none
Virus caused "Delayed write failed" Windows 7 64 - Forced HD into "Read Only"

    Frage

  • A Virus/Bot that sends emails with link to Canadian Drug site has hacked into my computer running Windows 7 64 bit.
    The emails look like they are from me.   This happened on Feb 18, 2011.

    The hacker virus/bot has forced my laptop HD into a "read only " mode.  So now it blocks any writing to the HD. 
    As a result no applications can start, such as MS Word or IE 8.  And this also unalbe to run a virus/malware removal program.
    Even from a self-booting disk.  This forced "Read Only" mode also blocks any connection to the internet. 

    I took the infected HD out of laptop to run as as external HD on Desktop.  The 4 month old HD works perfectly as a read only disk.
    I can see it normally and look at files but still get the dreaded "Delayed write failed" when I try to run a virus scan or any other application.
    Tried to change properties from "read only" and it failed, even in DOS. 

    Can anyone help or advise me on how to resolve this problem?
    How do I manually enable my HD to write so I can run the virus/malware program?
    Can I manually take control back from the setting the virus used to put a hold on my HD to write and enable the write cacheing on my HD disk?

    Thanks to everyone who has any suggestions.

    Jc1148

     

    Montag, 21. Februar 2011 05:21

Antworten

  • My little brother's laptop got infected too and so i had to repair it -.-

    anyways

    here is my solution

    HOW TO FIX WINDOWS DELAYED WRITE FAILED VIRUS:

    1. You're infected, everything is hidden and you cannot open taskmanager.

    2. press windows button and type "cmd" and press enter

    3. once it opens a black window, type "cd C:\windows\system32" and press enter

    4. type "tasklist" and press enter

    5. search for a task by scrolling up a lil bit with a name like 6DSS92c31Apgjk.exe

    (it was named like that at the computer of my little brother after he got infected -.-)

    6. if you have found it type "taskkill /F /IM 6DSS92c31Apgjk.exe"

    (it has got to be the name of the virus-processs, if the name of your virus-process is different as mine, type the name of your one)

    7.it should appear a lil message on cmd console wich says command to close was sent or something like that

    (i don't know its fully right name cause my pc is german)

    7. try to open taskmanager. if it works, it means that the virusinfected process is stopped / "killed"

    8. press the windows button on your pc's keyboard and while keep holing press E.

    It will appear the same window as when you click on "Computer"

    9. follow these pictures:

    (1).

    (2).

     

    after checking those buttons and clicking ok, you schould be able to see all your data again wich was before you've got infected on your desktop but it is half transparent so mark all of them, do right klick on properties and uncheck the box "hidden". after that they are visible again and not transparent.

    10. search the virus manually now if you know the computer or if you aren't so good in pc with avira for example for the exe of the virus. at my brother's pc it was in the following paths:

    C:\programm data\6DSS92c31Apgjk.exe     AND

    C:\programm data\hUtkqvriAukQ.exe     <--(THIS WAS A SYSTEM RESTORE FAKE PROG OF THE VIRUS)

    then delete them completely from your pc.

    11. You're done :D

    i prefer to save all your personal data and completely reinstall windows cause the virus crapped up my brothers pc and his laptop's registry so that i couldn't do a system restore.

    hope you'll get it on first try. sry for my english i am 16 and from germany ;)

     

     




    • Als Antwort markiert Miya YaoModerator Montag, 24. Oktober 2011 01:39
    • Bearbeitet Dogan M Mittwoch, 2. November 2011 11:58
    Sonntag, 16. Oktober 2011 01:48
  • Hi JC1148,

    Thanks for the post!

    Please try a Clean Boot to troubleshoot this issue.

    In addition,For information about Security updates, visit the Microsoft Virus Solution and Security Center for resources and tools to keep your PC safe and healthy. If you are having issues with installing the update itself, visit Support for Microsoft Update for resources and tools to keep your PC updated with the latest updates.

