0

Hi You all.
So, strange but true, My Beloved's system (which I put together less than a year ago) was running an Ewido scan, minding it's own biz, when suddenly, the BSOD appeared. No problem I thought, at most we'll do a repair on XP and she'll be up and running again. No no, instead, we find that the 250 Maxtor has suddenly lost it's NTFS format, and is read as RAW (sounds painful). Being brilliant as well as beautiful, (big score on points there) she borrows a Linux disk and is able to retrieve most of her files in that manner. Now, HOW DID THIS HAPPEN? The only abnormality prior to the incident was AVG showed positive for 14 viruses which according to Housecall weren't there. On further investigation there aren't any virus' known by the names AVG gave us. Apparently AVG was testing positive for these mystery viruses for a week prior but never sounded the warning bells. The viruses were in files such as Nero.exe, or surething.exe, etc. Which are all legitimate files. So, before this qualifies for a novel, have we slept through a major attack warning or missed some new outbreak report? I'm out of adjectives and anything even remotely humorous to add. I would appreciate any candlepower directed on this situation. If we are to ensure it not occurring again, gotta know what "it" is.
Thanks you all.
Harvester3

2
Contributors
3
Replies
4
Views
10 Years
Discussion Span
Last Post by harvester3
0

Hi You all.
So, strange but true, My Beloved's system (which I put together less than a year ago) was running an Ewido scan, minding it's own biz, when suddenly, the BSOD appeared. No problem I thought, at most we'll do a repair on XP and she'll be up and running again. No no, instead, we find that the 250 Maxtor has suddenly lost it's NTFS format, and is read as RAW (sounds painful). Being brilliant as well as beautiful, (big score on points there) she borrows a Linux disk and is able to retrieve most of her files in that manner. Now, HOW DID THIS HAPPEN? The only abnormality prior to the incident was AVG showed positive for 14 viruses which according to Housecall weren't there. On further investigation there aren't any virus' known by the names AVG gave us. Apparently AVG was testing positive for these mystery viruses for a week prior but never sounded the warning bells. The viruses were in files such as Nero.exe, or surething.exe, etc. Which are all legitimate files. So, before this qualifies for a novel, have we slept through a major attack warning or missed some new outbreak report? I'm out of adjectives and anything even remotely humorous to add. I would appreciate any candlepower directed on this situation. If we are to ensure it not occurring again, gotta know what "it" is.
Thanks you all.
Harvester3

Hey folks, well it seems this post interested several of you all, but not enough to weigh in on the subject. I'll have to review the posting protocols, but probably should let this thread wind down as it's not going anywhere anyway. If there's something I'm doing wrong, or not doing right, please tell me. I want to be a contributor and a positive effect in this community, and welcome any advice to that end.
Thanks again,
BTW, still have no idea what happened to the hdd [:~)
harvester3

0

Our apologies- we're not ingoring you, we're just stretched a little thin helper-wise right now.

What exactly happened in your case I can't say, but having been through it a few times before, here's the general course of events as best I could determine once I'd resurrected the drives:

1. Something (could be anything) corrupts a piece of software, usually a driver. In my last two incidents the culprits appeared to be a) a power outage, and b) a driver update conflict. SOmetimes the STOP code in a Blue Screen error can help you more accurately determine the exact source of the corruption.

2. Driver goes BANG!, OS gets showered in shrapnel, and either the driver, the OS, or both do some serious fandango on disk and memory locations that they definitely shouldn't be writing to.

3. One of those areas turns out to be the Master Boot Record, the Master File Table, the Partition table, or some equally critical and low-level section of the drive.

Linux has some tools which will try to "guess" the partition type (FAT, NTFS, ext2, etc.) of a damaged disk and will therefore often be able to mount and access the disk (assuming the entire partition table isn't hosed) when Windows can't. Linux also obviously doesn't care about Windows boot-related files, so doing something like trashing the NTLDR file won't stop Linux from being able to recover the rest of the files on the drive.

As for the AVG "false positives", I've never heard of AVG exhibiting that behaviour before, and I use AVG on a lot of machines.

0

Much thanks for the reply. We may never know exactly what happened, but I'm sure the scenario you proposed is a good hypothesis. I'm curious about the false AVG reports as well. AVG has always been rock solid yet unobtrusive... Good program in any case.
Thanks again for the time and helping hand. Hope I can recip some day.
Harvester3

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.