Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
I have an unbootable HD with recoverable Data which might have been disabled by a HD failure-- or a virus.
[See Below for Details]
____________________________________________________________________
I’m Planning run the unbootable Win98 HD as slave on an XP PC & check it IMMEDIATELY with up-to-date Norton Anti-Virus; & then transfer the Data to the good PC [I’ve been using floppies til now.]My Questions:
1] Is there still a danger of infecting the good HD?
------------2]Or: Alternatively, if I try to reinstall Win98 on the bad HD to get it to boot:
Is there a danger it will damage my data?
Some say: Yes, others: No. [Disk is not partitioned]
___________________________________________________________________________
HISTORY of PROBLEM: [see my post #157420 for more.]ScanDisk had reported a problem with a long filename
& that a Disk Utility had locked the disk--but there were no background running programs.Then I couldn’t boot Windows, not even into Safe Mode.
I did get into DOS from an Emergency Recovery Floppy, but Sys C didn’t help [-did not restore 3 bootfiles.]I then complicated matters by allowing DOS ScanDisk to “repair” the Directory structure & rename most of my directories w DOS style names-- which I believe Windows won’t recognize.
mmm a boot virus? i got a simular situation in that i want to recover data from an old hdd i saved from an old 386... i want to read the drive with my XP machine and scan and clean it and then recover the data, the old hdd has a boot virus... empire monkey.b
0 
If you're just interested in recovering files, should be no problem. You won't be booting from a slave drive, so I would think that pretty much disables a boot sector virus from being activated.
You can run disk utilities and virus scans on the drive once it's slaved to a working system.
You won't get too far installing Windows on this drive if you can't even get it to boot to DOS first - any damage has already been done, slaving the drive won't make it worse.
0
Thanks,jboy:
Just to clarify:
I was proposing 2 separate plans:
1] Move HD as slave to good PC [& P.S.:I'm also concerned about viruses other than Boot Viruses]
,or:2]Leave HD in old PC & try to reinstall Windows-{I believe I AM getting it to boot to DOS-?: I can access directories & make copies of files & run ScanDisk }
An experienced friend insists Windows will then overwrite my currently salvageable Data!--if HD not partitioned.
0
Well, it's not a matter of belief - if the hard drive boots to a command prompt, then yes, you're booting to DOS. You mention 'sys c:' not helping, which could mean a boot sector problem which would have to be addressed before installing an OS.
Reinstallation is an option, odds are whatever files you're trying to recover won't be harmed - but slaving the drive is even safer.
Either way though, the file structure sounds like it's in disarray - it may be nearly pointless to try and preserve it. I'd recommend get whatever files you need from the drive (no doubt a task in itself) and proceed with repairs or a clean installation afterwards.Virus aren't spread by 'contact' - you can have a totally infected hard drive slaved to a system safely - as long as you don't execute any infected files. You'd certainly be safe enough to give the disk or specific files a thorough AV scan.
Reinstalling Windows should only overwrite system files - personal files (photos, documents etc) would likely remain in the same shape that they're in now. Not so sure about things like 'favourites folder' or email address book since they're part of the Windows install.
'if HD not partitioned' - the drive is already partitioned, likely as one big partition (commonest), 100%
Do you mean removing and recreating the primary partition? That would wipe the drive completely, removing all data (and potential virus too).
0
Thanks,jboy,Very helpful reply! I understand & agree with your points:
You said:“boot sector problem… would have to be addressed before installing an OS”—
I thought windows would supply all needed files?—Further comments?I’m just being cautious about any unforeseen accidents-- that might allow virus to spread if I move HD.
Is there such a thing as an Virus detection app that would fit on a single floppy [or floppies??]I also might add a new HD as master to my problem PC & install Windows on the new master HD;then ck for viruses on the bad HD, running as slave.
0
Hi Roark
Win9x is dependant on DOS to boot the system - during the initial scandisk, if it encounters an error that can't be corrected, the installation won't proceed.
It's hard to say just what condition this drive is in - it may be ok - you're at least able to navigate the disk. However, the problems you'd encountered may be indicative of ongoing hardware failure.
The boot sector is a special part of the hard disk - some further info here
You'd mentioned the 'sys c:' didn't quite work - that is not encouraging. Another method to repair the boot sector of a hard drive is
fdisk /mbr
.. although generally harmless, on some systems it can make things worse.
At any rate, slaving the drive to a working system should bypass many of these difficulties and allow you to attempt repairs and to scan for virus from a Windows interface. Either method would be fine - slaving it to your XP machine or to a freshly installed 98 system.
If you're interested in DOS level AV on floppies, F-Prot for DOS would fit the bill. Instructions for floppy preperation here.
0
jboy:Great! I've been to sites you referred me to & downloaded f-prot & latest virus def.--But I can't figure it all out yet--have you used it?
Is f-prot meant for use when you can only boot to DOS & not Windows?
Can f-prot be used in DOS mode somehow in conjunction with an Emergency Recovery Floppy? ...Stinger's files are read from the same Emergency Recovery Floppy Disk or separate one?
0
No, sorry, not recently - my systems stay remarkably virus free, but F-Prot has enjoyed a good reputation for many years (certainly before I'd ever owned a PC).
From that alt.comp page, it would appear that you boot the machine from the 1st floppy and execute the f-prot like so:
F-PROT /LOADDEF
(more instructions on that site)
Of course, you can have the files on the hard drive and run from there - the purpose of running from floppies is to ensure that the program itself hasn't been corrupted due to virus attack or HDD damage. Newer bits of malware will actually target & disable AV and Anti Spyware products.