    Also, you can check Microsoft Security and Privacy Web site at: http://www.microsoft.com/security/

    Regards,

    Miya


    This posting is provided "AS IS" with no warranties, and confers no rights. | Please remember to click "Mark as Answer" on the post that helps you, and to click "Unmark as Answer" if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Mittwoch, 23. Februar 2011 06:14
    Moderator

Alle Antworten

  • Hi JC1148,

    Thanks for the post!

    Please try a Clean Boot to troubleshoot this issue.

    In addition,For information about Security updates, visit the Microsoft Virus Solution and Security Center for resources and tools to keep your PC safe and healthy. If you are having issues with installing the update itself, visit Support for Microsoft Update for resources and tools to keep your PC updated with the latest updates.

    Also, you can check Microsoft Security and Privacy Web site at: http://www.microsoft.com/security/

    Regards,

    Miya


    This posting is provided "AS IS" with no warranties, and confers no rights. | Please remember to click "Mark as Answer" on the post that helps you, and to click "Unmark as Answer" if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Mittwoch, 23. Februar 2011 06:14
    Moderator
  • My little brother's laptop got infected too and so i had to repair it -.-

    anyways

    here is my solution

    HOW TO FIX WINDOWS DELAYED WRITE FAILED VIRUS:

    1. You're infected, everything is hidden and you cannot open taskmanager.

    2. press windows button and type "cmd" and press enter

    3. once it opens a black window, type "cd C:\windows\system32" and press enter

    4. type "tasklist" and press enter

    5. search for a task by scrolling up a lil bit with a name like 6DSS92c31Apgjk.exe

    (it was named like that at the computer of my little brother after he got infected -.-)

    6. if you have found it type "taskkill /F /IM 6DSS92c31Apgjk.exe"

    (it has got to be the name of the virus-processs, if the name of your virus-process is different as mine, type the name of your one)

    7.it should appear a lil message on cmd console wich says command to close was sent or something like that

    (i don't know its fully right name cause my pc is german)

    7. try to open taskmanager. if it works, it means that the virusinfected process is stopped / "killed"

    8. press the windows button on your pc's keyboard and while keep holing press E.

    It will appear the same window as when you click on "Computer"

    9. follow these pictures:

    (1).

    (2).

     

    after checking those buttons and clicking ok, you schould be able to see all your data again wich was before you've got infected on your desktop but it is half transparent so mark all of them, do right klick on properties and uncheck the box "hidden". after that they are visible again and not transparent.

    10. search the virus manually now if you know the computer or if you aren't so good in pc with avira for example for the exe of the virus. at my brother's pc it was in the following paths:

    C:\programm data\6DSS92c31Apgjk.exe     AND

    C:\programm data\hUtkqvriAukQ.exe     <--(THIS WAS A SYSTEM RESTORE FAKE PROG OF THE VIRUS)

    then delete them completely from your pc.

    11. You're done :D

    i prefer to save all your personal data and completely reinstall windows cause the virus crapped up my brothers pc and his laptop's registry so that i couldn't do a system restore.

    hope you'll get it on first try. sry for my english i am 16 and from germany ;)

     

     




    • Als Antwort markiert Miya YaoModerator Montag, 24. Oktober 2011 01:39
    • Bearbeitet Dogan M Mittwoch, 2. November 2011 11:58
    Sonntag, 16. Oktober 2011 01:48
  • Hi Dogan M,

     

    Thanks for posting the solution, Its worked great ! my laptop got affected the same, I googled and found yours is the best solution.

     

    Thanks,

    Nat

    Sonntag, 23. Oktober 2011 23:05
  • All the steps work exactly as written except when I press enter for the taskkill step a window pops up that says "Windows detected a hard disk problem" and it will restart. Did this happen to you?
    Sonntag, 30. Oktober 2011 07:34
  • All the steps work exactly as written except when I press enter for the taskkill step a window pops up that says "Windows detected a hard disk problem" and it will restart. Did this happen to you?
    Sonntag, 30. Oktober 2011 07:34
  • I just cleared my PC lastnight of a virus and i was using some tool nameed "gmer".

