Hard Drive Virus?

x1222

Member
Jun 24, 2010
39
0
0
So my sister got a virus on my parent's computer. It first gave a fake warning message saying my HDD was dying and hid all the files. I couldn't get rid of it so just reformatted the windows partition. The files stopped getting hidden, but the warning still came back. Also SMART HDD got disabled, and I started to have to press F1 at boot to get into windows, despite whatever the bios settings were.

Now a few days later, the computer is stuck in a infinite system repair loop and I can't reinstall windows either since it says the hard drive is failing.

I think it'd be too coincidental for the hard drive to be actually dying. What can I do to fix it? I'll probably do a complete reformat this time too. But I need to back up the files on first. Since it was able to affect my hard drive, bios, and survive a reformat, I'm worried the virus can hop onto another drive if I plug in the HDD to my computer. Anything I can do to prevent that? I don't have a burner on that computer either.
 

iPSiArt

Junior Member
Apr 17, 2012
1
0
0
Hello,

Format should take care of the SMART HDD virus, however, it is possible, that your HDD is either failing or has more viruses. You can try to use Avira AntiVir Rescue System (boot cd) and scan the hard drive. But if the hard drive is failing, you might need to change it to new one.
 

airdata

Diamond Member
Jul 11, 2010
4,987
0
0
I've run into similar stuff a couple times in the past year or so...

Some of these newer viruses do stuff w\ the MBR which makes cleaning them a total pain. There could be extra partitions as well that are accessed on boot...

In my case it was faster to do a format and reinstall. I'm not very experienced in the area of the MBR... Somebody may have a better strategy than to simply nuke it. I've just seen that it's extremely time consuming when the partitions and mbr are messed with.
 

Chiefcrowe

Diamond Member
Sep 15, 2008
5,046
177
116
You may need to completely wipe the drive with DBAN or a similar program and then reinstall, and then run drive diagnostics. That's what I would do, even though it takes a while!!!
 

Evadman

Administrator Emeritus<br>Elite Member
Feb 18, 2001
30,990
5
81
I have fixed the exact same thing several times for different people. I got tired of trying to find all the places the virus was, so I used dban to write zeros to the drive as chiefcrowe mentioned. That solved the problem.
 

Harvey

Administrator<br>Elite Member
Oct 9, 1999
35,052
30
86
I think it'd be too coincidental for the hard drive to be actually dying. What can I do to fix it? I'll probably do a complete reformat this time too. But I need to back up the files on first. Since it was able to affect my hard drive, bios, and survive a reformat, I'm worried the virus can hop onto another drive if I plug in the HDD to my computer. Anything I can do to prevent that? I don't have a burner on that computer either.

If the files on the drive are not irretrievably corrupted, here's how you can try to recover them safely to your own drive:

1. Be sure your own anti-virus and anti-spyware software is up to date, and scan your drive to be sure it's clean.

2. Use cloning software like Acronis True Image to clone your drive to another drive.

Acronis True Image is a program that can "clone" your hard drive. That is, it makes an exact, running duplicate of your hard drive. If your main drive fails, the cloned image can directly replace the old drive, or it can be used to reload everything, including your operating files, on a new drive without re-installing the system or your programs. If your hard drive fails or becomes irreparably infected, it WILL save your butt.

Seagate and Western Digital offer a version for their drives. In both cases, the only limitation is that least one of the drives in the chain (source or target) must be from the company offering the program. Seagate owns Maxtor so their version works for both brands.

Acronis True Image for Western Digital drives:

Info.

Acronis True Image WD Edition Program.

Manual.

Acronis True Image for Seagate and Maxtor drives:

Info.

Program.

Manual.

Note -- The cloning process is MUCH faster through SATA/PATA connected drives than by connecting through a USB port.

3. Boot to your own drive, and connect your parents' drive to your machine as a slave, do a deep scan on it, and delete any infected file(s). Don't try to rescue any of these.

Note -- PATA drives must be connected at boot up to be recognized, but most machines allow you to hot plug a SATA drive after it's booted up, which means your AV and anti-spyware will be active when you connect the drive.

The same is true for a USB connected drive, but it can take hours to complete a deep scan. Plan to do it overnight.

Once you have deleted all infected files, you should be able to transfer the files you want to rescue to your drive. "Should" is the operative word which is why you clone your drive before you start... just in case. :eek:

4. Download Delpart.exe.

Delpart.exe is a genuine Microsoft DOS based utility that was part of NT3 that WILL delete whatever is on a hard drive. It is no longer available from Microsoft, but you can download it. The only requirement is that you must be able to boot to a floppy disk or flash drive formatted to boot to DOS.

Download url.

User tutorial.

