Hard drive help

[T@T]

I have 3 drives on this pc, C,D and E

I recently had that brutal windows vista recovery virus/spyware and managed to clean it out. but now my "E" drive shows no data but yet when I check properties it still says 139 gigs used. In Disk Management is says the drive is heathy and working properly. the other spare drive "D" is fine.

This drive has all my work stuff, huge tiff poster photos etc. Any help would be great.

[calumniate]

If this stuff is important to you I wouldn't mess around and take it to a data recovery shop before doing anything else. It may cost you though, but may not so much..

[Hack&Lube]

Quote:

Originally Posted by calumniate

If this stuff is important to you I wouldn't mess around and take it to a data recovery shop before doing anything else. It may cost you though, but may not so much..

It will cost him $1000-$5000 for data recovery.

Personally I would do raw clone of all the affected drives first as a backup and play with the clones to try to recover files.

Goto control panel, administrative tools, computer management, storage, disk management and tell us what that says in terms of allocated partitions on your drives.

[ricosuave]

^ would it be something as simple as 'mark partition as active'?

[sclitheroe]

When you double click on the E: drive via My Computer, do you get an empty window, or does it tell you there is an issue with the drive? If you looked in the eventlog, do you see any warnings/errors from NTFS about unreadable or corrupt drives?

It could be something as simple as permissions, which are preventing you from having permissions to view the folder contents.

[T@T]

Quote:

Originally Posted by sclitheroe

When you double click on the E: drive via My Computer, do you get an empty window, or does it tell you there is an issue with the drive? If you looked in the eventlog, do you see any warnings/errors from NTFS about unreadable or corrupt drives?

It could be something as simple as permissions, which are preventing you from having permissions to view the folder contents.

Everything I could find says the drive is working properly (even after checking for errors in DOS) and the folders seem to be there in DOS.

The only box not checked is "special permissions" but it won't let me change that!

Stumped big time.

[psyang]

Are you sure the virus was fully removed? I recently cleaned a laptop where the virus hid all of the icons from the desktop, and the contents of many folders. The owner feared all the data was gone. It ended up being a nasty rootkit, and once fully cleaned, the files/icons reappeared.

[T@T]

Quote:

Originally Posted by psyang

Are you sure the virus was fully removed? I recently cleaned a laptop where the virus hid all of the icons from the desktop, and the contents of many folders. The owner feared all the data was gone. It ended up being a nasty rootkit, and once fully cleaned, the files/icons reappeared.

I suspect thats the problem, I lost all my desktop icons as well but nothing comes up in a scan

[calumniate]

You may have cleaned the viruses but have you scanned for malware? Could try malwarebytes maybe..
http://www.bleepingcomputer.com/forums/topic398441.html

Maybe that 'unhide' download would work

[jayocal]

In addition to Malwarebytes, I highly recommend Spybot Search and Destroy.

http://www.safer-networking.org/en/home/index.html

[Hack&Lube]

Malwarebytes doesn't deal with rootkits well. It also gets targeted and disabled by a lot of viruses and malware. Spybot is pretty useless for the past few years.

First goto My Computer, right click on the drive, and goto properties, tools, error checking, and check all the boxes and run. If prompted to schedule disk check with restart, do so and reboot and make sure the check works.

First, run Combofix.
http://www.bleepingcomputer.com/comb...o-use-combofix

Get DrWeb CureIt to deal with any virus/malware and to detect rootkits.
http://www.freedrweb.com/?lng=en

If there are rootkits it cannot deal with, use GMER.
http://www.gmer.net/

[psyang]

Quote:

Originally Posted by Hack&Lube

Malwarebytes doesn't deal with rootkits well. It also gets targeted and disabled by a lot of viruses and malware. Spybot is pretty useless for the past few years.

First goto My Computer, right click on the drive, and goto properties, tools, error checking, and check all the boxes and run. If prompted to schedule disk check with restart, do so and reboot and make sure the check works.

First, run Combofix.
http://www.bleepingcomputer.com/comb...o-use-combofix

Get DrWeb CureIt to deal with any virus/malware and to detect rootkits.
http://www.freedrweb.com/?lng=en

If there are rootkits it cannot deal with, use GMER.
http://www.gmer.net/

Seconded. I had to use both ComboFix and GMER to clean my friend's laptop. It was a relief to see the icons/folders reappear afterwards. ComboFix (if I remember correctly) I just ran and let it do its thing. But I needed to do some research on how to use GMER to remove unwanted files.

