Slashdot is powered by your submissions, so send in your scoop

 


Forgot your password?
Close
typodupeerror
×
Bug

Journal FortKnox's Journal: HELP!!! 23

Journal by FortKnox
My windows (gaming) box got hit with a Virus last friday. Being the stubborn guy I am, I was too late in installing the virus software. Now I can't even get windows up and running.

I had a second harddisk in the box, so I made that the primary (and my main harddisk slave, unattached), installed windows on the (new) primary drive, and cleaned it up. Now I just needed to attach the infect hd as a slave and clean it up with the primary. Only problem, is that windows doesn't recognize the drive or that drives partitions!

I ran some harddrive utilities, and it recognizes the drive (as does the BIOS), so the hd is physically attached correctly (and the jumpers to slave it are right). I went and d/l'ed some "recovery" software (which is a demo, so I can't recover anything, just see what I could if I droped $450 on the software), and it looks like all the data is still there, and the partitions are good.

What I need help with is getting windows to recognize my harddrive. My wife and myself have some important stuff on it, and I'd like to try to save it all, if possible. I -think- the virus changed one little thing in the partition table to make it so windows doesn't recognize the drive at all, so maybe I need a program to repartition the drive, or reset the FAT tables (?) without destroying any data on the disk. Any ideas at all? I'm running kinda desperate.
One thing, though, I don't want to spend a crapload of cash...

Any help is GREATLY appreciated...
This discussion has been archived. No new comments can be posted.

HELP!!! More

HELP!!!

Comments Filter:
  • or you will have problems. See if you can still boot from your former main(now the slave) drive. If so, back up all your data, then wipe that drive, then add it to your computer as the slave.


    BTW, in this post [slashdot.org], I slammed the editors for their moderation bitchslap-fest, and also specifically Michael's post attacking you for making too many comments. My userID is close to yours and I've been here since 1999. Thats less than a single post per day, but apparently thats enough for him to tell you to get a life and stop hanging around Slashdot so much.

    • I just need to clean the drive up (from the virus). Then I'll put it back as the primary drive, reinstall windows, and clean my backup drive. So all I really need is for windows to recognize the drive and partitions.

      About the michael thing, I just brushed it off. He has sooo many problems ever since the whole 'censorware project' debacle. No hair off my chest if he thinks that way. Honestly, when there is an article that I'm interested about, I usually post one or two posts to it with my opinions, then defend them when people argue. I'm ballsy, stubborn, and forward. Its my personality. He can think what he wants. I think he's sneaky, coniving, and powerhungry... don't let him bother you that much.
      • Have you tried linux? I had a very similar thing happen to a drive, however I can't remember if it was from virus or not. I put the drive in a linux box and mounted the partitions from the (now slave) drive - moved the files off that I needed then fdisk'd it clean. Then put it back in the orig. computer and did a fresh install of windows. Once windows was up and happy, I used samba to get the files off the linux box, however a simple ftp would work for you as well.

        If you have a p100 laying around (don't worry about the BIOS not seeing the full size of your disk, as linux can just overlook that, just put the drive into BIOS as a simple 500 megger or something) and have access to linux (download, borrow, near a local college, etc.. just get another HD big enough for a base install of linux - you don't even need X windows.
        • I do have a linux box (P100, 124MB RAM, SuSE 7.2). Its my web/mail server that also hosts a mud. The big problem is that I don't have another large HD (nor do I have a CD Burner) to put all the data that needs saving. I'd like to see if I can save the whole drive, if possible.

          Someone suggested that I try partition magic. Have it repartition the drive without clearing the data. I may try that...
      • So all I really need is for windows to recognize the drive and partitions.


        But you won't be able to do this if it is attached as a slave drive. Windows(at least the last time I tried it it was this way) can't deal with another Windows partition on the same system.


        Your best bet in this case would be to boot from a boot disk(with the virus damaged drive as the only drive), clean up your hard drive(Symantec has a free virus cleaning tool that runs under DOS), then reinstall Windows if any system files were corrupted.

        • I tried booting from a DOS disk, but still couldn't recognize the disk...
          • Then partition magic probably isn't going to do much good, either. Have you tried booting the machine with a linux rescue disk? If you can get fdisk going, you might be able to fix the partition table (just one fat partition the entire size of the drive?)
            • I can get windows version of fdisk working (it recognizes the disk as having 1 NON-DOS partition). Its 3 partitions (2 5GB, 1 10GB partitions). HD rescue disks (I have a samsung drive with samsungs "Disk-Go" diskette) recognizes the partitions, but repartition deletes the data. Can I reset the partitions without clearing the data with fdisk??
              • Forgive me for asking the obvious, but which Windows do you have? Do you have an NTFS partition? If yes, a DOS disk won't do you any good and using Linux would be pretty risky.


