Jump to content

Malware attack corrupted disk so it can't boot


Recommended Posts

Running Windows 7, 64 bit with Norton 360 more than a year with zero problems. I had downloaded a .xls spreadsheet file for nutrition content of common foods from a USDA government website. I worked on it in Excel for an hour or so, saving many times. When I was done and quit Excel, it hung and I got an error window saying a necessary file for Excel was missing and I needed to run a restore procedure (or something like that). I fell for it and clicked OK, and that was the beginning of the end, and could not stop it - that's when I held down the power button to shut down.

Now, at each boot attempt, it wants to run a check disk. Sometimes the check disk will go and other times it just sits there. Each time it does run, it finds lots of problems and appears to move or recover hundreds of files. Also reports some bad sectors. Sometimes the check will complete and attempt to boot, other times, just hangs. When scan disk finishes, the text screen goes away too fast for me to read the messages. Sometimes I skip the scan and let it try to boot. Sometimes I get full blue screen. Twice it did boot, but exxxxtreeeemly slow - no sense even trying to install malewarebytes. I was able to click COMPUTER, and open C drive, but trying to open the USERS folder, a green bar progresses all the way across the top of the window, then just hangs and I have to hold the power button as the only choice to turn off computer.

I'm afraid to keep doing this, since the check disk seems to be moving / recovering files, and this could be bad for trying to recover data later.

I removed the drive and put it in an external case with USB 3.0, attached to a good Win 7 laptop that has malwarebytes installed. I guess my corrupt Win 7 drive secretly has 2 partitions. The laptop "mounts" drive F, then for drive G, it finds a problem with that partition and wants to run a scan disk, but I select "continue without scanning". It "mounts" the drive and shows up as 2 drives (partitions?):

System Reserved (F:) 70.3 Mb free of 99.9 Mb

Local Disk (G:) 436 Gb free of 931 Gb

F: is empty (maybe just hidden?). Attempting to access the USERS folder on G:, the green bar goes all the way across the top of the window and hangs. But I can kill the window with Task Manager, so my laptop is fine.

Ran malewarebytes on the F: drive (partition ?) and it ran with no problems.

Ran malewarebytes on the G: drive and it hangs part way through scanning the first folder.

I'm about to download/buy and run "GetDataBack" to at least try and recover my data files (precious videos and photos, and of course, no backups).

I will stand by. Thanks for your help.

DerekB

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Could try these boot disks:

These are links to Anti-virus vendors that offer free LiveCD or Rescue CD files that are used to boot from for repair of unbootable and damaged systems, rescue data, scan the system for virus infections. Burn it as an image to a disk to get a bootable CD. All (except Avira) are in the ISO Image file format. Avira uses an EXE that has built-in CD burning capability.

If you are not sure how to burn an image, please read How to write a CD/DVD image or ISO. If you need a FREE utility to burn the ISO image, download and use ImgBurn.

Let me know how it goes.

Link to post
Share on other sites

Thanks for the great reply. I will try those.

So I guess the idea is to try and make the drive bootable, purge any virus / malware, and repair the operating system.

But then what about potential damage to any installed programs? How do those get checked? For example, I have the full Adobe CS5 suite, among other big stuff. That's a ton of software to "trust" as being good.

Is there a way to assess if it's worth trying to recover my drive and continue to "trust" it for my OS and programs?, or just buy a new drive and start over? Or maybe do a "stress test" to see if it has actual physical problems?

I ran GetDataBack and copied at least 95% of my data files, so I am relieved there at least. But GetDataBack encountered hundreds of I/O errors during the process. Granted, a few hundred read errors is a tiny percentage of the millions, but still it makes me worry about the physical integrity.

DerekB

Link to post
Share on other sites

  • Staff

Hi,

It's doubtful you had a file infector. Your programs should be safe (if you would like to be certain, upload some of the .exe files you recovered to www.virustotal.com and it should show if a file infector was present. However, I would recommend reinstalling them completely since the backup you created of them may not be satisfactory to restore all of the appropriate Registry settings and whatnot.

I personally think it was an already failing hard drive plus a rootkit infection.

Clear as mud? :)

In my opinion, I would format and start from scratch with a new hard drive. You start fresh and there's no risk of infection. Feel free to backup images and documents though.

Let me know what you decide; I'll be happy to answer any additional questions you have.

Link to post
Share on other sites

Yes, the hard drive has physical failures. This was confirmed by the folks at GetDataBack. When their software runs, it gathers all kinds of info about the drive and creates a snapshot file, which I sent to them. So there is no point in trying to run malwarebytes, or any of the software to restore the operating systems.

I will just start over with a new hard drive, as you recommended. I recovered 95-98% of my images, video, and data files, so I'm happy about that.

So one last question before closing this thread.

What kind of multiple hard drive setup should I create in order to guard against a physical hard drive failure that will constantly keep a working exact mirror of my system on a second drive (or something like that)? Drives are so cheap, compared to the pain of rebuilding. I am OK with buying two 750 GB drives, one for main OS and programs and one for some kind of realtime mirror backup, then a 3rd, 4th, 5th drive for data.

But I don't know how to setup this "mirror" or whatever it's called.

Thanks so much,

DerekB

Link to post
Share on other sites

  • Staff

I haven't personally done that before.

On my backup hard drive, I don't keep a mirror so much as just backups of my important things which I update every week or so.

You may wish to post in our general forum and I'm sure others will have had experience in the past. Alternatively, I found this article which provides some decent options:

http://labnol.blogspot.com/2006/08/clone-hard-drive-with-free-disk.html

Let me know how it goes!

Link to post
Share on other sites

  • 3 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.