 |  |  |  |  |  |  |  |
How does this happen??? NTFS mysteriously becomes RAW
 |
Hi You all.
So, strange but true, My Beloved's system (which I put together less than a year ago) was running an Ewido scan, minding it's own biz, when suddenly, the BSOD appeared. No problem I thought, at most we'll do a repair on XP and she'll be up and running again. No no, instead, we find that the 250 Maxtor has suddenly lost it's NTFS format, and is read as RAW (sounds painful). Being brilliant as well as beautiful, (big score on points there) she borrows a Linux disk and is able to retrieve most of her files in that manner. Now, HOW DID THIS HAPPEN? The only abnormality prior to the incident was AVG showed positive for 14 viruses which according to Housecall weren't there. On further investigation there aren't any virus' known by the names AVG gave us. Apparently AVG was testing positive for these mystery viruses for a week prior but never sounded the warning bells. The viruses were in files such as Nero.exe, or surething.exe, etc. Which are all legitimate files. So, before this qualifies for a novel, have we slept through a major attack warning or missed some new outbreak report? I'm out of adjectives and anything even remotely humorous to add. I would appreciate any candlepower directed on this situation. If we are to ensure it not occurring again, gotta know what "it" is.
Thanks you all.
Harvester3
So, strange but true, My Beloved's system (which I put together less than a year ago) was running an Ewido scan, minding it's own biz, when suddenly, the BSOD appeared. No problem I thought, at most we'll do a repair on XP and she'll be up and running again. No no, instead, we find that the 250 Maxtor has suddenly lost it's NTFS format, and is read as RAW (sounds painful). Being brilliant as well as beautiful, (big score on points there) she borrows a Linux disk and is able to retrieve most of her files in that manner. Now, HOW DID THIS HAPPEN? The only abnormality prior to the incident was AVG showed positive for 14 viruses which according to Housecall weren't there. On further investigation there aren't any virus' known by the names AVG gave us. Apparently AVG was testing positive for these mystery viruses for a week prior but never sounded the warning bells. The viruses were in files such as Nero.exe, or surething.exe, etc. Which are all legitimate files. So, before this qualifies for a novel, have we slept through a major attack warning or missed some new outbreak report? I'm out of adjectives and anything even remotely humorous to add. I would appreciate any candlepower directed on this situation. If we are to ensure it not occurring again, gotta know what "it" is.
Thanks you all.
Harvester3
•
•
•
•
Originally Posted by harvester3 
Hi You all.
So, strange but true, My Beloved's system (which I put together less than a year ago) was running an Ewido scan, minding it's own biz, when suddenly, the BSOD appeared. No problem I thought, at most we'll do a repair on XP and she'll be up and running again. No no, instead, we find that the 250 Maxtor has suddenly lost it's NTFS format, and is read as RAW (sounds painful). Being brilliant as well as beautiful, (big score on points there) she borrows a Linux disk and is able to retrieve most of her files in that manner. Now, HOW DID THIS HAPPEN? The only abnormality prior to the incident was AVG showed positive for 14 viruses which according to Housecall weren't there. On further investigation there aren't any virus' known by the names AVG gave us. Apparently AVG was testing positive for these mystery viruses for a week prior but never sounded the warning bells. The viruses were in files such as Nero.exe, or surething.exe, etc. Which are all legitimate files. So, before this qualifies for a novel, have we slept through a major attack warning or missed some new outbreak report? I'm out of adjectives and anything even remotely humorous to add. I would appreciate any candlepower directed on this situation. If we are to ensure it not occurring again, gotta know what "it" is.
Thanks you all.
Harvester3
Thanks again,
BTW, still have no idea what happened to the hdd [:~)
harvester3
Our apologies- we're not ingoring you, we're just stretched a little thin helper-wise right now.
