If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
Two Dead Hard Drives: Virus/Trojan?
Here's my situation:
I've had my XP x64 installation up-and-running since May. About a week ago, I experienced a brief freeze and had to do a hard boot. The machine ran fine for another day or so then froze again. Rebooted and got a "Machine_Check" blue screen error indicating a hardware problem. After that it would not boot. It would post, taking a longer time to recogize the IDE drive but it did recognize it, but XP x64 would no longer start up. I figured I had a bad hard drive, so I ordered a new one (Western Digital WD2000JB, same as before), removed the old drive, installed the new, reinstalled XP x64 and all was well. Perhaps foolishly, I thought I would try to save the few files off the old drive, if possible, that I hadn't backed up, so I installed the old drive as a slave and booted up. The old drive appeared as drive: E ans displayed all my old files and directories. Tried to copy a directory over to the new drive, but it froze during the copy requiring a hard boot. Now the new drive is displaying the same behaviour as the old one. It goes through post and dies as soon as XP x64 should start up. I even tried running from the XP x64 installation disk, but that won't run either. So no repair install possible. That's what makes me think I may have had a virus or trojan on the old drive and by installing it as a slave and trying to transfer files, transfered the virus/trojan to the new drive. Another factoid, the affected machine was and is on a local network and none of the other machines has been affected (yet). THis is the set up MSI K8N Neo2 Platinum AMD Athlon XP 64 3000+ Western Digital WD2000JB 200Gb hard drive(s) Cosair Value Select DDR 3200 2x512Mb Sony DRU510a DVD/CD Nvidia GeForce 6200 Samsung 930b LCD All mobo, video, sound drivers were up to date as of yesterday from the respective websites. PC is behind a router. XP Firewall was ON. Nod32 antivirus installed and definitions up-to-date. Adaware and Spybot installed, only Adaware scan run because I only got the machine up again yesterday. Now XP x64 is relatively new, but I suppose someone could have written a virus trojan for it by now. But could it be something else? How could hooking the bad drive up as a slave to the good new drive cause the new drive to start acting the same way if it wasn't a virus? Any ideas will really be appreciated. |
#2
|
|||
|
|||
Two Dead Hard Drives: Virus/Trojan?
J. Eric Durbin wrote:
Here's my situation: I've had my XP x64 installation up-and-running since May. About a week ago, I experienced a brief freeze and had to do a hard boot. The machine ran fine for another day or so then froze again. Rebooted and got a "Machine_Check" blue screen error indicating a hardware problem. After that it would not boot. It would post, taking a longer time to recogize the IDE drive but it did recognize it, but XP x64 would no longer start up. I figured I had a bad hard drive, so I ordered a new one (Western Digital WD2000JB, same as before), removed the old drive, installed the new, reinstalled XP x64 and all was well. Perhaps foolishly, I thought I would try to save the few files off the old drive, if possible, that I hadn't backed up, so I installed the old drive as a slave and booted up. The old drive appeared as drive: E ans displayed all my old files and directories. Tried to copy a directory over to the new drive, but it froze during the copy requiring a hard boot. Now the new drive is displaying the same behaviour as the old one. It goes through post and dies as soon as XP x64 should start up. I even tried running from the XP x64 installation disk, but that won't run either. So no repair install possible. That's what makes me think I may have had a virus or trojan on the old drive and by installing it as a slave and trying to transfer files, transfered the virus/trojan to the new drive. Another factoid, the affected machine was and is on a local network and none of the other machines has been affected (yet). THis is the set up MSI K8N Neo2 Platinum AMD Athlon XP 64 3000+ Western Digital WD2000JB 200Gb hard drive(s) Cosair Value Select DDR 3200 2x512Mb Sony DRU510a DVD/CD Nvidia GeForce 6200 Samsung 930b LCD All mobo, video, sound drivers were up to date as of yesterday from the respective websites. PC is behind a router. XP Firewall was ON. Nod32 antivirus installed and definitions up-to-date. Adaware and Spybot installed, only Adaware scan run because I only got the machine up again yesterday. Now XP x64 is relatively new, but I suppose someone could have written a virus trojan for it by now. But could it be something else? How could hooking the bad drive up as a slave to the good new drive cause the new drive to start acting the same way if it wasn't a virus? Any ideas will really be appreciated. Sounds like it 'could' be. Seems as though something 'could' be overwriting the MBR or at the other end, you may have a faulty IDE controller. If you are saying that you cannot run the Windows XP CD to install to the harddrive and you can't access either harddrive, then I would say it's almost definitely an IDE controller problem. |
#3
|
|||
|
|||
Two Dead Hard Drives: Virus/Trojan?
