MTM2.com

A forum for mtm2 discussion
FAQ :: Search :: Members :: Groups :: Register
Login
It is currently Mon Nov 25, 2024 1:24 pm



Post new topic Reply to topic  [ 11 posts ] 
Author Message
 Post subject: Filesystem bug or virus, you decide
PostPosted: Mon Nov 19, 2007 9:37 am 
Member
User avatar

Joined: Sun Oct 16, 2005 4:39 pm
Posts: 1822
Location: Winnipeg Manitoba, Canada
I'm sure you can tell my signature is down, this is because on saturday I purged some logs from my server, then restarted teh computer, when it restarted it said it couldnt find any of my desktop or startup folder shortcuts except my FTP server and APache, the two programs running when I shutdown, i also had my log updater running, but now the shortcut can't find it.

So thinking this was just a windows glitch, I restarted again, same problem, so I tried a cold boot.
On the cool boot, it wouldn't start up at all, I tried several times, it would die before it even started the POST (before it would even count the RAM). Sunday night I managed to start it again, it fired up, same problem. Its not a windows glitch that the shortcuts cannot be found, every single EXE file on my D drive has been deleted. Save for maybe a few, example frontpage, MSWord still load, excel wont, every EXE file in my server folder is gone, my only existing copies in the world of IE5.5SP2 for win 95 are gone, but I still have the extracted installer which is made up of many EXE files but were untouched.

If I had to guess I'd say over 1000 files have been deleted.
These programs all existed before I restarted the computer. They were gone afterwards, an actual delete opperation liek this would take about 5 minutes to complete and would mean a lot of hard drive and CPU activity, none of this ever happened while it was booting up.


SO whats the problem?

_________________
Image


Top
 Profile  
 
 Post subject:
PostPosted: Mon Nov 19, 2007 4:04 pm 
Glow Ball
User avatar

Joined: Tue Feb 02, 1999 7:00 pm
Posts: 23
Could be a few things. If it's a virus or worm, then it may have been scanning the registry to find the location and then deleting any executables it came across (which accounts for why things like the installler were left untouched). On the other hand, if it's the file system, then I'd say either the hdd is showing signs of weakening or something has damaged the MBR (if that's what it's called) and/or the file table. What to do? If the first, then you'll probably have to format. If the second, you can try one of those untilities the hdd makers have around that will re-write the important areas on the drive, then reformat.... and if that fails, it's probably time for a new drive.

That's my two cents anyway.


Top
 Profile  
 
 Post subject:
PostPosted: Mon Nov 19, 2007 4:41 pm 
Member
User avatar

Joined: Sun Oct 16, 2005 4:39 pm
Posts: 1822
Location: Winnipeg Manitoba, Canada
well, i cant see it being a virus with the registery, cause soem stuff liek my downloads folder, is jsut a file, not in registry,

possible damage to MBR but the MBR generally jsut tracks your partitions, its a single drive with 2 partitions, the C drive is perfectly fine, the D drive is the one that got messed up. Scan disk claims folders on the D drive as damaged, I did the dos version of scan disk with auto fix etc turned on, ill check tonight, it might have foudn the exe files as lost clusters, if thats the case I migth be able to get many of them back.


The files were all there before I restarted my computer, and gone afterwards, I find it hard to believe a virus coudl work that fast without taking up huge CPU and HDD time. But, if the drive is damaged, why only EXE files? the EXE's it left behind seem random, some used consntantly, some never used

_________________
Image


Top
 Profile  
 
 Post subject:
PostPosted: Tue Nov 20, 2007 4:22 am 
Member
User avatar

Joined: Thu Apr 19, 2001 2:01 pm
Posts: 695
Location: USA and Proud of it.
Only EXE files and your logs (which u asked to be deleted) were deleted?

How could only exes be deleted if you had 1000 files deleted? That's a lot of exes for one computer - esp not counting the C: partition.

If your computer sometimes doesn't pass POST and sometimes boots all the way to windows then your MBR is fine as you need your MBR to boot windows and there is no way a bad MBR could cause the computer to not finish the POST.

The missing files sounds like a bad disk or at least corrupt file system. The not passing POST sounds like bad hardware of somesort.

So, it kinda sounds like some bad hardware that caused a file system corruption - due to killing windows before it had a chance to properly close the file system.

It basically has to be bad hardware - otherwise your system would pass the POST.

I'm no virus expert but It'd have to be some nasty virus to mess up your BIOS. Flash a bogus rom or soemthing.