    When i ran the scan it found many things and i simply highlighted them all and selected "Delete file".

    after about 6 or 7 scans it eventually found nothing and my system was clean.

     


    Also, try http://www.thetechgroup.com.au/forum/1/, it worked for me!
    _____________________________________________________
    Real Engineers, Real Problems, Real Solutions
    www.thetechgroup.com.au
    Montag, 31. Oktober 2011 00:00
  • hai ,

    boot your system with knoppix live then go into the  drive and change its properties to read write for the whole drive...


    Regards fazil [Please remember to click this as marked as helpful if u find it useful.. This can be beneficial to other community members reading the thread.]
    Montag, 31. Oktober 2011 04:52
  • So I sadly have this and I need this computer for work, so serious blow to me. I tried following your steps, problem is my task manager will not open after successfully killing the task...any suggestions ?
    Donnerstag, 3. November 2011 03:38
  • So fyi everyone, I found a fantastic site that deals with this :

    http://deletemalware.blogspot.com/2011/09/how-to-remove-data-recovery-uninstall.html

    Donnerstag, 3. November 2011 05:04
  • Dogan M,

    Thanks for posting.  My coworker's laptop got this virus this morning.  All your steps worked, and he also went a step further and did a system recovery in Windows 7 to a point earlier in the day.  Everything seems to be ok now.  What an annoyring virus.  He was ready to wipe the hard drive when I found this site.

    Donnerstag, 3. November 2011 18:26
  • @kent_5664

    the link you've posted is an instruction how to Remove Data Recovery.

    to everybody: if your acces to the taskmanager is still restricted after deleting the virus, try this:

     

    1.Klick on Start Button and type "regedit"

    go to:        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System

     

    then there should appear a key named "DisableTaskMgr"

    2.rightklick on it and delete this key, if it asks you something klick on YES.
    now the restriction is vanished ;)

    hope i helped.


    • Bearbeitet Dogan M Freitag, 4. November 2011 16:35
    Freitag, 4. November 2011 16:33
  • Hi Dogan,

       Thanks for the information. Actually my system got infected with the same virus yesterday, without trying any other options I restored my O.S to earlier date, but I couldn't find any of my personal files including the files stored in a seperate partition. Is it advisable to undo the restoration and follow the steps you mentioned above? Or Is there any otherway to restore/get my personal files.

     

    Thanks!

    Praveen

     

    Montag, 7. November 2011 17:45
  • Dear Praveen,

    i prefer you to follow the steps 9 and 10 of my tutorial first because it's possible that all your data is just hidden but you can't see it.

    if it doesn't work but you really need your personal files only then you should undo the system restoration and delete the virus.

     

    • Als Antwort vorgeschlagen Dogan M Dienstag, 15. November 2011 17:40
    Montag, 7. November 2011 20:03
  • Hi Dogan,

       Thank you very much for your help. Really it worked to me. Now I can able to see my files. Appreciated your help!

    Thanks!

    Praveen

    Dienstag, 8. November 2011 03:20
  • hi, i was following your post and i got up to the tasklist but i dont have the same virus name as you and im not sure which one it is. please help.
    Freitag, 11. November 2011 21:16
  • Can you elaborate on step 10? where do I search for the program manually and how do I delete it? thanks!

     

    Sonntag, 13. November 2011 14:21
  • 1. You're infected, everything is hidden and you cannot open taskmanager.

    2. press windows button and type "cmd" and press enter


    Hi good morning Dogan M!

     

    I am totally lost. I can't even get past the #2 direction (2. press windows button and type "cmd" and press enter). I can only move my cursor around, that's it. Can't click on anything. Windows button or any keys doesn't respond. 

    I've turned on and off my laptop a few times yesterday and got that "DWF" message twice or thrice. Clock is frozen to the time I turned it on. I can see all desktop shortcuts but can't click on any.

