Re: XP disk management not showing hard drives
Yousuf Khan
> Drives are working and show in the Disk Manager and the desktop
> but no longer showing in the Disk Management.
What do you mean it shows up Disk Manager, but not Disk Management?
What's the difference?
> No hardware changed made, it just happened, backed out all the last MS
> updates and did scans for Viruses and Malware.
>
> XP SP3 Home.
>
>
> Tried google but no luck so far..
>
> Any one have a clue.?
Do you have Norton installed?
Windows XP hardware Disk Management Missing SYSTEM Drive (Disk 0)
http://www.eggheadcafe.com/conversation.aspx?messageid=31028473&threadid=31028473
http://lmgtfy.com/?q=disks+missing+in+disk+management+xp
Yousuf Khan
Yousuf Khan
> On Fri, 17 Apr 2009 10:38:01 -0400, Yousuf Khan <bbb...@yahoo.com> wrote:
> All Fixed it was a RootKit
>
> None of the Malware/Spyware detected it also Panda and Sophos rootkit remover
> did not find it..
Any idea how it got there?
Yousuf Khan
NoDrives
> On Fri, 17 Apr 2009 10:38:01 -0400, Yousuf Khan <bbb...@yahoo.com> wrote:
> >> Drives are working and show in the Disk Manager and the desktop
> >> but no longer showing in the Disk Management.
>
> >What do you mean it shows up Disk Manager, but not Disk Management?
> >What's the difference?
>
> >> No hardware changed made, it just happened, backed out all the last MS
> >> updates and did scans for Viruses and Malware.
>
> >> XP SP3 Home.
>
> >> Tried google but no luck so far..
>
> >> Any one have a clue.?
>
> >Do you have Norton installed?
>
> >Windows XP hardware Disk Management Missing SYSTEM Drive (Disk 0)
>
> >http://lmgtfy.com/?q=disks+missing+in+disk+management+xp
>
> > Yousuf Khan
>
> All Fixed it was a RootKit
>
> None of the Malware/Spyware detected it also Panda and Sophos rootkit remover
> did not find it..
>
> not find in the registry using the registry editor.
>
> Part of the list that was suspicious.
>
> HKLM\SYSTEM\ControlSet001\Services\851dcc22 Hidden from Windows API.
> .
> HKLM\SYSTEM\ControlSet001\Services\ovfsthwswwxvnrjlnkpagqostypawvbrfaicbq 0
> bytes Hidden from Windows API.
> HKLM\SYSTEM\ControlSet002\Services\851dcc22 Hidden from Windows API.
>
> HKLM\SYSTEM\ControlSet002\Services\ovfsthwswwxvnrjlnkpagqostypawvbrfaicbq 0
> bytes Hidden from Windows API.
>
> The 851dcc22 key I could remove, but not the
> ovfsthwswwxvnrjlnkpagqostypawvbrfaicbq ones as they were totally hidden
>
> After pissing around some more ended removing it all with UnHackme, it even
> showed all the files related to the ovfsthwswwxvnrjlnkpagqostypawvbrfaicbq
> Key.
>
> But I had to retry and reboot 3 times to get a Zero result.
>
> Also 3 other thing were affected, Could not see USB stick my Zipdrive yes
> still have on would show this when I tried to read the disk
>
> (the maximum number of secrets that may be stored in a single system has been
> exceeded)
>
> This is due to the Encrypted files used by the Rootkit
>
> Plus this on bootup and when running some other programs
>
> Application popup: Windows - No Disk : Exception Processing Message c0000013
> Parameters 75b6bf7c 4 75b6bf7c 75b6bf7c
>
> I was coming to the conclusion that it was a rootkit, and I was right..
>
> Here is part of the UnHackme Log , I don't know what Rootkit it is but the
> list does refer to ImagePath as a Name.
>
> Start checking at 18/04/2009 time:9:46:57 p.m.
> UnHackMe Engine Version:5.0
>
> Key:ovfsthwswwxvnrjlnkpagqostypawvbrfaicbq
> Source:\SYSTEM\CurrentControlSet\Services
> Info about key:ovfsthwswwxvnrjlnkpagqostypawvbrfaicbq
> Key:\SYSTEM\CurrentControlSet\Services
> Service/Driver Additional Information
> Name:ImagePath
> Value:\systemroot\system32\drivers\ovfsthibimpqjpyabrnvxuxqdvttnfukfmndbb.sys
> Type:REG_SZ
> Name:Start
> Value:1
> Type:REG_DWORD
> Rootkit is detected using Partizan driver.
> Rootkit is detected using CompareKeys (hidden registry keys).
>
> HijackThis did not show any thing wrong..- Hide quoted text -
>
> - Show quoted text -
I seem to be having the same problem. No drives in Disk Management.
No USB drives in windows explorer, but everything shows in Device
manager. I just removed a zillion trojans that showed up yesterday.
IE was having all kinds of issues. McAfee didn't find anything but
Malwarebyte found many and removed them. Have you used "unhackme"
before? I saw some comments from people who said it crashed their
machines. Did you reapply the windows updates yet?
Arno
> All Fixed it was a RootKit
> None of the Malware/Spyware detected it also Panda and Sophos
> rootkit remover did not find it..
> Rootkit Revealer (Sysinternals) showed up some funny entries, one I could
> not find in the registry using the registry editor.
> Part of the list that was suspicious.
> HKLM\SYSTEM\ControlSet001\Services\851dcc22 Hidden from Windows API.
> .
> HKLM\SYSTEM\ControlSet001\Services\ovfsthwswwxvnrjlnkpagqostypawvbrfaicbq 0
> bytes Hidden from Windows API.
> HKLM\SYSTEM\ControlSet002\Services\851dcc22 Hidden from Windows API.
> HKLM\SYSTEM\ControlSet002\Services\ovfsthwswwxvnrjlnkpagqostypawvbrfaicbq 0
> bytes Hidden from Windows API.
> The 851dcc22 key I could remove, but not the
> ovfsthwswwxvnrjlnkpagqostypawvbrfaicbq ones as they were totally hidden
> After pissing around some more ended removing it all with UnHackme, it even
> showed all the files related to the ovfsthwswwxvnrjlnkpagqostypawvbrfaicbq
> Key.
> But I had to retry and reboot 3 times to get a Zero result.
Nasty. Shows there are intelligent but completely deranged people
out there.
Arno