[jayocal]

Quote:

Originally Posted by Hack&Lube

Malwarebytes doesn't deal with rootkits well. It also gets targeted and disabled by a lot of viruses and malware. Spybot is pretty useless for the past few years.

First goto My Computer, right click on the drive, and goto properties, tools, error checking, and check all the boxes and run. If prompted to schedule disk check with restart, do so and reboot and make sure the check works.

First, run Combofix.
http://www.bleepingcomputer.com/comb...o-use-combofix

Get DrWeb CureIt to deal with any virus/malware and to detect rootkits.
http://www.freedrweb.com/?lng=en

If there are rootkits it cannot deal with, use GMER.
http://www.gmer.net/

Spybot and MB have always seemed to work well for me. I fix a lot of friends, family and the odd client's computers. I guess I've been fortunate to not encounter a high end infection?

I'm looking forward to trying these out.

[Hack&Lube]

Quote:

Originally Posted by jayocal

Spybot and MB have always seemed to work well for me. I fix a lot of friends, family and the odd client's computers. I guess I've been fortunate to not encounter a high end infection?

I'm looking forward to trying these out.

For the usual everyday things (malicious websites, basic trojans, spyware, etc.) these two are fine but a lot of the more powerful viruses actually target MalwareBytes and mess it up or prevent you from running it. Spybot S&D was good for the Windows XP days when Windows didn't have UAC because their TeaTimer served a good function for protecting your system from authorized operations. It's still okay to run to get rid of smaller spyware problems.

On the other hand, there have been many occasions where those two completely let me down and you need to use more powerful tools so instead of wasting time scanning with the weaker tools, just use the most powerful and reliable software you can find.

Combofix usually deals with most issues very well without need to resort to anything else. DrWeb is one of the best antivirus programs that can deal with anything. What makes it good is that you don't install it. Everytime you need to run it, you download a new version that is constantly changing so viruses cannot disable it as many do to preinstalled antivirus' that they detect on your system. It also downloads as a random character executable each time (I think Combofix does that too). DrWeb also starts up in a mode that lets you use the program even if a virus has messed up all your control of your desktop, etc. It usually deals with rootkits as well but not as well as GMER which is the best free anti-rootkit tool out there but requires slightly more advanced knowledge to use.

Another thing to try if you want to stick with MalwareBytes is Super Anti-Spyware which mybleepingcomputer also recommends.

[sclitheroe]

Why not just pull the hard drive, connect it to another machine, copy the data off, and then reinstall Windows?

First priority should be getting the data back, not removing the malware.

[Hack&Lube]

^ Yeah that's what I recommended in the first place. His problem is that he can't see his data so he'll either have to make a raw image of the drive or figure out what's wrong with the filesystem first.

[T@T]

Quote:

Originally Posted by Hack&Lube

Malwarebytes doesn't deal with rootkits well. It also gets targeted and disabled by a lot of viruses and malware. Spybot is pretty useless for the past few years.

First goto My Computer, right click on the drive, and goto properties, tools, error checking, and check all the boxes and run. If prompted to schedule disk check with restart, do so and reboot and make sure the check works.

First, run Combofix.
http://www.bleepingcomputer.com/comb...o-use-combofix

Get DrWeb CureIt to deal with any virus/malware and to detect rootkits.
http://www.freedrweb.com/?lng=en

If there are rootkits it cannot deal with, use GMER.
http://www.gmer.net/

I tried everything here, Drweb found something but then the program crashed Tried it again and nothing.

Thanks for the links

Quote:

Originally Posted by sclitheroe

Why not just pull the hard drive, connect it to another machine, copy the data off, and then reinstall Windows?

First priority should be getting the data back, not removing the malware.

It's either because I'm lazy or I can't find my Vista disk

[Hack&Lube]

Quote:

Originally Posted by T@T

I tried everything here, Drweb found something but then the program crashed Tried it again and nothing.

Thanks for the links

It's either because I'm lazy or I can't find my Vista disk

Then you need to run DrWeb or other antiviruses on a separate system, not the infected system. You shouldn't be using your drive in your infected system anyway. You should be using it on another computer both for dealing with infections and for recovering your data.

Just plug the harddrive into another computer or laptop, it's very easy. You could even put the harddrive into a drive enclosure and connect it via USB.

I would still make a raw image of the whole drive first in case you mess up and really blank the drive. Your data is still on there, unless it has been overwritten.