J. Eric Durbin wrote:
Here's my situation: I've had my XP x64 installation up-and-running since May. About a week ago, I experienced a brief freeze and had to do a hard boot. The machine ran fine for another day or so then froze again. Rebooted and got a "Machine_Check" blue screen error indicating a hardware problem. After that it would not boot. It would post, taking a longer time to recogize the IDE drive but it did recognize it, but XP x64 would no longer start up. I figured I had a bad hard drive, so I ordered a new one (Western Digital WD2000JB, same as before), removed the old drive, installed the new, reinstalled XP x64 and all was well. Perhaps foolishly, I thought I would try to save the few files off the old drive, if possible, that I hadn't backed up, so I installed the old drive as a slave and booted up. The old drive appeared as drive: E ans displayed all my old files and directories. Tried to copy a directory over to the new drive, but it froze during the copy requiring a hard boot. Now the new drive is displaying the same behaviour as the old one. It goes through post and dies as soon as XP x64 should start up. I even tried running from the XP x64 installation disk, but that won't run either. So no repair install possible. That's what makes me think I may have had a virus or trojan on the old drive and by installing it as a slave and trying to transfer files, transfered the virus/trojan to the new drive. Another factoid, the affected machine was and is on a local network and none of the other machines has been affected (yet). THis is the set up MSI K8N Neo2 Platinum AMD Athlon XP 64 3000+ Western Digital WD2000JB 200Gb hard drive(s) Cosair Value Select DDR 3200 2x512Mb Sony DRU510a DVD/CD Nvidia GeForce 6200 Samsung 930b LCD All mobo, video, sound drivers were up to date as of yesterday from the respective websites. PC is behind a router. XP Firewall was ON. Nod32 antivirus installed and definitions up-to-date. Adaware and Spybot installed, only Adaware scan run because I only got the machine up again yesterday. Now XP x64 is relatively new, but I suppose someone could have written a virus trojan for it by now. But could it be something else? How could hooking the bad drive up as a slave to the good new drive cause the new drive to start acting the same way if it wasn't a virus? Any ideas will really be appreciated. Borrow a KNOPPIX disc, boot to it and report back the results. |
#4
|
|||
|
|||
Two Dead Hard Drives: Virus/Trojan?
On Wed, 07 Dec 2005 17:21:30 -0330, Conrad
wrote: J. Eric Durbin wrote: Here's my situation: Now XP x64 is relatively new, but I suppose someone could have written a virus trojan for it by now. But could it be something else? How could hooking the bad drive up as a slave to the good new drive cause the new drive to start acting the same way if it wasn't a virus? Any ideas will really be appreciated. Sounds like it 'could' be. Seems as though something 'could' be overwriting the MBR or at the other end, you may have a faulty IDE controller. If you are saying that you cannot run the Windows XP CD to install to the harddrive and you can't access either harddrive, then I would say it's almost definitely an IDE controller problem. Thanks for the advice, someone in the microsoft x64 newsgroup had thoughts along the same line as yours. I tried connecting the new drive to the secondary IDE connector and resetting CMOS, but with no luck. It just struck me as more than coincidental that the new drive operated just fine for 24+ hours (actually 48 hours now that I think about it) and didn't show any signs of trouble until I accessed the old problem drive. That's what me think virus/trojan. The motherboard is only 6 months old, so I assume I can still RMA it to MSI if necessary. |
#5
|
|||
|
|||
Two Dead Hard Drives: Virus/Trojan?
On Wed, 07 Dec 2005 16:14:07 -0500, Jim wrote:
J. Eric Durbin wrote: Here's my situation: Now XP x64 is relatively new, but I suppose someone could have written a virus trojan for it by now. But could it be something else? How could hooking the bad drive up as a slave to the good new drive cause the new drive to start acting the same way if it wasn't a virus? Any ideas will really be appreciated. Borrow a KNOPPIX disc, boot to it and report back the results. I forgot to mention that I actually tried that with the first drive. Both Knoppix and Damn Small Linux started the boot process showing the Penguin logo but failed immediately. Trying it today with the newly dysfunctional replacement drive, it doesn't even get to the Linux startup information. |
#6
|
|||
|
|||
Two Dead Hard Drives: Virus/Trojan?
On Wed, 07 Dec 2005 17:21:30 -0330, Conrad
wrote: Sounds like it 'could' be. Seems as though something 'could' be overwriting the MBR or at the other end, you may have a faulty IDE controller. If you are saying that you cannot run the Windows XP CD to install to the harddrive and you can't access either harddrive, then I would say it's almost definitely an IDE controller problem. I just recalled a bit of data, after the first freeze on the original hard drive, I fired up Everest which provides SMART data and as far as I could tell, it indicated no problems with that drive. Of course, I don't believe it indicated any problems with the IDE controller either but the fact that SMART saw the drive as good perhaps is more evidence pointing to the IDE controller. |
#7
|
|||
|
|||
Two Dead Hard Drives: Virus/Trojan?