    Please help :)

    Montag, 14. November 2011 22:34
  • Dogan, thanks for the posts on fixing this.  I've edited the registry and deleted the .exe file but I still can't find/access the programs on my computer like Microsoft Office and Google Chrome.  They seem to be hidden (empty) when I go to launch them.  Do you know how I can get these back running again?

    Thanks, Sabbypedia

    Samstag, 26. November 2011 04:45
  • Dogan, thanks for the posts on fixing this.  I've edited the registry and deleted the .exe file but I still can't find/access the programs on my computer like Microsoft Office and Google Chrome.  They seem to be hidden (empty) when I go to launch them.  Do you know how I can get these back running again?

    Thanks, Sabbypedia


    I see a similar issue too. After I restored everything, the only thing that seems broken is that the Start Menu. When I looked at
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\
    the folder structures were all there, but none of the shortcut links are.
    Samstag, 26. November 2011 08:12
  • Thanks Dogan for the lifesaving instructions. When I got the "delayed write failed" popups and all my files were gone, I thought my hard drive had been corrupted. Now pretty much everything is back to normal. I did have some improvements on Dogan's instructions. Essentially, instead of killing the virus while it is in memory, it is better to get rid of the virus in safe mode. For me, I could not use my computer while the virus was loaded. Here are my steps:

    1. Start Windows in Safe Mode (Restart computer, press F8 before the windows logo comes up, choose Safe Mode. This will prevent the virus from loading.)

    2. Run > msconfig > startup. Look for a suspicious item under c:\ProgramData. It will look something like "iKkErGMGcwgpk.exe". UNCHECK it to prevent it from booting.

    3. Find all traces of the virus

    Run > cmd
    cd \
    dir /ah /s iKkErGMGcwgpk.exe (replace with your specific filename from Step 2)

    4. Set File Explorer to show hidden files
    WIN+E to launch File Explorer
    tools > options > view > show hidden files

    5. Shift+delete all instances of the files found in Step 3.

    6. Unhide your data folders.
    C:\Users\myusername
    Properties > uncheck Hidden

    7. Restart Windows normally. Verify Steps 2 and 3 again to make sure it's gone.

    • Als Antwort vorgeschlagen Bucky2 Samstag, 26. November 2011 08:31
    Samstag, 26. November 2011 08:29
  • Thanks to all that worked on this. After reading them all I used the one that Bucky2 wrote up.

    This was a friend of mine's computer and I had never seen such a mess of crap coming to the screen and all the files, favorites, start menu, etc. all missing.

    To be safe, at least for me, I also did a System Restore to a few days previous on their computer because they had been out of town and had not put anything new on the machine. This was a tremendous help as it restored the start menu, etc.

    All this time I was unplugged from the net. After restoring I plugged into the net, updated the definitions of the Virus software and ran a full scan. It found 8 things that said the threat was severe and removed them.

    The chore of removing the hidden and read only check boxes took quite awhile. This friend creates a new foler for almost anything new that he does.

     

    Good luck to all.

     

    Donnerstag, 1. Dezember 2011 17:05
  • Thanks Bucky2. It solved my problem partially.

    The virus file I had was PnLWqYYTFfIC.exe

     

    After following all the above steps, I was able to start my system in normal mode but it was still not showing all the items. But atleast the multiple dialog boxes stopped appearing.

     

    Then, I saw a small icon at the bottom for windows defender alert. It showed there was a trojan, I removed that but my previous short cust still haven't been restored.

    Freitag, 9. Dezember 2011 09:03
  • All,

     

    Thanks for all of the great ideas on the "Delayed Write Failed" virus.  I followed the directions and removed the file and I'm up and running again.  EXCEPT, when I go to START>PROGRAMS, my programs are all listed, but their folders are all empty.

    Also, my IE launches fine, but my FireFox icon won't start FireFox. 

    Any suggestions on what I might try on either issue?