What exactly happened in your case I can't say, but having been through it a few times before, here's the general course of events as best I could determine once I'd resurrected the drives:
1. Something (could be anything) corrupts a piece of software, usually a driver. In my last two incidents the culprits appeared to be a) a power outage, and b) a driver update conflict. SOmetimes the STOP code in a Blue Screen error can help you more accurately determine the exact source of the corruption.
2. Driver goes BANG!, OS gets showered in shrapnel, and either the driver, the OS, or both do some serious fandango on disk and memory locations that they definitely shouldn't be writing to.
3. One of those areas turns out to be the Master Boot Record, the Master File Table, the Partition table, or some equally critical and low-level section of the drive.
Linux has some tools which will try to "guess" the partition type (FAT, NTFS, ext2, etc.) of a damaged disk and will therefore often be able to mount and access the disk (assuming the entire partition table isn't hosed) when Windows can't. Linux also obviously doesn't care about Windows boot-related files, so doing something like trashing the NTLDR file won't stop Linux from being able to recover the rest of the files on the drive.
As for the AVG "false positives", I've never heard of AVG exhibiting that behaviour before, and I use AVG on a lot of machines.
What exactly happened in your case I can't say, but having been through it a few times before, here's the general course of events as best I could determine once I'd resurrected the drives:
1. Something (could be anything) corrupts a piece of software, usually a driver. In my last two incidents the culprits appeared to be a) a power outage, and b) a driver update conflict. SOmetimes the STOP code in a Blue Screen error can help you more accurately determine the exact source of the corruption.
2. Driver goes BANG!, OS gets showered in shrapnel, and either the driver, the OS, or both do some serious fandango on disk and memory locations that they definitely shouldn't be writing to.
3. One of those areas turns out to be the Master Boot Record, the Master File Table, the Partition table, or some equally critical and low-level section of the drive.
Linux has some tools which will try to "guess" the partition type (FAT, NTFS, ext2, etc.) of a damaged disk and will therefore often be able to mount and access the disk (assuming the entire partition table isn't hosed) when Windows can't. Linux also obviously doesn't care about Windows boot-related files, so doing something like trashing the NTLDR file won't stop Linux from being able to recover the rest of the files on the drive.
As for the AVG "false positives", I've never heard of AVG exhibiting that behaviour before, and I use AVG on a lot of machines.
"May the Wombat of Happiness snuffle through your underbrush."
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
Much thanks for the reply. We may never know exactly what happened, but I'm sure the scenario you proposed is a good hypothesis. I'm curious about the false AVG reports as well. AVG has always been rock solid yet unobtrusive... Good program in any case.
Thanks again for the time and helping hand. Hope I can recip some day.
Harvester3
Thanks again for the time and helping hand. Hope I can recip some day.
Harvester3
|
Similar Threads
- OEM PC -Windows XP Home (oem) does not complete installation-set up loops (Troubleshooting Dead Machines)
- Drive Died with XP! HELP! (Windows NT / 2000 / XP)
- Problems formatting HD from FAT to NTFS (Storage)
- Failing Hard Drive, need some advice (Windows NT / 2000 / XP)
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: weird double click
- Next Thread: Help..pop up and audio weirdness
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Latest Viruses, Spyware and other Nasties Posts
Related Forum Features
adware anti-malware anti-virussitesaccessissue antivirus attack audio avg backtoschoolspeech bar blackhat botnet botnets censorship china commercial commercials conficker connect control crosssitescripting cyber cybercrime cyberwarfare ddos domains e-mafia education email europe exam exploit facebook fake fancheckvirus gaming gumblar halloween herss.exe hijack hosting internet kaspersky legal logfiles mail malware mcafee mega-d messagelabs microsoft mobile nazi news obama onlinethreats paedophile panel parents patch phishing police policeprovirusmba-mblockedinternetaccess president privacy pro problem redirect redirecting reliability report research risk rogueantivirus samhain sans scareware school search security seopoisoning software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec trojan unwanted update usa virus viruses vista volume war warning windows worm yahoo zeroday
