Overclock.net banner

1 - 12 of 12 Posts

·
Registered
Joined
·
249 Posts
Discussion Starter #1
Hey,

The other day i was using my computer, the usual stuff, msn, gaming, internet, and then this popup came up from the bottom right of the screen saying "malicious software detected" then i clicked the "more info" and it showed the path to some "trojan.exe" in system or system32, then i clicked "search for additonal information of this file on the online database" or something like that, then the screen went black for 3 seconds and rebooted, then windows started loading and rebooted again, and since then i cant get to windows.

I booted from the windows 7 CD and it doesnt detect my HD.
I tried the "repair", it didnt worked.

now im using some Linux Live CD's i have, Gparted says 400GB of my hd (my DATA partition, where i keep all my important stuff) is "Unknown" File system, and i cannot mount it
confused.gif


Is there any way to recover the lost partition(s) or files? // Mostly media, projects, ebooks, games, music etc.
Was this caused by a hardware malfunction or a trojan?
rolleyes.gif


Please give me some advice, im a bit desperate
wink.gif
 

·
Registered
Joined
·
441 Posts
Look into some software for data recovery. There are pieces of software that will dig through a drive (that is not booted to of course) and take the literal data off of the disc. When you 'format' a drive, the data doesn't disappear, it just gets ignored. But as you write data to the drive, the old data gets over-written. So simply stop using the drive and use one of those programs. A piece of software we use at work is R-Studio, but it costs and is not free.
 

·
Opinion8r
Joined
·
1,129 Posts
The pop up was it your anti-virus/spyware program or just something that looked like windows.

So you cannot boot into last known good or safe mode with windows (Tap F8 during boot)?
 

·
Registered
Joined
·
5,415 Posts
The thing that popped up at the corner and was saying "malicious software detected" is actually a malware or whatever it's called. I think you should try to boot into safemode and run malware/spyware cleaner. There's Malwarebytes for free, u could use it.
 

·
Registered
Joined
·
1,297 Posts
Quote:
Originally Posted by lkegley9;13100247
Look into some software for data recovery. There are pieces of software that will dig through a drive (that is not booted to of course) and take the literal data off of the disc. When you 'format' a drive, the data doesn't disappear, it just gets ignored. But as you write data to the drive, the old data gets over-written. So simply stop using the drive and use one of those programs. A piece of software we use at work is R-Studio, but it costs and is not free.
I thought that just applied when you do a quick format, actual format writes zeros to the platters right?
 

·
Premium Member
Joined
·
2,794 Posts
Do you have access to another computer? If you do make sure your antivirus is up to date and then put the hard drive in there as a secondary drive. You can then try to browse to your storage partition and also you can try to clean the malware that is on that hard drive using malwarebytes or another good cleaner.
 

·
Registered
Joined
·
249 Posts
Discussion Starter #7
I cant get to windows in any way, i have tried everything, only drivers, safe mode etc, and the windows 7 DVD wont even detect my HD.
The popup was the Windows defender or something like that. It looked like a windows thing and the name was familiar thats why i clicked it. I regret it now
frown.gif


Aawa thats what i thought, but booting from a live CD is the same thing and i cant mount the partition so i dont have access to the files.
 

·
Premium Member
Joined
·
14,173 Posts
Yeah, that's called Rogue Software. Gets the best of us, and the best way to learn to avoid it is experiencing it.

Can you access your hard drive from another computer to run an external scan?
 

·
Registered
Joined
·
249 Posts
Discussion Starter #9
i could download some linux app's and run them from the live CD, or i could take the HD to my friends house and try some, but i was trying to find a solution from the live CD if there is one.

And if i were to access my HD from another computer, i wouldnt know what to do with it... it has 400GB of "unknown", windows cant detect it, only thing i could think of is to format it in linux, then create new tables and try to recover the data after that...
 

·
Registered
Joined
·
514 Posts
I'd suggest you to use Pandora Recovery. It's free and works perfectly with my SD cards. It's supposed to work with HDDs too...

You can see how to use it here:
.
 

·
Banned
Joined
·
4,313 Posts
Quote:
Originally Posted by fg2chase;13100320
I thought that just applied when you do a quick format, actual format writes zeros to the platters right?
Nah, only a secure erase does that and even still you need multiple passes to "securely" erase it.
Quote:
Originally Posted by Aawa;13100335
Do you have access to another computer? If you do make sure your antivirus is up to date and then put the hard drive in there as a secondary drive. You can then try to browse to your storage partition and also you can try to clean the malware that is on that hard drive using malwarebytes or another good cleaner.
Yeah try this or if you have a spare hard drive you can install windows on it and install Avast free edition and Malwarebytes to scan the partition. If the partition is truly corrupted and you can't read anything from it, I've used GetDataBack with good success in recovering data. Someone else might know a good freeware alternative.

Trojans don't usually wipe your hard drive. Viruses tend to do that. It's much more valuable to spy on you and steal your personal information and or make it a botnet zombie. It does sound like you were using Internet Explorer and a popup pretending to be your virus protection tricked you into installing the malware on your system. You really should try out Chrome or Firefox.
 

·
Registered
Joined
·
249 Posts
Discussion Starter #12
Quote:
Originally Posted by PoopaScoopa;13101145
It does sound like you were using Internet Explorer and a popup pretending to be your virus protection tricked you into installing the malware on your system. You really should try out Chrome or Firefox.
Hey man, thanks for the help, but i dont use IE since i found about Netscape in 96', now i use FF with adblock +, noscript, firebug etc I dont like chrome.

Luckily a friend gave me the solution i was looking for

Code:

Code:
//for slitaz, the live cd i was using:
tazpkg get-install testdisk
It fixed my partition table, and i got everything working exactly as before, as soon as i booted into windows the same trojan message came up, i selected "clean system" this time, here theres a pic:
 
1 - 12 of 12 Posts
Top