"J. Eric Durbin" wrote in message ... On Wed, 07 Dec 2005 16:14:07 -0500, Jim wrote: J. Eric Durbin wrote: Here's my situation: Now XP x64 is relatively new, but I suppose someone could have written a virus trojan for it by now. But could it be something else? How could hooking the bad drive up as a slave to the good new drive cause the new drive to start acting the same way if it wasn't a virus? Any ideas will really be appreciated. Borrow a KNOPPIX disc, boot to it and report back the results. I forgot to mention that I actually tried that with the first drive. Both Knoppix and Damn Small Linux started the boot process showing the Penguin logo but failed immediately. Trying it today with the newly dysfunctional replacement drive, it doesn't even get to the Linux startup information. did you get a 'checksum error after the CMOS reset? |
#8
|
|||
|
|||
Two Dead Hard Drives: Virus/Trojan?
On Wed, 7 Dec 2005 14:28:35 -0800, "JAD"
wrote: "J. Eric Durbin" wrote in message .. . On Wed, 07 Dec 2005 16:14:07 -0500, Jim wrote: J. Eric Durbin wrote: Here's my situation: Now XP x64 is relatively new, but I suppose someone could have written a virus trojan for it by now. But could it be something else? How could hooking the bad drive up as a slave to the good new drive cause the new drive to start acting the same way if it wasn't a virus? Any ideas will really be appreciated. Borrow a KNOPPIX disc, boot to it and report back the results. I forgot to mention that I actually tried that with the first drive. Both Knoppix and Damn Small Linux started the boot process showing the Penguin logo but failed immediately. Trying it today with the newly dysfunctional replacement drive, it doesn't even get to the Linux startup information. did you get a 'checksum error after the CMOS reset? Yes. I went into bios and fixed the settings and that seemed to get rid of the checksum error. Perhaps I missed something? |
#9
|
|||
|
|||
Two Dead Hard Drives: Virus/Trojan?
"J. Eric Durbin" wrote in message ... On Wed, 7 Dec 2005 14:28:35 -0800, "JAD" wrote: "J. Eric Durbin" wrote in message . .. On Wed, 07 Dec 2005 16:14:07 -0500, Jim wrote: J. Eric Durbin wrote: Here's my situation: Now XP x64 is relatively new, but I suppose someone could have written a virus trojan for it by now. But could it be something else? How could hooking the bad drive up as a slave to the good new drive cause the new drive to start acting the same way if it wasn't a virus? Any ideas will really be appreciated. Borrow a KNOPPIX disc, boot to it and report back the results. I forgot to mention that I actually tried that with the first drive. Both Knoppix and Damn Small Linux started the boot process showing the Penguin logo but failed immediately. Trying it today with the newly dysfunctional replacement drive, it doesn't even get to the Linux startup information. did you get a 'checksum error after the CMOS reset? Yes. I went into bios and fixed the settings and that seemed to get rid of the checksum error. Perhaps I missed something? \ actually no, I wanted to make sure you actually achieved the reset. can you try the drive in a different machine? I have had optical drives misbehave when the PSU was marginal, although I have never ran across this same thing (that I know of) when its come to hard drives but I figure its possible. |
#10
|
|||
|
|||
Two Dead Hard Drives: Virus/Trojan?
oh and what ANTI virus are you running?
"JAD" wrote in message ... "J. Eric Durbin" wrote in message ... On Wed, 7 Dec 2005 14:28:35 -0800, "JAD" wrote: "J. Eric Durbin" wrote in message ... On Wed, 07 Dec 2005 16:14:07 -0500, Jim wrote: J. Eric Durbin wrote: Here's my situation: Now XP x64 is relatively new, but I suppose someone could have written a virus trojan for it by now. But could it be something else? How could hooking the bad drive up as a slave to the good new drive cause the new drive to start acting the same way if it wasn't a virus? Any ideas will really be appreciated. Borrow a KNOPPIX disc, boot to it and report back the results. I forgot to mention that I actually tried that with the first drive. Both Knoppix and Damn Small Linux started the boot process showing the Penguin logo but failed immediately. Trying it today with the newly dysfunctional replacement drive, it doesn't even get to the Linux startup information. did you get a 'checksum error after the CMOS reset? Yes. I went into bios and fixed the settings and that seemed to get rid of the checksum error. Perhaps I missed something? \ actually no, I wanted to make sure you actually achieved the reset. can you try the drive in a different machine? I have had optical drives misbehave when the PSU was marginal, although I have never ran across this same thing (that I know of) when its come to hard drives but I figure its possible. |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Primary Hard Disk Drive 1 Not Found | brandon | General Hardware | 5 | July 18th 04 11:39 PM |
Weird electrical problems with hard drives and power supply | Charles Riedel | General Hardware | 4 | June 4th 04 07:56 PM |
Upgrade Report [Hardware Tips: Get the Right Hard Drive - 05/11/2004] | Ablang | General | 0 | May 16th 04 03:17 AM |
Removable Drive Bays | Rod Speed | Storage (alternative) | 35 | January 3rd 04 09:31 PM |
Standard IDE hard drives in NAS devices? | Jeff | Storage (alternative) | 0 | November 24th 03 03:37 PM |