-1

I'm ordered to recover a windows machine by my wife, and I believe the machine is virus infected. What I've done:

  • Tried to install a virus scanner program, crashed;
  • Tried to save the virus scanner program then run it, crashed, the downloaded virus scanner installer disappeared;
  • Tried to reinstall windows through ventoy, unable to delete the partitions during the installation process, gaved up;
  • Tried to boot into linux live cd through ventoy, and delete all windows partitions, tried gparted and fdisk, all partitions still there after apply the operations;
  • Tried to mount the drive as external disk to my linux machine, and delete all windows partions though kde partition manager, same result;
  • Tried to boot into windows installer, goes into recovery/command, and run diskpart utility, select the disk and clean, it said operation success, but list partition again, they still there;
  • Tried to mount the partition under linux, it gave me somethings like Metadata kept in Windows cache, refused to mount, then googling this message, I found this thread, it says the fast startup option is on and the system needs to shutdown cleanly. Then googling how to turn it off, through settings, thrugh registry, through command line, nothings work, the DIMS command gave me a crash, and all those seetings are restored after reboot.

So, what can I do right now?

Alsan
  • 131

2 Answers2

4

  • Tried to boot into linux live cd through ventoy, and delete all windows partitions, tried gparted and fdisk, all partitions still there after apply the operations;

  • Tried to boot into windows installer, goes into recovery/command, and run diskpart utility, select the disk and clean, it said operation success, but list partition again, they still there;

Overall, this looks like a problem with the disk itself. The partition table is just stored as data on the same disk alongside partitions (in the first few sectors of the disk), so a virus cannot prevent it from being overwritten from a completely different OS, but an SSD failure can sometimes result in it becoming completely read-only, and at least one manufacturer's SSDs do this by only pretending to accept writes but still returning the same previously-stored data no matter what. (I've replaced one such SSD last week; it even resisted ATA "SECURE ERASE" commands.)

grawity
  • 501,077
2

Boot with a bootable USB drive. A number of ways. One way is with the Windows 10 ISO and make a bootable USB using Rufus.

Start with this USB. Locate your data and transfer it to another USB drive. Also back up the relevant USER profiles.

Also back up data from other partitions if need be,

Now use the Window ISO file (again make bootable USB Key) to start the computer, delete all partitions, and reinstall Windows

If for some reason the above does not work, there may be an issue with the disk, so then you should replace the disk.

I am assuming Windows 10 here but the same general approach works for Windows 11 and prior Windows.