                You would need to reinstall NT/2000/XP, without formatting if you don't have your repair disks.

                • Don't scream, but ME (it never gave me any trouble before). Its my gaming box (and my wife uses office on it). All of my wife's papers and stuff she did for her church (and didn't make backups of) is still on the bad disk.
                  • "did for her church"?

                    Wow. I'd figure that for being such a PITA shit stirrer on /., you would have to be totally anti-establishment. Just goes to show that you never really know someone online.

                    I must say, in some weird way, this raises my estimation of you (even if it is 'just' your wife's church, not yours. And even if it is one of those pagan goatse.cx churches:)
                    • Heh. Yeah, I'm actually a christian (born catholic). I try not to let it out on /., seeing that everyone would lynch me. I'm no "born again" super fanatic or anything. I didn't see hairy potter, cause my inlaws are preacher and I didn't want to offend them. But I believe in evolution (being an engineer and all), and science fiction and fantasy are great. I love RolePlaying, and RPG games. So, yeah, I'm a christian, but you wouldn't of known it unless you saw me going to church ;-)

                      PITA? Personal integrated technological ass? ;-)
                      (I'm bad with acronyms)
              • Ah, non-dos partition you say? That sounds strange. Under normal circumstances, you would expect to see one primary dos partition, then an extended dos with the other logical partitions in them.

                >Can I reset the partitions without clearing the data with fdisk??

                No, this is probably not going to work. In theory, fdisk just writes the partition table, so if you were able to re-create the correct partition values, it might be able to set things right without wiping the data.

                I would be interested to load up linux fdisk and see what the 'non-dos' partition type really is. Have any idea which virus did this? I've heard of some that can blast the partition table like this but I've never had any first-hand experience.

                Which anti-virus prog are you going to use to glean this up with? I have norton and you can create rescue disks that you can use of your machine won't boot, presumably so it can repair problems like this. Been a long time since I had to deal with anything like this (learned my lesson when michelangelo burned me many years ago).
                • > it might be able to set things right without wiping the data.

                  Ok, didn't finish my thought...

                  ... it might be able to set things right without wiping the data, but with the 3 partitions you say you had, I wouldn't expect this to work correctly.

                  (I was thinking with one partition across the whole drive, you would be pretty certain of the start and end cylindar values, and you might be able to rebuild the table without losing the data inside.)
          • You did change the jumper back to master when you put your virus damaged drive back as the only drive, right?


            If that's the case, and a DOS disk can't see the system, but the recovery program was able to view your files, you still have a few options.


            1) Boot from the DOS floppy, run "fdisk /mbr"(formats the master boot record) and reinstall Windows. This will restore the MBR, and it won't write over any data unless you saved things in \Windows. But only do this if you can reinstall Windows without formatting.

            2) Boot from a Linux boot floppy, as others have suggested, and see if you can read your drive with Linux.

            3) If neither of these sound like something you want to try, you'll have to fork over some $ for a recovery program.

    • I think the problem you have in mind is more than one *primary* partition on the master drive. Windows doesn't like that.

      I have done this before where I've taken master drive and set it as slave without problems. I've used drive copy to upgrade a machine to a larger drive before. You take the new larger drive and set it as master and take the old and mount it as slave, then boot with the utility disk that copies the windows partition from the old drive to the new. You set the new partition on the new drive as 'active' and then the machine boots (windows is still on the slave at this point).

      Then, you can re-partition and format the old drive to your heart's content.
  • Looks like we've exhausted other options in this thread. Bummer. :(


    However, you probably don't have to pay $450. Ontrack's [ontrack.com] Easy Recovery personal edition is $179. Still a chunk of change, but you'll get your data back.


    If you have less than 25 files to restore, their Personal Lite is only 29.99.


    And for the love of God, man, back up your files from here on out! Choose backing up over sleep, food or sex.

  • Have you tried Powerquest's Partition magic? It used to be reasonable (~$30), but I haven't had a need for it in the later versions... It will allow you to create, resize, and move partitions without losing data. It was a great tool to have when I needed to resize all those 2GB partitions when I moved to FAT32.
  • use a small linux distro that will fit on a floppy, such as tomsrtbt (http://www.toms.net/rb/). Just boot it up, mount both the hard drives and copy all the data you need.

Slashdot Top Deals

"If it ain't broke, don't fix it." - Bert Lantz

Close