you want to do next - save or Nuke (after verifying the contents) D:
    Me - don't worry about me - I'm in for the duration, whatever you decide.

    Bill
    .
      My ComputerSystem Spec
  7.    21 Jun 2016 #17
    Join Date : Jun 2016
    Posts : 31
    Windows 10 (64)
    Thread Starter

    "Koukol, you've done great with all of my requests - thank you.
    I'm running out of steam right now, maybe in a few hours or in the morning I'll pick up your thread again.
    Did you run the other scans I posted? Did they find the file as a threat? Did they clean up anything else?"


    Bill, it's you who should be thanked.
    It's kind people like you who make the internet great.

    My PC came with W8 and I hated it.
    I preferred Vista on my older laptop.
    And despite a few flaws I now prefer W10 along with Firefox and don't want to go back.

    I haven't finished all the scans since I've been busy making a Birthday card for my sister-in-law for tomorrow.
    I'm still wondering if I need to actually access the trojan in question since I don't know how to find it.
    I was under the impression I was not to touch the Recovery drive.

    If I remove it completely can I still do a System setback ( restore) in the Recovery options?
    I rely on this heavily.
    As I said whatever I did yesterday I successfully restored my PC to a few days ago when I made a restore point after WD supposedly got rid of this trojan (?)
    If I could nuke all games on my PC I'd gladly do it even if it didn't get rid of this problem.
    I've no idea how that game got on my PC's Recovery since I've never downloaded one in my life.

    I'll try them this evening.

    Cheers!
      My ComputerSystem Spec
  8.    21 Jun 2016 #18
    Join Date : Jun 2016
    Posts : 31
    Windows 10 (64)
    Thread Starter

    OK, as I suspected I don't know how to get into my Recovery.

    I went VirusUploader and could only add the name in a search that came up with nothing.
    I then downloaded VTUploader and couldn't figure out what to do.
    One folder was too big and the others empty.
    (See grabs)

    Click image for larger version. 

Name:	hhh.JPG 
Views:	25 
Size:	16.2 KB 
ID:	86216


    I tried the above "WindowsRE" folder above and got this message.

    Click image for larger version. 

Name:	virusuploader.JPG 
Views:	25 
Size:	24.4 KB 
ID:	86217
      My ComputerSystem Spec
  9.    21 Jun 2016 #19
    Join Date : Oct 2013
    Penns Forrest
    Posts : 3,506
    Win_8.1-Pro, Win_10.1607-Pro, Mint_17.3

    Ok, don't sweat this tonight ... enjoy making your sister's birthday card.

    I still have to find the correct value for the partition id - easy - just have to look it up.

    Knowing it was Win8 is a good thing - you could if you wanted to go back, download hte ISO. But knowing you're good with Win10 - makes it even easier. You can download the ISO for Win10 as well. Win7 would have been an issue ... but that's no germane - cool.

    Also knowing that you can access the D: partition - might make it easier.

    I think we'll just nuke D: after two last checks:

    1) Command Prompt (Admin)
    enter the following commands

    reagentc /info
    dir d:\ /a /s > %TEMP%\listDrvD.txt

    Post a screen shot of Cmd window and close it

    On your next post, attach (See: Upload Screenshots or Files)

    %TEMP%\listDrvD.txt

    Just paste the entire line above in the File name: field.

    Click image for larger version. 

Name:	atchTemp.PNG 
Views:	24 
Size:	4.5 KB 
ID:	86224

    reagentc tells you where the Window Recovery is located - it's a bit cryptic, but figuring it out comes from a lot of the disk information you posted before.

    dir lists the contents of D and > directs it into the file.

    After I look at those two things, I think I'll just give you instructions to remove the OEM Recovery.

    If you have any questions or objections - now is the time.

    Well, I still have to write them up and you still have to read and execute them, so there's plenty of time
      My ComputerSystem Spec
  10.    22 Jun 2016 #20
    Join Date : Jun 2016
    Posts : 31
    Windows 10 (64)
    Thread Starter

    I was successful getting some info with "reagentc /info"
    But "dir d:\ /a /s > %TEMP%\listDrvD.txt" came up with nothing.
    (I don't know how to get the pasted text back to normal)


      My ComputerSystem Spec

 
Page 2 of 5 FirstFirst 1234 ... LastLast


Similar Threads
Thread Forum
.ecc Extension: Trojan ? Can't Seem To Delete Them ? Help please
Hello, I received an eMail from a friend who said that any file with an .ecc extension is one of those Crypto ransom ware trojans. True ? My old PC7 PC was wiped out, literally, a few months ago, so I am literally paranoid about this.
AntiVirus, Firewalls and System Security
Solved Trojan Detected in OneDrive
The odd thing is I don't even use OneDrive except to automatically upload photos from my Android phone to my desktop; nothing has been detected on the phone. I've run another full scan with Bitdefender and Malwarebytes Anti-Malware (free) without...
AntiVirus, Firewalls and System Security
Trojan in My Registry
I have an older 15 inch HP with W10 that I recently updated. I have always had McAfee on the computer, it has never lapsed. I have also run Spybot, Malwarebytes, Google Ghostery and ABP Adblock Popup. When I recently bought a new printer...
AntiVirus, Firewalls and System Security
I have a backdoor Trojan (malware)
I have a backdoor Trojan (malware) on my computer and I couldn't be bothered to reformat my PC until the opportunity was given to me in windows 10. I still want to keep my PC but I want the malware to be completely gone, so in my situation would...
AntiVirus, Firewalls and System Security
Solved Trojan removed by Defender
With the last couple of builds it seems that Defender is always finding stuff to remove every time I start Windows 10. This morning I removed Trojan Win32/GHEUGENT.Alplock after Defender quarantined it and marked it severe. Right now I am running...
AntiVirus, Firewalls and System Security
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 14:32.
Find Us
Twitter Facebook Google+ Ten Forums iOS App Ten Forums Android App



Windows 10 Forums