Running from floppies will be fairly slow.While I'm sure it would be fine to be run from a DOS boot, can't swear it would be ok from a DOS prompt run from within Windows (probably be ok). If you're able to run Windows, may as well run a Windows AV scanner.
Stinger is supposed to be good as well - it never hurts to run different AV programs consecutively just to cover your bases, it may not be a good idea to have more than one active at the same time.
Probably the folks over in Security & Virus could field some of these questions better than I can.
0
More Thanks!-- I'm learning a lot--didn't know about alt.comp page & "folks over in Security & Virus"---at computing.net?
Don't know how you can the take time to "do my thinking for me" -but 's appreciated.
-------------
For benefit of others w same problem,here are 2 replies I rec'd from JT at allexperts.com:
JT #1:
You have the classic case of "What does a computer do". Computers multiply errors so fast that the human eye cannot see them or the brain comprehend them. I hate to give you really bad news but here it is, Your data is probably all trash at this point and very little of can be recovered without hours of sifting though raw sectors on the disk. The partition table on the disk appears intact at this point but there is not even a guarantee on that. What has happened is that your FAT table got corrupted and then scan disk scrambled what was left by attempting to use the alternate table that is store by MS for situations like this....Doesn't work well unless the original FAT table is completely unreadable and then the alternate table can be used. I would recommend FDISKing the drive and starting over.Since that is not what you want to hear, I will answer your questions and allow you to try and see if any data is recoverable.
1) There is a danger of infecting a good system if you connect an infected drive to the system. It depends on the virus that is present on the drive and how much the bios attempts to read from the drive while booting. When your system is booting your virus scan is not resident and running until it is launched by the OS. Prior to that point the Bios routines could launch a virus while checking for a boot partition or some low level drive diagnostics. Granted there are only a few viruses like this that have made it into the wild, but they do exist...Be careful but you can try attaching. (Ensure you have a good backup of the system, and do not launch even explorer on the drive before scanning till it hurts)
2) There are several stand-alone virus scanners. most of them will only look for specific viruses but Mcafee has what they call the "Stinger Tool". It looks for the "HOT List" of viruses that are active at the time you download it. The current version scans for 40 viruses and is good if the virus you have is on the list. Download and instructions are at http://vil.nai.com/vil/stinger/
3) If you re-install on the drive you will probably overwrite any data that is still on the drive (see comment above about sifting through raw sectors for data). I would try this as a last resort before FDISKing the drive. If this does work and some data is recovered you will still want to FDISK the drive and reload OS after your recovery attempts. You cannot trust the structure on the drive any further than you can throw it at this point.
I feel bad having to give you all this bad news, but I'm sure others have said the same thing. There is no magic bullet available other than a good backup. Not a warm fuzzy backup, but a good bit by bit, verified, validated, error checked backup. I do not believe that this started with a virus, I would say that it probably originated more with a disk error or power glitch that caused a soft error on the disk and then the utilities took over and completely scrambled things. It's hard not to say FIX when a utility asks you, but you have to show restraint and not auto fix until all other options have been exhausted including a good backup at the point of the error before trying the auto fix options.
_______________________________________________________________
JT #2 :
First “my bad” on the Stinger tool, Stinger only works under windows. You can load windows 98 from three floppies, but not worth the trouble at this point. Again I don't think you have a virus that caused this problem. If you would like to check out a lot of DOS utilities for virus scanning see http://ciac.llnl.gov/ciac/ToolsDOSVirus.html . Unless a virus scan finds a boot sector virus do not allow the program to make any changes to the disk.Very important point: Do not make any changes to the disk. Do not rename, delete, create or change the contents of the disk in anyway at this time. Doing so could prevent you from recovering anything else from the drive.
You say you HAVE recovered 50 files using floppies...
Granted most of the files on your drive you don't need to recover, you only need to recover "data" type files. I'm assuming that you are trying to recover word docs, photos, email and such. If you are trying to recover programs or use the disk without formatting and reloading...forget it. You need at this point to make a plan listing what you hope to recover, everything that you can remember that you had on the drive that you can not replace from another source. Try to keep the list as small as possible because each file you list translates to some time spent finding it. Some of the files will still have the same name, some will be in .chk files and some will probably be in strange looking file names.At this point unless you are only looking for a very small number of files you need to get that drive attached to a system where you can use some tools on it. DOS copy c:\xxxx\xxxx\xxxx a:\ gets very old quick and type c:\xxxx\xxxx\xxxx | more will only work if you are looking for doc or txt type files. Trying to view the contents of some files would also be impossible to tell if they are intact or not. I would attach the drive as a slave to another computer that I'm sure I have a good backup of. Immediately run a virus scan on it when the system boots and then copy all of the files on it to the primary disk. You will probably get some errors during the copy process. Some files are probably in the directory structure but not on the drive. Sift through the files looking first for the obvious files that you are looking for. Then sort though the files that you've copied over looking for anything that looks close to items you want. Then try a search / recover tool like IOLO's search and recover available as a try and buy for 30 days at http://www.iolo.com/sr/download.cfm . Most of the tools you'll find are for deleted files, but they work because they scan the drive looking for pieces of the files not just looking in the FAT for deleted items.
JT
0
Hi Roark
Some good information there from JT - he's far more eloquent than I, but we're more or less in agreement.
Scandisk made mush of your directory structure, and recovery of all files will likely not be possible.
One tool that may help is the venerable List from Vernon D. Buerg - it's a general purpose file viewer that lets you examine a file's contents.
If the files your attempting to restore are executables you may not have much success - but ZIPs, text and picture files can frequently be recovered in good condition.
I didn't believe there was much chance of infection from a slave drive, but apparently it's not inconceivable.
0  |
 Blank screen
|
Question on USB Wireless
|
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |
