Hard drive seems wiped by virus - Page 2

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

Re: Hard drive seems wiped by virus

Hello, harrye@somewhere.it.where.it.doesn't.suck.net!

d6hio6l1ch5dsa8bq6aodvv5lmj4rgnuhi@4ax.com
On Tue, 22 Mar 2011 19:56:25 -0500:

Quoted text here. Click to load it

Agreed... I got to setup imaging software one day. I /DO/ BU my sensitive
data daily. I have 2 HDD(s) in my server, one for the system, the other is
sensitive data, and a USB HDD with my sensitive data on in a fire proof
safe. :) All encrypted with TrueCrypt.

Quoted text here. Click to load it

In your option, what a good choice for Imaging software?

--
With best regards, gufus.  E-mail: stop.nospam.gbbsg@shaw.ca



Re: Hard drive seems wiped by virus

On Wed, 23 Mar 2011 13:10:15 -0600, "gufus"

Quoted text here. Click to load it

Well, I got lucky in that Acronis was the first such program I bought
of its kind years back, and it's worked perfectly from day one.   I
have version 8.  I haven't updated to the more modern versions because
of the problems with their newer versions I have read about in their
user forums.  As for the other programs out there, I also have Macrium
Reflect, with which I make full backups onto other outboard disks I
have.  Outside of what I have, I don't know anything about all the
other programs. I stick with what works for me.  If it ain't broke,
don't fix it.  :o)

Re: Hard drive seems wiped by virus

Hello, harrye@somewhere.it.where.it.doesn't.suck.net!

9njko61rdl29b28uoljk03f4dr3otp55k5@4ax.com
On Wed, 23 Mar 2011 14:56:31 -0500:

 >> In your option, what a good choice for Imaging software?
 >
 > Well, I got lucky in that Acronis was the first such program I bought
 > of its kind years back, and it's worked perfectly from day one.

'k

 >  I have version 8.  I haven't updated to the more modern versions because
 > of the problems with their newer versions I have read about in their
 > user forums.  As for the other programs out there, I also have Macrium

Thanks for your input Bro. I guess it like any software (your millage will
vary)  I've been into computers since 1988, also many different fields,
networking, a BBS (Fidonet) and designing websites, writing everything from
HTML, CCS, Java, CGI, PHP  etc.... :o)

--
With best regards, gufus.  E-mail: stop.nospam.gbbsg@shaw.ca



Re: Hard drive seems wiped by virus

Per gufus:
Quoted text here. Click to load it

I've been using TeraByte's DOS version of "Image" for quite a few
years.

Not a lot of bells and whistles, but it runs fast and the price
was right (less than twenty USD).
--
PeteCresswell

Re: Hard drive seems wiped by virus

Hello, (PeteCresswell)!

7mimo6p882ur73iiasdug25iuh38enmcpn@4ax.com
On Thu, 24 Mar 2011 09:45:57 -0400

Quoted text here. Click to load it

Thx.. I'll add it to my list.

Quoted text here. Click to load it

Sweet. :-)
--
With best regards, gufus.  E-mail: stop.nospam.gbbsg@shaw.ca



Re: Hard drive seems wiped by virus

NOSPAMfurness50@hotmail.com wrote:
Quoted text here. Click to load it

Does your unstated Windows version have a recovery console?

Did this message appear while web browsing?

Is your file system NTFS?

If you harddrive is empty, what error message are you getting from BIOS?

Do you have an alternate OS to boot from?

Re: Hard drive seems wiped by virus

NOSPAMfurness50@hotmail.com wrote:

Quoted text here. Click to load it

Which is to really mean that you were web surfing somewhere and decided
to act on a rogueware popup - IN A WEB BROWSER!

Quoted text here. Click to load it

Whether you click on their OK button or not or even if you attempt to
close the popup window, their scripting will ignore your choices and go
ahead with whatever action they wanted to commit.  Never click on their
OK or Cancel button or even bother to try to close the popup window.
Just go into Task Manager and kill the web browser's process.  For
future use, you might want to define a shortcut to put in a toolbar in
the Windows taskbar that runs "taskkill.exe /f iexplore.exe" (or
whatever process is for your unidentified web browser) presuming that
taskkill.exe is available in your unidentified OS.

