XP disk management not showing hard drives

[Woger]

Drives are working and show in the Disk Manager and the desktop
but no longer showing in the Disk Management.


No hardware changed made, it just happened, backed out all the last MS
updates and did scans for Viruses and Malware.

XP SP3 Home.


Tried google but no luck so far..

Any one have a clue.?

 

[Yousuf Khan]

Drives are working and show in the Disk Manager and the desktop
but no longer showing in the Disk Management.

What do you mean it shows up Disk Manager, but not Disk Management?
What's the difference?

No hardware changed made, it just happened, backed out all the last MS
updates and did scans for Viruses and Malware.

XP SP3 Home.


Tried google but no luck so far..

Any one have a clue.?

Do you have Norton installed?

Windows XP hardware Disk Management Missing SYSTEM Drive (Disk 0)
http://www.eggheadcafe.com/conversation.aspx?messageid=31028473&threadid=31028473

http://lmgtfy.com/?q=disks+missing+in+disk+management+xp

Yousuf Khan

 

[Woger]

What do you mean it shows up Disk Manager, but not Disk Management?
What's the difference?

Thanks for your reply.

2 diffent things, Disk Manament shows up when you right click on My
Computer/Manage/disk management

Only shows CD Drives.

The other thing was.

Control Panel/System/Hardware/Device manager

I should have refed to it as Device manager and not Disk Manager.


My Computer shows all the drives.

Do you have Norton installed?

Na can't stand it..

Windows XP hardware Disk Management Missing SYSTEM Drive (Disk 0)
http://www.eggheadcafe.com/conversation.aspx?messageid=31028473&threadid=31028473

http://lmgtfy.com/?q=disks+missing+in+disk+management+xp

Well none of these point to the same problem I have, None of my hard drives
show up in the Disk management, only the CD drives


I have done a scan sfc /scannow all being OK.

 

[Woger]

What do you mean it shows up Disk Manager, but not Disk Management?
What's the difference?



Do you have Norton installed?

Windows XP hardware Disk Management Missing SYSTEM Drive (Disk 0)
http://www.eggheadcafe.com/conversation.aspx?messageid=31028473&threadid=31028473

http://lmgtfy.com/?q=disks+missing+in+disk+management+xp

Yousuf Khan

All Fixed it was a RootKit

None of the Malware/Spyware detected it also Panda and Sophos rootkit remover
did not find it..


Rootkit Revealer (Sysinternals) showed up some funny entries, one I could
not find in the registry using the registry editor.


Part of the list that was suspicious.

HKLM\SYSTEM\ControlSet001\Services\851dcc22 Hidden from Windows API.
..
HKLM\SYSTEM\ControlSet001\Services\ovfsthwswwxvnrjlnkpagqostypawvbrfaicbq 0
bytes Hidden from Windows API.
HKLM\SYSTEM\ControlSet002\Services\851dcc22 Hidden from Windows API.

HKLM\SYSTEM\ControlSet002\Services\ovfsthwswwxvnrjlnkpagqostypawvbrfaicbq 0
bytes Hidden from Windows API.

The 851dcc22 key I could remove, but not the
ovfsthwswwxvnrjlnkpagqostypawvbrfaicbq ones as they were totally hidden

After pissing around some more ended removing it all with UnHackme, it even
showed all the files related to the ovfsthwswwxvnrjlnkpagqostypawvbrfaicbq
Key.

But I had to retry and reboot 3 times to get a Zero result.



Also 3 other thing were affected, Could not see USB stick my Zipdrive yes
still have on would show this when I tried to read the disk

(the maximum number of secrets that may be stored in a single system has been
exceeded)


This is due to the Encrypted files used by the Rootkit

Plus this on bootup and when running some other programs

Application popup: Windows - No Disk : Exception Processing Message c0000013
Parameters 75b6bf7c 4 75b6bf7c 75b6bf7c

I was coming to the conclusion that it was a rootkit, and I was right..

Here is part of the UnHackme Log , I don't know what Rootkit it is but the
list does refer to ImagePath as a Name.

Start checking at 18/04/2009 time:9:46:57 p.m.
UnHackMe Engine Version:5.0

Keyvfsthwswwxvnrjlnkpagqostypawvbrfaicbq
Source:\SYSTEM\CurrentControlSet\Services
Info about keyvfsthwswwxvnrjlnkpagqostypawvbrfaicbq
Key:\SYSTEM\CurrentControlSet\Services
Service/Driver Additional Information
Name:ImagePath
Value:\systemroot\system32\drivers\ovfsthibimpqjpyabrnvxuxqdvttnfukfmndbb.sys
Type:REG_SZ
Name:Start
Value:1
Type:REG_DWORD
Rootkit is detected using Partizan driver.
Rootkit is detected using CompareKeys (hidden registry keys).



HijackThis did not show any thing wrong..

 

[Yousuf Khan]

All Fixed it was a RootKit

None of the Malware/Spyware detected it also Panda and Sophos rootkit remover
did not find it..

Any idea how it got there?

Yousuf Khan

 

[NoDrives]

All Fixed   it was a RootKit

None of the Malware/Spyware detected it also Panda and  Sophos rootkit remover
did not find it..

Rootkit  Revealer  (Sysinternals)   showed up some funny entries, one I could
not find in the registry using the registry editor.

Part of the list that was suspicious.