    Thanks, 

    texasvet

    Freitag, 6. Januar 2012 22:19
  • My little brother's laptop got infected too and so i had to repair it -.-

    anyways

    here is my solution

    HOW TO FIX WINDOWS DELAYED WRITE FAILED VIRUS:

    1. You're infected, everything is hidden and you cannot open taskmanager.

    2. press windows button and type "cmd" and press enter

    3. once it opens a black window, type "cd C:\windows\system32" and press enter

    4. type "tasklist" and press enter

    5. search for a task by scrolling up a lil bit with a name like 6DSS92c31Apgjk.exe

    (it was named like that at the computer of my little brother after he got infected -.-)

    6. if you have found it type "taskkill /F /IM 6DSS92c31Apgjk.exe"

    (it has got to be the name of the virus-processs, if the name of your virus-process is different as mine, type the name of your one)

    7.it should appear a lil message on cmd console wich says command to close was sent or something like that

    (i don't know its fully right name cause my pc is german)

    7. try to open taskmanager. if it works, it means that the virusinfected process is stopped / "killed"

    8. press the windows button on your pc's keyboard and while keep holing press E.

    It will appear the same window as when you click on "Computer"

    9. follow these pictures:

    (1).

    (2).

     

    after checking those buttons and clicking ok, you schould be able to see all your data again wich was before you've got infected on your desktop but it is half transparent so mark all of them, do right klick on properties and uncheck the box "hidden". after that they are visible again and not transparent.

    10. search the virus manually now if you know the computer or if you aren't so good in pc with avira for example for the exe of the virus. at my brother's pc it was in the following paths:

    C:\programm data\6DSS92c31Apgjk.exe     AND

    C:\programm data\hUtkqvriAukQ.exe     <--(THIS WAS A SYSTEM RESTORE FAKE PROG OF THE VIRUS)

    then delete them completely from your pc.

    11. You're done :D

    i prefer to save all your personal data and completely reinstall windows cause the virus crapped up my brothers pc and his laptop's registry so that i couldn't do a system restore.

    hope you'll get it on first try. sry for my english i am 16 and from germany ;)

     

     





    I followed these instructions but realised you can't stop here.  The program puts an entry in your registry so when you reboot, it installs itself again. 

    So you have to run registry  Ctrl+r >> regedit  ....then do go "Edit" >>"Find" ....and you should copy down that [random].exe file name you found above.  It's different for all of us. Then paste that file name in the find box.  When you find it...right click>>delete or modify>>delete...This should completely delete it.  I would still go to the control panel/uninstall programs and check for any programs I did not install myself. 

    Let me also add that you should disconnect your computer from the internet when doing this kind of things.  Hope this helps. Courtesy..guys over at http://outpostech.com



    Mittwoch, 11. Januar 2012 04:40
  • I followed these instructions but realised you can't stop here.  The program puts an entry in your registry so when you reboot, it installs itself again. 

    So you have to run registry  Ctrl+r >> regedit  ....then do go "Edit" >>"Find" ....and you should copy down that [random].exe file name you found above.  It's different for all of us. Then paste that file name in the find box.  When you find it...right click>>delete or modify>>delete...This should completely delete it.  I would still go to the control panel/uninstall programs and check for any programs I did not install myself. 

    Let me also add that you should disconnect your computer from the internet when doing this kind of things.  Hope this helps. Courtesy..guys over at http://outpostech.com



    thats wrong. the virus cannot reeinstall itself again if you have deleted it.oly if the persistance option of the virus tool for example is enabled it can reinstall itself again but this happens in 2 seconds. the command in the registry for autostarting the ....exe will do or start nothing. but it's good to delete the entry because if you get the virus again, only then it can autostart again.




    • Bearbeitet Dogan M Dienstag, 24. Januar 2012 19:33
    Dienstag, 24. Januar 2012 19:18
  • Hi Dogan and everyone else,

     

    I followed your steps dogan, and deleted the file.

     

    However, my desktop icons can only be displayed if I choose the "show hidden files"....if i change it back to dont show hidden files my desktop icons disappear.

     

    Also, there are no start menu programs! I can't see any of my installed programs...

     

    Please help!

    Thanks.

