Cant Access My drive

[codename_romeo]

I am having a strange problem.....
I have two HDD(80+40). From the morning i am unable to access one of my partition(NTFS). Rest all are FAT32 n are accessible. WHenever i try to access that particular drive it says "ACCESS IS DENIED"...........
Please help me.....that drive contains my music collection

 

[..:: Free Radical ::..]

romeo, what OS are you on?
If you are on Win9x/ME, you need a tool to mount NTFS partitions.
If you are on XP, don't tell me you accidentally turned on encryption and somehow things got haywire.
If you had no problems before morning (if I be mistaken in assuming the above), logon in safe mode as administrator and see if you can access the drive / partition (can be an innocuous user privileges issue).
Also reply whether you can see the drive in disk management console (Right click My computer --> manage)
I am still not clear whether its the whole drive you mention or just a partition of the drive you mention
Lets hope things are not sinister and we get your drive back.

 

[codename_romeo]

i can see the PARTITON in disk management console.
I am using XP.............

 

[ranjan2001]

I have the same problem, but in my case it surely a virus doing that I cant open from the right pane clicking on the drive ikon but from the left pane I can easily open all the files & folders.

AVG is able to delete it but on booting up its back again.

 

[shantanu]

to ensure that a virus is a culprit in this :

Go to run and type msconfig now go to startup tab and see if a entry with a unique or uncommon name is there (better try to close some services and progrmas by task manager;

now go to manage option as told above and if you dont have any data in drive f then delete the partition. and then create another partition from there only and give a different drive letter.

If you have usefull data and dont want to loose then we can see after wards.. telll it here

 

[..:: Free Radical ::..]

Can both of you open the said drive using the command prompt?

I feel that if it is a virus, it can be tamed very easily.
Get this free tool (better than msconfig) to know what is starting up o n reboot.
*www.mlin.net/StartupCPL.shtml
(Post a hijackthis log if you can.)
Also get the following (very important when dealing with malware)
Unlocker tool
*ccollomb.free.fr/unlocker/
Then an antivirus software (i recommend AVG free edition)
btw, i didn't get a virus in years . (the last two were blaster and w32jeefo in 2003).
@ranjan2001 can you tell us the name of the virus so that it can be better dealt with.

 

[shantanu]

i think @ radical is correct ! do this and you can even try copying the whole partition by Seagate tool (i think you know about it) if nothing happens by windows then only . we will discuss it later.. i am PM'ing someone . its possible there can be a sol. by windows only.

 

[ranjan2001]

Guys I was not able to open this forum last 16 hrs so could not reply , but meanwhile I got to know the virus (trojan) named inform.exe.

It had created 2 folders on my portable drive from which it spread to my E & F drives.

folders created were following:
msconfig
rm
both were hidden
the portable drive had autorun.inf file which was changed to the following content which was activating on connecting & asking to run the program (which I was not doing)

[AutoRun]
open=infrom.exe
shellexecute=infrom.exe
shell\Auto\command=infrom.exe
shell=Auto

The source of the virus was the comp at the guy's shop which partitioned & formatted my newly bought portable drive.

Now the virus is gone but opening the E & F drive pops up the "Open with" command asking me to choose the application, so I still cant open the drive from there since it has made some change to the registry.

 

[zotarmit@rediffmail.com]

I am having a strange problem.....
I have two HDD(80+40). From the morning i am unable to access one of my partition(NTFS). Rest all are FAT32 n are accessible. WHenever i try to access that particular drive it says "ACCESS IS DENIED"...........
Please help me.....that drive contains my music collection

It seem that the drive you install your operating system was not format as NTFS. Convert your system drive, that is, the drive you install your OS to NTFS. PowerQuest(R) PartitionMagic(R) Version 8.0 can convert FAT32 TO NTFS and vice versa

after you convert your system drive as NTFS, all other drive will be accessible, unless some other thing was wrong



note: NTFS was used by windows 2000, winxp and soon

zotarmit@rediffmail.com
__________

I am having a strange problem.....
I have two HDD(80+40). From the morning i am unable to access one of my partition(NTFS). Rest all are FAT32 n are accessible. WHenever i try to access that particular drive it says "ACCESS IS DENIED"...........
Please help me.....that drive contains my music collection

It seem that the drive you install your operating system was not format as NTFS. Convert your system drive, that is, the drive you install your OS to NTFS. PowerQuest(R) PartitionMagic(R) Version 8.0 can convert FAT32 TO NTFS and vice versa

after you convert your system drive as NTFS, all other drive will be accessible, unless some other thing was wrong



note: NTFS was used by windows 2000, winxp and soon

zotarmit@rediffmail.com

 

[wizrulz]

this is my post..see if it helps u

ACCESS DENIED

 

[..:: Free Radical ::..]

