I captured the results with Windows snipping Tool
I didn't know about your technique so when "alt+PrtScrn" didn't give me a sign that it captured I moved on to the one I usually use.
After I closed CP I see that it actually works...cool.
Anyways, here's the pics.
You can see I got confused at finding the "D" number.
Can I copy the "D" Partition to another laptop?
Thanks for the data
One more piece of the puzzle: I'd like to see your Disk Management
- Download dmDskmgr-vd.zip (contains dmDskmgr-vd.mmc)
- Double click dmDskmgr-vd.zip to open the compressed folder
Double click dmDskmgr-vd.mmc to launch the custom Disk Management console
- Press Alt+PrtScn to grab a snapshot of just the Disk Management window
Open Paint and Ctrl+V to paste it, then save the image
- Attach the image to a new post
Thanks
You could copy D: to another laptop, I was just trying to isolate the contents for two reasons.
A possible real threat or a flase positive, and
the Recovery isn't needed on your Win10 install. It's the OEM recovery partition,
--> I'm fairly sure of that, but I'll review the thread just in case I'm thinking of another thread
Hi.
This looks to me to be a part of HP installed games, on your recovery partition? And, I think, normally your recovery partition would not have a drive letter assigned to it, so Defender wouldn't normally scan this partition. So, I think it's a FP, but am wondering why your recovery partition has a drive letter.
"One more piece of the puzzle: I'd like to see your Disk Management"
:)
Thanks, just as I thought - GPT drive. Now I have to think a bit for the correct id to make it not an OEM partition.
Yeah sometimes HP gives Recovery a letter, sometimes not.
Koukol, you've done great with all of my requests - thank you.
I'm running out of steam right now, maybe in a few hours or in the morning I'll pick up your thread again.
Did you run the other scans I posted? Did they find the file as a threat? Did they clean up anything else?
There are two paths
1) backup the D: drive. Not difficult, but time consuming on a forum. and it's 35+ GBs - you'll need a place to put it - a new 64 GB thumbdrive is what I would recommend. So it's time and money
It would be nice to have install discs (you didn't by chance make them when you got the machine did you?)
Creating them now is an entirely different project. That's sort of why I was trying to save the D: drive. With a little tweaking it could be your OEM install media.
Remind me - what version was upgraded (7 or 8)?
2) Nuke the D drive after checking what's on it. If it's the previous Win OEM install pkg, then you probably won't use it ever again.
You solve the malware question and you gain 35+ GBs
Think about what you want to do next - save or Nuke (after verifying the contents) D:
Me - don't worry about me - I'm in for the duration, whatever you decide.
Bill
.
"Koukol, you've done great with all of my requests - thank you.
I'm running out of steam right now, maybe in a few hours or in the morning I'll pick up your thread again.
Did you run the other scans I posted? Did they find the file as a threat? Did they clean up anything else?"
Bill, it's you who should be thanked.
It's kind people like you who make the internet great.
My PC came with W8 and I hated it.
I preferred Vista on my older laptop.
And despite a few flaws I now prefer W10 along with Firefox and don't want to go back.
I haven't finished all the scans since I've been busy making a Birthday card for my sister-in-law for tomorrow.
I'm still wondering if I need to actually access the trojan in question since I don't know how to find it.
I was under the impression I was not to touch the Recovery drive.
If I remove it completely can I still do a System setback ( restore) in the Recovery options?
I rely on this heavily.
As I said whatever I did yesterday I successfully restored my PC to a few days ago when I made a restore point after WD supposedly got rid of this trojan (?)
If I could nuke all games on my PC I'd gladly do it even if it didn't get rid of this problem.
I've no idea how that game got on my PC's Recovery since I've never downloaded one in my life.
I'll try them this evening.
Cheers!
OK, as I suspected I don't know how to get into my Recovery.
I went VirusUploader and could only add the name in a search that came up with nothing.
I then downloaded VTUploader and couldn't figure out what to do.
One folder was too big and the others empty.
(See grabs)
I tried the above "WindowsRE" folder above and got this message.
Ok, don't sweat this tonight ... enjoy making your sister's birthday card.
I still have to find the correct value for the partition id - easy - just have to look it up.
Knowing it was Win8 is a good thing - you could if you wanted to go back, download hte ISO. But knowing you're good with Win10 - makes it even easier. You can download the ISO for Win10 as well. Win7 would have been an issue ... but that's no germane - cool.
Also knowing that you can access the D: partition - might make it easier.
I think we'll just nuke D: after two last checks:
1) Command Prompt (Admin)
enter the following commands
reagentc /info
dir d:\ /a /s > %TEMP%\listDrvD.txt
Post a screen shot of Cmd window and close it
On your next post, attach (See: Upload Screenshots or Files)
%TEMP%\listDrvD.txt
Just paste the entire line above in the File name: field.
reagentc tells you where the Window Recovery is located - it's a bit cryptic, but figuring it out comes from a lot of the disk information you posted before.
dir lists the contents of D and > directs it into the file.
After I look at those two things, I think I'll just give you instructions to remove the OEM Recovery.
If you have any questions or objections - now is the time.
Well, I still have to write them up and you still have to read and execute them, so there's plenty of time
I was successful getting some info with "reagentc /info"
But "dir d:\ /a /s > %TEMP%\listDrvD.txt" came up with nothing.
(I don't know how to get the pasted text back to normal)
Quote