There's little reason for a virus maker to want to kill your computer. What good is your computer to him if he kills it? He can't use it for spaming or ddosing or anything useful.

I'd try booting a live linux - and looking at the NTFS/FAT from that OS. That'll tell you two things - does the system boot properly - and does the filesystem look ok to linux.

Good luck man, sucks when a computer dies. Hope you have a backup more recent than mine - I haven't backed up in about 6mo >.< I'm living on borrowed time. ::knock on wood::

_________________
Keep on MTMing,
CH_2005
<a href="http://ch.mtm2.com/">Visit my site</a>


Top
 Profile  
 
 Post subject:
PostPosted: Tue Nov 20, 2007 9:35 am 
Member
User avatar

Joined: Sun Oct 16, 2005 4:39 pm
Posts: 1822
Location: Winnipeg Manitoba, Canada
nah my backups are pretty old, and its nto that POST is failing, its failing to even start POST, it will display the mobo name and freeze there, it hasn't done it again, i've cold booted twice now... no missing clusters on the drive, so that didnt work. I got it hooked up via USB to my laptop, gonna try that nowm I can try Knoppix on it but it runs liek a brick ***thouse lol, Lniux got this stupid thing that if a process takes to long to load, it cancels it, well guess what, everything takes a long time to load on a 200mhz machine.

_________________
Image


Top
 Profile  
 
 Post subject:
PostPosted: Tue Nov 20, 2007 10:26 am 
Member
User avatar

Joined: Mon Jul 02, 2001 2:01 pm
Posts: 1426
Location: Lost in Translation
I remember once, in XP, for some reason after i rebooted i couldn't access a whole partition.

I mean it was there, i was able to see it, i was able to see my files and folders like it was before the reboot but i was not able to access any of them. Not a single one.


I don't remember much of what i did but in the end i had to use a file recovery program that saved almost all of the files without any corruption.

And it wasn't a virus because i triple checked and nothing was found.


Top
 Profile  
 
 Post subject:
PostPosted: Tue Nov 20, 2007 10:52 am 
Member
User avatar

Joined: Sun Oct 16, 2005 4:39 pm
Posts: 1822
Location: Winnipeg Manitoba, Canada
do you remember the program?

The computer has needed a reformat for a long time, but I set it up to be able to format C at any time without losing anything, losing the D drive is a big hit


ch_2005 wrote:
How could only exes be deleted if you had 1000 files deleted? That's a lot of exes for one computer - esp not counting the C: partition.

Just saw this
It was my "programs" folder which houses every single program I've ever made, dependencies, and pretty much everything I have, the folder itself is still about 7 gigs big, and thats all DLL files that are left and source code, because the EXE files are all gone. TO guess I think it was about 10-12 gigs before this problem

All told there is about 6 million files on my D drive

ANd according to my scandisk log, there was 4000 folders damaged, which means there was at least 1 exe in every folder, probably more than 1, so that makes the damages excede 4000 files.

_________________
Image


Top
 Profile  
 
 Post subject:
PostPosted: Sat Nov 24, 2007 2:38 am 
Member
User avatar

Joined: Sun Oct 16, 2005 4:39 pm
Posts: 1822
Location: Winnipeg Manitoba, Canada
good news all around, the new linux server is running pretty good, as a server its pretty good, to try and use, its hopeless, too god aweful slow lol, i did install the gui obviously tho cause I know dick :p, but I did find a nice gui interface for the FTP portion, and for apache, well it was totally different from my 1.4 version, so it took some more playing around with to get nice, still havent bothered with the error pages though, I'll do them later :p

_________________
Image


Top
 Profile  
 
 Post subject:
PostPosted: Sat Nov 24, 2007 5:52 pm 
Member
User avatar

Joined: Mon Jul 02, 2001 2:01 pm
Posts: 1426
Location: Lost in Translation
Ontrack Easy Recovery Pro 6 it was.


You can format a partition and then use this program to recover everything as long as you don't write anything new on the partition.


Top
 Profile  
 
 Post subject:
PostPosted: Sat Nov 24, 2007 6:44 pm 
Member
User avatar

Joined: Sun Oct 16, 2005 4:39 pm
Posts: 1822
Location: Winnipeg Manitoba, Canada
im gonna guess this isnt a free program

_________________
Image


Top
 Profile  
 
 Post subject:
PostPosted: Sat Nov 24, 2007 8:37 pm 
Member
User avatar

Joined: Mon Jul 02, 2001 2:01 pm
Posts: 1426
Location: Lost in Translation
nope


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 11 posts ] 


Who is online

Users browsing this forum: No registered users and 52 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group