A computer components & hardware forum. HardwareBanter

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Go Back   Home » HardwareBanter forum » General Hardware & Peripherals » General
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

External USB hard drive activity question



 
 
Thread Tools Display Modes
  #1  
Old March 22nd 17, 10:52 AM posted to alt.comp.hardware
[email protected]
external usenet poster
 
Posts: 18
Default External USB hard drive activity question

I have a hard drive connected to my W10 PC via USB.
It has a green light on it which I assume indicates activity?
Anyway - I just noticed it is blinking madly even though the PC is
sitting on, but unused. Scares me,
What does this mean? Why is there activity? Someone is not on my PC
accessing my drive is there? I hope this is not a dumb Q.
Anyone?
Pete
  #2  
Old March 22nd 17, 11:05 AM posted to alt.comp.hardware
Paul[_28_]
external usenet poster
 
Posts: 1,467
Default External USB hard drive activity question

wrote:
I have a hard drive connected to my W10 PC via USB.
It has a green light on it which I assume indicates activity?
Anyway - I just noticed it is blinking madly even though the PC is
sitting on, but unused. Scares me,
What does this mean? Why is there activity? Someone is not on my PC
accessing my drive is there? I hope this is not a dumb Q.
Anyone?
Pete


Use Process Monitor, to look for ReadFile, WriteFile, CreateFile activity.
The partition on the drive will have a drive letter. You should
be able to identify a process making transactions on the drive.

https://technet.microsoft.com/en-us/...processmonitor

Leave it running long enough to collect a trace. Say for a minute.
Then, go to the File menu and remove the tick mark in there. That
stops the ETW tracing, then scroll back at your leisure and see
what is accessing the drive.

For that to run, it should present a UAC box, as it needs
to be elevated (administrators group) in order to trace.

There should also be a "find" command in there, but at the
moment, I can't think of anything clever to look for. You're
going to have to eyeball what you see.

Note that it is "normal" for Windows to check the same set of
registry keys, over and over and over again. You might find anywhere
from 50-200 keys being checked. But, because of file caching of
the Registry files, there should not be any disk traffic. If for
some reason the cache wasn't working, then the LED on the C: drive
would go nuts. But that would not be a normal kind of failure.
This is why I suspect something real and tangible is loose on
your computer, which is why I'm suggesting tracing it.

*******

A worst case scenario, is you have acquired a copy of Locky
Ransomware from an email attachment. Someone in one of the other
groups had that happen. Apparently, the Ransomware in question,
did the old style file-by-file encryption. So if you got Locky
on the machine, that disk LED blinking, is all your files being
turned into unusable mush. Locky will present a dialog box,
saying all your files are encrypted, and would you like to send
0.3 bitcoins to a certain Bitcoin account number. This allows
a ransom to be paid, to have your files decrypted again.

This is why, in 2017, it's important to have full backups
of your computer hard drives, stored on an external drive which is *not*
regularly connected to the computer. Some people who had Dropbox
or something, Locky climbed up in there and encrypted whatever it
could find on there as well. Cloud storage is only suitable
for protection, if you can contact the cloud operator and
get an older version of the file. It's very difficult to
construct a backup system, which is totally resistant to
ransomware. Just to make you feel better.

I hope it's not Locky, and just a silly MSFT OS bug.

Paul
  #5  
Old March 22nd 17, 08:26 PM posted to alt.comp.hardware
VanguardLH[_2_]
external usenet poster
 
Posts: 1,453
Default External USB hard drive activity question

John McGaw wrote:

Or it might just be that PITA indexing going on.


Indexing is not enabled, by default, on removable storage media. You
would have to alter the Windows Indexing configuration to include the
USB-attached drive.

Use the Start menu searchbox to search on "index" and then pick
"Indexing Options" or pick that applet in Control Panel. Notice what
paths are listed for where the service will index what files. Not even
all the paths on an internal HDD/SDD get indexed. Removable devices are
not listed as included. You would have to click on the Modify button to
go pick the root of each drive that you want to index all of it, and
that includes having to select any removable devices or paths on them to
include in the indexing.

https://cdn.ghacks.net/wp-content/up...start-menu.jpg
https://cdn1.tekrevue.com/wp-content...-locations.png

Mine looks a little different on Windows 7 Home Premium. I also have
more internal SDDs and HDDs along with a USB HDD. Entire drives are NOT
selected, just some paths on them, and no removable drives nor any paths
on them are specified for inclusion. If there is indexing on an entire
drive or on a removable drive then you added it to the indexing config.

Because Windows indexing does NOT go hunting everywhere is why it will
not find some files you know exist by looking in Windows Explorer, a
command shell, or using another tool (Search Everything, FileLocator).
 




Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
External hard drive question..(how to) TD Homebuilt PC's 10 September 5th 05 02:21 AM
External Hard Drive Question Scott Gateway Computers 1 December 31st 03 02:23 PM
external hard drive question Edward Spand Homebuilt PC's 2 November 24th 03 06:14 PM


All times are GMT +1. The time now is 12:26 AM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright ©2004-2024 HardwareBanter.
The comments are property of their posters.