It is likely that a part of the "recovery" action required by you but
not mentioned here by you was that you had to download something and run
it locally.  Neither Java or Javascript can erase your hard disk.  So
not only did you click their Ok button but you also permitted a download
and then clicked Ok to run it.  You ignored the prompts asking if you
wanted to download and if you wanted to run.

Quoted text here. Click to load it

Since you still have a usable computer, time to Google for partition and
file recovery software.  Recuva might get back some files.  There are
other similar tools.  If the "recovery" damage was quick then perhaps
the malware only modified the partition tables, so get partition
recovery software.  This tries to restore the partition tables in the
MBR so they match what is found remnant on the hard disk.

Piriform's Recuva
http://www.piriform.com/recuva/features

Recuva might work but I have my doubts about freeware able to do
complete recovery or to recover under all conditions.  Of course, to run
this software means you need an instance of Windows under which to
install and run it.  So you'll have to tote your know wiped hard disk to
another host where Windows is running, attach the dead hard disk as a
slave drive, and see if Recuva can restore the partitions or files on
that dead hard disk.  I've only used Recuva a couple of times and only
to recover some deleted files.  Others may have suggestions for other
partition and/or file recovery software but, again, you'll need an OS
under which to run it.

Of course, you could restore from your backups, right?  What, you don't
have backups?  Now that you've been burned by not having backups, I bet
you'll start thinking about doing backups.  If you do have backups,
remember that if they were created after you infected your host then
restoring from those backups will reintroduce the malware.  You need to
restore from a clean backup, or do a dirty restore and hope you can
disinfect your host using anti-malware before the malware hits again.

I have not visited or used information from the following sites so I
don't know if it reliable or trustworthy.  I simply Googled to find
matching articles.  A Google search on:

http://www.google.com/search?q=malware+%2B"windows+recovery"+errors+detected

Found:

http://www.removespywaresupport.com/how-to-remove-windows-recovery-how-to-remove-windows-recovery.html

This article suggests using Anti-MalwareBytes which is a well-known good
product.  The free version is an on-demand scanner only (you have to pay
to get their on-access scanner).  It says to reboot into Windows' Safe
Mode (with networking), get Anti-MalwareBytes, and hope it will
disinfect your host.  That assumes you can boot into Safe Mode.

http://www.malwarebytes.org /

If you can't get into Safe Mode or MalwareBytes won't install or the
hard disk is still wiped in Safe Mode, you'll have to look at using
something to recover from the hard disk wipe.

Re: Hard drive seems wiped by virus


| NOSPAMfurness50@hotmail.com wrote:

Quoted text here. Click to load it

| Which is to really mean that you were web surfing somewhere and decided
| to act on a rogueware popup - IN A WEB BROWSER!

Quoted text here. Click to load it

| Whether you click on their OK button or not or even if you attempt to
| close the popup window, their scripting will ignore your choices and go
| ahead with whatever action they wanted to commit.  Never click on their
| OK or Cancel button or even bother to try to close the popup window.
| Just go into Task Manager and kill the web browser's process.  For
| future use, you might want to define a shortcut to put in a toolbar in
| the Windows taskbar that runs "taskkill.exe /f iexplore.exe" (or
| whatever process is for your unidentified web browser) presuming that
| taskkill.exe is available in your unidentified OS.

| It is likely that a part of the "recovery" action required by you but
| not mentioned here by you was that you had to download something and run
| it locally.  Neither Java or Javascript can erase your hard disk.  So
| not only did you click their Ok button but you also permitted a download
| and then clicked Ok to run it.  You ignored the prompts asking if you
| wanted to download and if you wanted to run.

Quoted text here. Click to load it

| Since you still have a usable computer, time to Google for partition and
| file recovery software.  Recuva might get back some files.  There are
| other similar tools.  If the "recovery" damage was quick then perhaps
| the malware only modified the partition tables, so get partition
| recovery software.  This tries to restore the partition tables in the
| MBR so they match what is found remnant on the hard disk.