HKLM\SYSTEM\ControlSet001\Services\851dcc22   Hidden from Windows API.
.
HKLM\SYSTEM\ControlSet001\Services\ovfsthwswwxvnrjlnkpagqostypawvbrfaicbq0
bytes   Hidden from Windows API.
HKLM\SYSTEM\ControlSet002\Services\851dcc22   Hidden from Windows API.

HKLM\SYSTEM\ControlSet002\Services\ovfsthwswwxvnrjlnkpagqostypawvbrfaicbq0
bytes   Hidden from Windows API.

The 851dcc22  key I could remove, but not the
ovfsthwswwxvnrjlnkpagqostypawvbrfaicbq    ones as they were totally hidden

After pissing around some more ended removing it all with UnHackme, it even
showed all the files related to the   ovfsthwswwxvnrjlnkpagqostypawvbrfaicbq
Key.

But I had to retry and reboot 3 times to get a Zero result.

Also 3 other thing were affected, Could not see USB stick my Zipdrive yes
still have on would show this when I tried to read the disk

(the maximum number of secrets that may be stored in a single system has been
exceeded)

This is due to the Encrypted files used by the Rootkit

Plus   this on bootup and when running some other programs

Application popup: Windows - No Disk : Exception Processing Message c0000013
Parameters 75b6bf7c 4 75b6bf7c 75b6bf7c

I was coming to the conclusion that it was a rootkit, and I was right..

Here  is part of the UnHackme Log , I don't know what Rootkit it is butthe
list does refer to ImagePath as a Name.

Start checking at 18/04/2009 time:9:46:57 p.m.
UnHackMe Engine Version:5.0

Keyvfsthwswwxvnrjlnkpagqostypawvbrfaicbq
Source:\SYSTEM\CurrentControlSet\Services
Info about keyvfsthwswwxvnrjlnkpagqostypawvbrfaicbq
Key:\SYSTEM\CurrentControlSet\Services
Service/Driver Additional Information
Name:ImagePath
Value:\systemroot\system32\drivers\ovfsthibimpqjpyabrnvxuxqdvttnfukfmndbb..s­ys
Type:REG_SZ
Name:Start
Value:1
Type:REG_DWORD
Rootkit is detected using Partizan driver.
Rootkit is detected using CompareKeys (hidden registry keys).

HijackThis did not show any thing wrong..- Hide quoted text -

- Show quoted text -

I seem to be having the same problem. No drives in Disk Management.
No USB drives in windows explorer, but everything shows in Device
manager. I just removed a zillion trojans that showed up yesterday.
IE was having all kinds of issues. McAfee didn't find anything but
Malwarebyte found many and removed them. Have you used "unhackme"
before? I saw some comments from people who said it crashed their
machines. Did you reapply the windows updates yet?

 

[Woger]

I seem to be having the same problem. No drives in Disk Management.
No USB drives in windows explorer, but everything shows in Device
manager. I just removed a zillion trojans that showed up yesterday.
IE was having all kinds of issues. McAfee didn't find anything but
Malwarebyte found many and removed them. Have you used "unhackme"
before? I saw some comments from people who said it crashed their
machines. Did you reapply the windows updates yet?

No not yet and had no problems with "unhackme" but found another Rootkit
using the MS rookit remover that "unhackme" did not find..

I was also having problems with my e-mail it would not connect to POP e-mail
server, for some reason Spy Sweeper was sending random host files entries in
stead, from its ShieldsUp, so removed Spy Sweeper and looked into the
connections and did not find any thing wrong.

I don't normaly use Spy Sweeper so that was not a problem..

 

[Woger]

Any idea how it got there?

Yousuf Khan

Yes stuffing around with doggy shareware/freeware..

 

[Arno]

All Fixed it was a RootKit

None of the Malware/Spyware detected it also Panda and Sophos
rootkit remover did not find it..

Rootkit Revealer (Sysinternals) showed up some funny entries, one I could
not find in the registry using the registry editor.

Part of the list that was suspicious.

HKLM\SYSTEM\ControlSet001\Services\851dcc22 Hidden from Windows API.
.
HKLM\SYSTEM\ControlSet001\Services\ovfsthwswwxvnrjlnkpagqostypawvbrfaicbq 0
bytes Hidden from Windows API.
HKLM\SYSTEM\ControlSet002\Services\851dcc22 Hidden from Windows API.

HKLM\SYSTEM\ControlSet002\Services\ovfsthwswwxvnrjlnkpagqostypawvbrfaicbq 0
bytes Hidden from Windows API.

The 851dcc22 key I could remove, but not the
ovfsthwswwxvnrjlnkpagqostypawvbrfaicbq ones as they were totally hidden

After pissing around some more ended removing it all with UnHackme, it even
showed all the files related to the ovfsthwswwxvnrjlnkpagqostypawvbrfaicbq
Key.

But I had to retry and reboot 3 times to get a Zero result.

Nasty. Shows there are intelligent but completely deranged people
out there.

Arno

 

[Woger]

Nasty. Shows there are intelligent but completely deranged people
out there.

Arno

Yes but after that I dnloaded the latest MS one and that found another
rootkit and killed it..

 

[vedranmika]

TNX a lot WOGER, U saved me a lot of time, i thought i'd have to do
clean install, c'z i never had any spyware or viruses, neither did i
now, just the same thing as U, which "unhackme" removed.