×
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
  • Students Click Here

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

Jobs

getting to data on drive after win 32 pave 64A attack
3

getting to data on drive after win 32 pave 64A attack

getting to data on drive after win 32 pave 64A attack

(OP)
double dipping a bit here, sine I also asked in hardware, but I am nearly desperate.
A virus, according to Windows Defender Win 32 .pav 64A, hit me early today. The drive is recognized by the Windows XP Start u p disk, which, however, will not run repair on it because it is inelligible for an upgrade (???!!! Huh??) Except for the Windows start up disk, the drive is visible only to the bios, but not in the management console and is not picked up by various restoration software. Probably the partitions are gone?

I've upgraded to w7 on a new drive, but I wonder how to get the data off this one, aside from a recovery service, which is financially out of the question.

BTW, the trojan got past a firewall, two virus programs and a malware prevention program. Winders defender found it, if the virus itself was't posing as Windows defender.


  

RE: getting to data on drive after win 32 pave 64A attack

Trinity Rescue Kit has a prety good partition recovery tool that may help (saved me a couple of times when my partition table got deleted)
it also contains photorec which is a good tool for recovering data files (not just photos as the name would suggest) even when the partition structure is corrupt.
 

I do not Have A.D.D. im just easily, Hey look a Squirrel!

RE: getting to data on drive after win 32 pave 64A attack

I would also recommend Dr. Web LiveCD. It is a bootable disk that has recovery tools for Windows and Linux. By booting from a CD, you don't run as high a risk of infection than if you try to boot from the infected disk to recover data.

Other bootable options include AVG Rescue Disk and CAINE. CAINE is more powerful but also more complicated.
  

James P. Cottingham
I'm number 1,229!
I'm number 1,229!

RE: getting to data on drive after win 32 pave 64A attack

Create a BartPE CD and boot it up with another hard drive or memory stick attached (in addition to the afflicted one) and transfer the data.

Don't try to cure it if you don't want to fight - just get your data and nuke the drive.

RE: getting to data on drive after win 32 pave 64A attack

If the partition isn't visible to Windows, attach the drive to a working Windows system and get a copy of GetDataBack from here:  http://www.runtime.org/data-recovery-software.htm

This is trial version which allows you to check if recovery is possible, BEFORE you part with your dosh for the full version.  It's been used to good effect by several Tek-Tip posters including myself.

Good luck.

ROGER - G0AOZ.
 

RE: getting to data on drive after win 32 pave 64A attack

(OP)
Heartfelt thanks to you all, unfortunately drive is no longer recognized in bios or at startup. So it's done. I tried the runtime while it was.

I guess the need to slam it shut when the faux trojan attacked (hundreds of windows, one after another) gave it the final kick. It started clicking last night and it's gone now. ^^&$$*%##!!!!

 

RE: getting to data on drive after win 32 pave 64A attack

Are you trying to say that at the same precise time a virus hit you, the hard drive crapped out due to a hardware malfunction??  That would be an unbelievable coincidence.

Have you tried everything to verify that it can't be seen (another PC, jumper settings, external drive cage).

RE: getting to data on drive after win 32 pave 64A attack

No, I think he's saying his slamming "it shut" while the hard drive was spinning due to caching hundreds of windows killed it.
 

James P. Cottingham
I'm number 1,229!
I'm number 1,229!

RE: getting to data on drive after win 32 pave 64A attack

You mean he like physically slapped it?!?!  Well - all bets are now off.  

You know, just like with people, punching them doesn't usually improve their demeanor.  I know this for a fact.  It makes me more cranky every time.

RE: getting to data on drive after win 32 pave 64A attack

modern hard drives auto park the heads so killing the power sould not do any damage (still not recommended if it can be avoided)
windoze is not so forgiving

it may still be worth booting with a live linux cd. linux accesses the hd controller directly & does not pay any attention the data in the Bios/Cmoss

I found this the hard way when I sucsessfully installed linux onto a 40gb hd on a laptop that would not see anything greater than 22gb. the install cd saw it fine, installed it without problem but then would not boot sad

I do not Have A.D.D. im just easily, Hey look a Squirrel!

RE: getting to data on drive after win 32 pave 64A attack

(OP)
Actually, no. I shut it down cold. There was no virus but a back door invasion of some sleezy software company simulating Windows Defender. It kept saying windows had shut the virus down (there was no virus), but the windows keept popping up faster and faster, suggesting downloading a trial copy of the Thinkpoint.  At some point I got smart and realized that the problem was not the supposed virus but thinkpoint. About then everything froze except for the popups (Odd, I have every form of messenger and popup disabled), so I just shut it down cold. ("slammed it down"). That killed the drive...4 clickes, silence, 2 clickes, silence, 2 clicks and amen.

I am pretty p'd about it. Thinking of making a police claim when I have a moment. Know what data recovery will cost, and as I opened the drive, it's probably no longer possible.


The dry ice thing, by the way, did not work. (Putting a drive in the freezer can reportedly make it recognizable for a few minutes until it heats up..you can take the dry ice logic from there. (using baggies and a piece in one to drive out the air, ergo no moisture, drive in paper towel).

Anyway, didn't work.  

RE: getting to data on drive after win 32 pave 64A attack

(OP)
Thank you all, by the way. Very much.  

RE: getting to data on drive after win 32 pave 64A attack

How on earth dod I get a star when I keep mentioning the
L word smile

I do not Have A.D.D. im just easily, Hey look a Squirrel!

RE: getting to data on drive after win 32 pave 64A attack

(OP)
If I could get at it, L or M or P or A..whatever could find the data. Unfortunately, this is one toasted drive and I need to muddle on as best I can. very upsetting, really.  

RE: getting to data on drive after win 32 pave 64A attack

Here is a fix that I have seen done, but it was years ago on what whas probobly a sub 1meg drive and doubt that it will work on modern drives.
First of all the (dry)ice thing never works that a modern myth, what I have seen done is this.
The drive is placed in a large plastic bag, big enough and deep enough so that you can get your hands inside and the bag closes round your arms (and the screwdrivers you need).
inside the bag open the drive and find the spindle bearing retaining screw. loosen this off slightly then retighten until you can just feel resistance.
The theory being that in some cases drive fail is due to the bearing siezing.
A desperate measure I thought even then, a plastic bag isnt exactly a clean room, but...

 

Steve: N.M.N.F.
If something is popular, it must be wrong: Mark Twain

RE: getting to data on drive after win 32 pave 64A attack

(OP)
Might as well try, but it's already been open. Worth it at any rate.  

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close