Jump to content

Interesting Behavior...


Recommended Posts

So I'm sitting in class today when EIS pops up on my laptop with a notification of a new external storage device. I didn't plug anything in but I went ahead and opened up Windows Explorer to find drive Z:\ magically appearing in my drive list. I've ruled out every logical explanation except a possible malware infection. EIS and Hitman Pro (which I'm including as well) have both struck out and I'm out of options.





Link to comment
Share on other sites

Your system does not appear to be infected. There are a few issues that should be addressed.

Do the following:

Copy the below code to Notepad; Save As fixlist.txt to your Desktop.

HKLM-x32\...\Run: [] => [X]
Startup: C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-12-14]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (No File)
GroupPolicyScripts: Restriction <======= ATTENTION
2015-10-19 10:17 - 2015-10-19 10:17 - 0007607 _____ () C:\Users\Robert\AppData\Local\Resmon.ResmonCfg
2015-09-04 22:40 - 2015-09-04 22:40 - 8044464 _____ (Absolute Software Corp.) C:\Users\Robert\AppData\Local\Setup.exe
2015-09-06 12:55 - 2016-08-17 14:37 - 0000192 _____ () C:\ProgramData\2012.par
2015-09-06 12:58 - 2015-09-06 12:58 - 0001856 __RSH () C:\ProgramData\3014.abs
2014-11-17 23:32 - 2014-11-17 23:32 - 0000003 _____ () C:\ProgramData\AbsoluteNotifier.txt
2015-09-07 22:53 - 2015-09-07 22:53 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-09-06 12:58 - 2016-08-17 15:12 - 0000472 _____ () C:\ProgramData\netsh.out
2015-11-18 00:41 - 2015-11-18 00:41 - 0000003 _____ () C:\ProgramData\Notifier.txt
2015-09-06 12:58 - 2016-08-17 14:37 - 0000231 _____ () C:\ProgramData\SmartCallConfig.xml
Close Notepad.

NOTE: It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 and press the Fix button just once and wait.

If the tool needed a restart please make sure you let the system restart normally and let the tool complete its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Attach it to your reply.

Note: If the tool warns you about an outdated version please download and run the updated version.

Link to comment
Share on other sites

I'm aware of the OEM partitions, they are all listed under drive D:\. There was no trace of Z:\ in either Windows Explorer or Disk Manager until Wednesday, and any attempt to access it was kicked back with a permissions error from Windows. Either way, all traces of Z:\ disappeared this morning almost as mysteriously as it appeared.

Link to comment
Share on other sites

This topic is now closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...