    Samstag, 28. Januar 2012 03:36
  • Hi notnpadmin,

    please try a system restoration and if it won't work just choose the "show hidden files" option again in folder properties and then rightclick on the hidden files, open preoperties and remove the tick at "hide file" then you should be able to see your files again without the extra option and 2. you can righklick on your taskbar and select properties. then follow the picture. (sry my laptop is german)

    in the left window you can customize everything ;)

    • Bearbeitet Dogan M Mittwoch, 1. Februar 2012 22:47
    Mittwoch, 1. Februar 2012 22:46
  •  

    Thanks to Dogan, Bucky2 and Miya (Moderator) for your clear and detailed instructions.

    I can say that my computer is "back", but not EXACTLY like it was before. It seems to be working properly, however, I had to go into File Explorer and un-hide many of the folders individually. Although my start menu displays again, most of the folders in "All Programs" still report "empty", so I have to use File Explorer to find the executable I need for the program I want to open/run. It's a real pain, but I'm happy to report I haven't lost any files.

    After cleaning everything, I did run a system restore, but it didn't fix my start menu, desktop display (lost my background - no biggie, but still) and a few other minor things...

    PS - does any one know the virus name? I'd like to do some additional research to figure out possibly where I picked it up from. Thx.
    • Bearbeitet Katy_Did Sonntag, 5. Februar 2012 22:15
    Sonntag, 5. Februar 2012 22:14
  • Hi Dogan M,

    Thanks for the post. It was very helpful. For my case the virus name was "KR9wJWsiFgPcsw". I did exactly what you said step by step. It was a very good one.

    Sonntag, 12. Februar 2012 22:59
  • Hey I  did a system restore, luckily that got rid of the virus but many of my my files were missing, I took the posted advise from people Here and went to organize button in my computer window and went to folder options , then the view tab clicked show hidden files and found everything... THANK YOU ALL SOO MUCH.... was about to reformat my computer... im glad I didnt have to... but i may still do it after i get my documents off it... now i went to my computer c drive and am unhiding all the files on my computer......

    Thanks you again...

    Donnerstag, 16. Februar 2012 09:14
  • Hi,I just wanted to help answer your problem with the "All Programs" folder.

    http://www.bleepingcomputer.com/forums/topic401172.html

    It is a manual fix to your problem.

    Thanks to Dogan and Bucky2! Helped me greatly.

    Sonntag, 18. März 2012 07:07
  • Hi

    I also got this on my windows 7/64 pc. I got it removed and i restored missing shortcuts. The PC is doing a thorough virus scan as i speak and doing windows update.

    However I am very curious as to how this virus spread. I'm on my linux pc right now which I use most of the time. Only use the windows pc for adobe products really. I havent installed anything new on it for months, havent executed email attachments and i certainly havent browsed porn sites or any sites of similar nature on it.

    The only thing I can recall was running a java applet inside of firefox on a website a few days ago, one for generating random words. This may have caused the harm, I dont know. Any suggestions?

    By the way thanks very much for the info in this thread, a huge timesaver.

    Montag, 19. März 2012 09:47
  • This worked. Thank you!

    In terms of additional post cleanup steps:

    - Needed to flip back the read-only and hidden flags on a lot of my files, for example c:\user\[your_user_name] but it's not advisable to do this manually as you may not know what the original states of these flags on subfolders and content.

    - Alternative to the msconfig suggestion below, I went ahead and searched for the virus name in all of my registry and deleted all the related keys. The name of the virus was "QkMNyhGuJTxqPg" in my case.

    - Had to fix my windows theme which was changed to black.

    - To fix the missing icons on the start menu, I tried http://www.bleepingcomputer.com/forums/topic401172.html but it didn't work completely. I also had to reset everything back to default by right-clicking on the toolbar > Properties > Start Menu > Customize > Use Default Settings.

    Montag, 19. März 2012 23:19
  • Dude! You Rock! I wish I had you in my computer tech class!! Lew
    Dienstag, 27. März 2012 22:45