| Piriform's Recuva
| http://www.piriform.com/recuva/features

| Recuva might work but I have my doubts about freeware able to do
| complete recovery or to recover under all conditions.  Of course, to run
| this software means you need an instance of Windows under which to
| install and run it.  So you'll have to tote your know wiped hard disk to
| another host where Windows is running, attach the dead hard disk as a
| slave drive, and see if Recuva can restore the partitions or files on
| that dead hard disk.  I've only used Recuva a couple of times and only
| to recover some deleted files.  Others may have suggestions for other
| partition and/or file recovery software but, again, you'll need an OS
| under which to run it.

| Of course, you could restore from your backups, right?  What, you don't
| have backups?  Now that you've been burned by not having backups, I bet
| you'll start thinking about doing backups.  If you do have backups,
| remember that if they were created after you infected your host then
| restoring from those backups will reintroduce the malware.  You need to
| restore from a clean backup, or do a dirty restore and hope you can
| disinfect your host using anti-malware before the malware hits again.

| I have not visited or used information from the following sites so I
| don't know if it reliable or trustworthy.  I simply Googled to find
| matching articles.  A Google search on:

| http://www.google.com/search?q=malware+%2B"windows+recovery"+errors+detected

| Found:

|
http://www.removespywaresupport.com/how-to-remove-windows-recovery-how-to-remove -
| windows-recovery.html

| This article suggests using Anti-MalwareBytes which is a well-known good
| product.  The free version is an on-demand scanner only (you have to pay
| to get their on-access scanner).  It says to reboot into Windows' Safe
| Mode (with networking), get Anti-MalwareBytes, and hope it will
| disinfect your host.  That assumes you can boot into Safe Mode.

| http://www.malwarebytes.org /

| If you can't get into Safe Mode or MalwareBytes won't install or the
| hard disk is still wiped in Safe Mode, you'll have to look at using
| something to recover from the hard disk wipe.

You may be right if it looked like...

http://www.multi-av.thespykiller.co.uk/WindowsRecovery.jpg

--
Dave
Multi-AV Scanning Tool - http://www.pctipp.ch/downloads/dl/35905.asp



Re: Hard drive seems wiped by virus

Hello, David!

imcigf01h16@news3.newsguy.com
On Wed, 23 Mar 2011 06:37:02 -0400:

Quoted text here. Click to load it

Ouch! that don't look real.
--
With best regards, gufus.  E-mail: stop.nospam.gbbsg@shaw.ca



Re: Hard drive seems wiped by virus

VanguardLH wrote:
Quoted text here. Click to load it
http://www.removespywaresupport.com/how-to-remove-windows-recovery-how-to-remove-windows-recovery.html
Quoted text here. Click to load it

Funny, they don't even mention "on-access" scanning here:
http://www.malwarebytes.org/mbam.php

They do mention "realtime protection" and the fact that it works
together with other anti-malware utilities.

:o)

Okay, I'll stop. (but first a mini rant)

It seems I am wrong - all those terms mean the exact same thing.

http://en.wikipedia.org/wiki/Real-time_protection

...and we might as well just call all malware viruses now too.

and I thought that this was so promising:

http://en.wikipedia.org/wiki/Computer_virus

"...not to be confused with malware"

I guess I'll just have to get with the times and adopt lazy terminology
myself just so that I don't come across as pendantic.

Re: Hard drive seems wiped by virus

Hello, FromTheRafters!

imcug1$rmv$1@news.eternal-september.org
On Wed, 23 Mar 2011 10:01:37 -0400:

 > I guess I'll just have to get with the times and adopt lazy terminology
 > myself just so that I don't come across as pendantic.

Your fine.. I understand you posts/replies. As a matter a fact, you taught
me a few things. :)

--
With best regards, gufus.  E-mail: stop.nospam.gbbsg@shaw.ca



Re: Hard drive seems wiped by virus



NOSPAMfurness50@hotmail.com wrote:
Quoted text here. Click to load it

Sounds like some malware. Google on how to do a System Restore for your OS.
After you get it going, run and up to date anti-virus scan as well as a
anti-malware scan (free versions of MalwareBytes AntiMalware and
SuperAntiSpyware).
Sounds like you had a screen like David Lipman posted yesterday:
http://www.multi-av.thespykiller.co.uk/WindowsRecovery.jpg

You can also try Googling for  11 Errors   . One of the hits was:
http://www.xptechsupport.com/hdd-deframenter-virus.html and it explains how
one person got rid on that HDD Fragmenter Virus.

Buffalo



Site Timeline