If you don't have a floppy drive, you can still use it if you create a bootable flash drive. HP used to give away a free utility that would format a USB flash drive to FAT16, FAT32, or NTFS. You can download it from extremeoverclocking.com as Ver. 2.1.8.exe. This file contains: the HP USB disk storage format tool, HPUSBFW.exe V2.1.8, which installs the Drive Key, the program that creates a bootable flash drive.

You will also need the required DOS boot files. You can download boot files for DOS 7 (Win 98), including COMMAND.COM, MSDOS.SYS, IO.SYS, a mouse driver, a CD-ROM driver, etc., from extremeoverclocking.com as win98boot.exe. You can also find boot files for this and other versions of DOS on bootdisk.com.
  1. Extract the files, and Install DriveKey.

  2. Place a copy of Command.com from the above extracted file in yet another folder under the folder where DriveKey is installed.

  3. Place the added files in a folder under the installed program folder required to do more than you'll need until you want to run DOS tasks that may require them.

  4. Place a copy of Mouse.Com in the same folder that contains only Command.Com.
When you run DriveKey, it will ask for the location of the boot files you want to use. For most DOS programs, all you will need is COMMAND.COM, MSDOS.SYS, IO.SYS and a mouse driver. Directing the program to that folder will create the bootable drive with only these files.

I have used this utility to create bootable flash drives for MS-DOS 6.22 and MS-DOS 7. It didn't work with DR-DOS.

Softpedia.com has a newer version of the utility, ver. 2.23 that I have not yet tested. You can download it, here, as HPUSBDisk.exe.

Good luck. :)
 
Last edited:

x1222

Member
Jun 24, 2010
39
0
0
Thanks for the replies, everyone. Arconis and DBAN seem like what I need.

I'm assuming DBAN and Delpart.exe will give the same end result?

I'll let you guys know if the HDD recovers. I'll probably buy a SSD for them, in case the drive is actually failing.
 

SecurityTheatre

Senior member
Aug 14, 2011
672
0
0
Thanks for the replies, everyone. Arconis and DBAN seem like what I need.

I'm assuming DBAN and Delpart.exe will give the same end result?

I'll let you guys know if the HDD recovers. I'll probably buy a SSD for them, in case the drive is actually failing.

First, get some bootable media (CD) that can do a drive diagnostic. That will eliminate the possibility it's some sort of boot sector virus that makes the drive look bad.

Then, to recover the data, I think a better solution than using Acronis to copy the drive would be to boot to a LiveCD and copy any files you need to an external drive from within that. Once you've copied the data, you can probably wipe the system from in there too.

Within Linux live CD, if you can get to the command prompt, the following command will wipe out the drive.

dd if=/dev/zero of=/dev/sda

This assumes the primary hard drive is /dev/sda (this is usually true unless you have multiple drives).

Hope that is useful.

In general, I'm loathe to suggest even mounting a drive or drive image within a fresh Windows installation that's all virus infested. Seems like a recipe to get re-infected.
 
Last edited:

Harvey

Administrator<br>Elite Member
Oct 9, 1999
35,052
30
86
First, get some bootable media (CD) that can do a drive diagnostic. That will eliminate the possibility it's some sort of boot sector virus that makes the drive look bad.

Or he could boot to a DOS boot disk and just run FDISK/MBR to restore the original Master Boot Record.

Then, to recover the data, I think a better solution than using Acronis to copy the drive would be to boot to a LiveCD and copy any files you need to an external drive from within that. Once you've copied the data, you can probably wipe the system from in there too.

I didn't recommend Acronis True Image to copy his parents' drive. I suggested he should clone HIS OWN drive before attaching the possibly infected drive to his drive to allow him to recover in case the infection jumped to it.
 
Last edited:

SecurityTheatre

Senior member
Aug 14, 2011
672
0
0
Or he could boot do a DOS boot disk and just run FDISK/MBR to restore the original Master Boot Record.



I didn't recommend Acronis True Image to copy his parents' drive. I suggested he should clone HIS OWN drive before attaching the the possibly infected drive to his drive to allow him to recover in case the infection jumped to it.

Ahh, thanks. :) Sorry I misread.
 

x1222

Member
Jun 24, 2010
39
0
0
I had the SMART HDD virus hit my desktop today. This is actually the first virus I have ever had infect one of my computers, no clue how I got it. I googled it and found this thread that walked me through on how to fix it.

http://www.bleepingcomputer.com/virus-removal/remove-smart-hdd

It seemed to work for me.

I got a different message than that one. I tried bleepingcomputers previously but didn't get rid of it, and my smart really was off.


I backed up everything, scanned the files I needed, and dbanned my HDD, and set smart to enable on bios, and it's still consider failing. So I guess my HDD really is dying. It is very coincidental. No problems on the new SSD.