|
I can't type - The title should be *NOT* showing up in Disk Management Problem description: In the past week I had a new/unknown drive start showing up in Windows Explorer. It's named "Local Disk" and assigned letter Y. I have not made any changes, software installations, etc., recently. The drive is not accessible due to permissions, even to an admin user. The pop-up says to go to the security tab to gain access, but when I right-click on the drive and go to properties, there is no security tab present. Properties for the Y drive list it as 96.0MB in size with 39.5MB used and formatted FAT32. Attempted fixes: I have not made any attempts at "fixing" this, only investigating at this point. I have looked in Disk Management, but it does not show any drive/partition with this drive letter or size. I also used Diskpart and it showed all the same partitions/sizes as Disk Management. Disk Management lists the one psychical disk I have in the computer with three partitions; Recovery Partition (450MB), EFI System Partition (100MB), and the Primary C Partition (476.39GB). I also booted to a Linux live CD and checked the drives which matched perfectly with Windows Disk Management, except it listed a fourth partition named "Microsoft reserved partition" that is 16MB in total size. It's file system was "unknown" which is odd since Windows reported it as FAT32, and Linux correctly identified the FAT32 EFI partition. I have scanned the computer with both Symantec, Windows Defender, and Malwarebytes, none of them detected anything. Per one Google response I found, I also checked for mapped drives using "subst" in command prompt. There were not mapped drives. Recent changes: No recent changes to my knowledge. Operating system: Windows 10 Pro 64-bit. System specs: HP Z-series workstation with Intel Xeon processor. Nothing fancy with RAID/storage, just one SSD for the system drive. Nothing but the mouse/keyboard plugged into USB. Location: United States I have Googled and read the FAQ: Yes - Everything I found was for drives that were showing up in Disk Management, but not Windows explorer (the opposite issue as I am having) My main concern is not the presence of the drive itself, but if this is indicative of a malware issue. It seems counter intuitive that malware would do something so obvious, but I am having a hard time explaining how or why this came to be. I would appreciate any help or tips on further investigating this and determining if it's an issue or not. This is a computer that I use to support some academic research involving human participants. All the data on it is anonymized and not subject to HIPAA, but I am still overly cautious about it. I would like to try and understand what is going on to an extent that I can determine if I need to wipe the machine and reinstall windows now, or if this is just something innocuous and I can get through until the end of the year when I was planning to do a clean install anyway. ShowerShoes fucked around with this message at 23:25 on Sep 11, 2016 |
#
?
Sep 11, 2016 23:15
|
|
|
|
| # ? May 2, 2024 23:29 |
|
|
I'd boot into safe mode and see if the Y drive shows up there. Also, do a WDO scan if you haven't already: http://www.digitalcitizen.life/how-use-windows-defender-offline-clean-nasty-malware
|
|
#
?
Sep 12, 2016 23:15
|
|
|
ShowerShoes posted:I can't type - The title should be *NOT* showing up in Disk Management What is the output of the following powershell script (as administrator)? Get-WmiObject -query "Select * from Win32_logicaldisk" | Ft If it shows up there, can you post the output for the Y:\ drive from this command? Get-WmiObject -query "Select * from Win32_logicaldisk" | fl *
|
|
#
?
Sep 13, 2016 03:07
|
|
|
alienhunter3 posted:What is the output of the following powershell script (as administrator)? When I run the first command, it only lists A and C drives (A is the CD drive).  Zogo posted:I'd boot into safe mode and see if the Y drive shows up there. This is something I did not know about! I followed the instructions, but it would not let me start it from the Settings page. I downloaded and setup the bootable CD from another computer and then scanned this system. It took a while, but came up clean.
|
|
#
?
Sep 13, 2016 19:11
|
|
|
In talking to a friend about Windows Defender Offline, he recommended that I try Sophos Bootable Anti-Virus. I created the CD and ran it this afternoon. It found/reported nothing during the scan, but after booting back into Windows the drive was gone! I have rebooted a few more times, and the unknown Y drive has not returned. I don't want to claim victory yet as I am not convinced that the Sophos scan did anything. I'm currently reinstalling Symantec since I had to uninstall it to run Windows Defender originally. I'll do a full update/scan with that and Malwarebytes and then reintroduce my two data hard drives I had removed during my first testing and scan again. I hate these strange things that come and go unexplained! I'll monitor it closely for a few days and let you know if it returns.
|
|
#
?
Sep 13, 2016 21:54
|
|
|
holy crap don't use symantec. Really, if you MUST use antivirus, use MSE (unless this is a work machine and you're supposed to have Symantec on it)
|
|
#
?
Sep 14, 2016 23:38
|
|
|
|
| # ? May 2, 2024 23:29 |
|
|
The drive is still gone, so I am going to close this. Thanks everyone for the help!MF_James posted:holy crap don't use symantec. Really, if you MUST use antivirus, use MSE (unless this is a work machine and you're supposed to have Symantec on it) I have had good luck with it, and I like it's not too obtrusive. I paid for some of the other ones and they were more annoying than what the school gave me. I wish there was a good option that was not super annoying with pop ups and flashy poo poo trying to up sell you even after you paid!
|
|
#
?
Sep 15, 2016 03:26
|
|