@ranjan
The aforesaid virus is infrom.exe
it was good you posted the autorun info.

Info (from Prevx.com):

1. COVERT ANALYSIS OF: INFROM.EXE

    * File Names Used: 13
    * Paths Used: 19
    * Common File Name: INFROM.EXE
    * Common Path: ?:\
    * Vendor Information: No Vendor details specified
    * INFROM.EXE may use 13 or more path and file names, these are the most common:
    * 1 :%PROGRAMFILES%\ALWIL SOFTWARE\AVAST4\DATA\MOVED\[PESPIN].VIR
    * 2 :%WINDIR%\INFROM.DAT
    * 3 :?:\A00000000
    * 4 :?:\INFROM.DAT
    * File Name Structure: Normal
    * File and Path Structure: Suspicious, unusually high number of file and path combinations

2. RELATIONSHIP ANALYSIS OF: INFROM.EXE

    * Malicious Objects Created: 7 objects
    * Malicious Creators: 3
    * Malware Run Keys: None
    * Self Persists:
    * Antivirus Detection: No third party antivirus detection observed
    * Anti-Spyware Detection: No third party anti-spyware detection observed

3. ACTIVITY ANALYSIS OF: INFROM.EXE

    * The following behaviors have been observed for this object:
    * Installs programs.
    * Deletes programs.
    * Invokes dll components.
    * Modifies the hostsfile.
    * Runs other programs.
    * Creates known malware.

Removal Tool :

*info.prevx.com/downloadremove.asp?mlw=INFROM.EXE
__________
If you still can't open the drive and an open with ... dialog pops up,
(registry modified), in the open with dialog, click browse and select explorer.exe (located in the %WINDIR% folder, i.e. your windows folder).
Also, open folder options and in the file, file folder, folder, drive options check if the association is with explorer and repair accordingly.

 

[ranjan2001]

If you still can't open the drive and an open with ... dialog pops up,
(registry modified), in the open with dialog, click browse and select explorer.exe (located in the %WINDIR% folder, i.e. your windows folder).
Also, open folder options and in the file, file folder, folder, drive options check if the association is with explorer and repair accordingly.

I did what u said, Unfortunately that did not work, on looking further I found that there were same autorun.inf files on E & F drives due to which the drive were showing me option set at AUTO rather set at Explore

Went into safe mode deleted the autorun.inf files from 2 drives rebooted & back to normal, now all is working fine as required.

 

[shantanu]

i think his problems solved

 

[wizrulz]

how ..can he please come and reply..will help others

 

[shantanu]

he said that he restarted his system for three or 4 times and his problem solved

 

[ranjan2001]

If u r referring me then I posted how I solved the problem, I had already deleted those 2 virus containing folders & then further had to delete the autorun.inf files from all the affected drives.

That solved the problem.
Thanks for all the suggestions, it helped to get rid of the trojan.
I am still looking a way to have a portable anti virus on my usb drive which can be updated from my system, bcoz I cant rely on the 3rd party host & thats where this virus came from.

 

[codename_romeo]

sorry for not posting any replies.
Thanx to one and all who helped me out. I tried to access the drive from command prompt n cud access it. After restarting for about 4-5 times i could access my drive( @ shantanu thanx for notifying it at the forum ). It is strange i know...but it is what happened.

 

[shantanu]

Its ok Codename_ROMEO

 

[cabilao_777]

hello everyone...
i just found out last week that my flush drive is infected with infrom.exe through AVG...when i double click the drive, "open with" comes out...i already check if there were hidden files but there was none.there were no autorun.inf and other files that i can delete..i let AVG move the file infrom.exe to the virus vault...but then "open with" still comes out everytime i double click the drive...i restarted it several times as what most of you posted..still nothing new happened...everything is still the same...what do i do now?please help me...

 

[ranjan2001]

in folder option choose 'show hidden files'
now connect the flash drive & u will find "autorun.inf" files
delete them.

now delete inform.exe if its still thee on ur drive
run avg to confirm that there is no virus.
Reboot windows & connect to double check if the problem is solved or not.

Hopethis helps u getting rid of virus.