This is Bob's brother inlaw. Bob posted my message, which I dictated to my
wife (his sister) over the phone, which she then emailed to him from her work
computer, which he then posted here.
I've since made *some* "progress", detailed inline below.
Your story doesn't make sense, or you are omitting critical details on what
happened.
It doesn't make sense to me either, but I assure you it happened! More
details follow below.
What F-Prot version did you run, for Windows, or for DOS?
For Win, not sure of the version, it's on the clobbered drive.
It wasn't the actual F-Prot antivirus program. *That* ran fine. The problem
was crated by their utility (installed with the antivirus program) that
creates a database of changes to files and boot records. The first time I
ran it, it said there was no database yet, should it build one. I said sure.
It then reported that there was a change to a boot record since the last time
the program was run.
This set off an alarm in my head. It asked if it should create a backup of
the boot record before "fixing" it. I said yes. It wrote a 1K file to a
floppy. I do *not* know if it's the right boot record (details below), but
that is moot, as there does not seem to be any way to *restore* from that
file. Argh.
Was F-Prot run after
booting to W2K, or Win 98, or to plain DOS?
I ran it (their utility, as described above) from within W2K.
I later tried their DOS version, booting from a floppy. I could not find any
way to restore the boot sector backup file created by their Windows utility.
I very much doubt that F-Prot is
what messed with the partitions.
It was not "F-Prot" the antivirus, but it *was* the little utility installed
*with* it.
After the 20 GB partition was converted, can you see files and directories in
the current 2 GB partitions? If you can, then the damage to the original
partition could be substantial, and not worth recovering.
OK, here's what I've been able to determine (after installing a new hard
drive and putting Win2K on it), after trying the Fixboot and Fixmbr commands
from the Recovery Console. After they failed (they *think* they succeeded,
but they didn't), I was staring at the output from the Map command, and
suddenly it hit me. The IDE drive showed two partitions -- the first was 2
GB FAT, and the second was 2.38 GB (or somesuch unique number) NTFS -- the
EXACT same config as my (fortunatly, *not* clobbered) SCSI drive!
The F-Prot utility copied the boot record from my SCSI drive over to my IDE
drive!
For whatever reason, it seems to have been confused by the two controllers,
decided that the first disk in each was *the* first disk, then decided that
since they were *different*, there was a "problem", which it "repaired".
And here I am today...
Lastly, was there important data in your 20 GB partition?
"Important" barely approaches it. It is the understatement of the epoch.
My current plan: I have located an identical model WDC drive to the one in
this computer, and ordered it. It should arrive Friday (fingers crossed).
This computer (a Dell, which the Michigan schools bought for all the teachers
in the state) has one of those accursed "restore discs", which I've finally
found a good use for. It's a "ghosted" image -- the same Win98 image used to
create the drive before I installed Win2k. I will "ghost" that image to the
new drive, and then install Win2K over it. Next, I will create a restore
disc (we tore the house apart and *cannot* find the one we made from *this*
drive, argh). I will then remove the new drive, install the original drive,
insert the Win2K CD in the CD drive, boot from the CD, and tell it to repair
the boot sector using the recovery floppy.
I *think* that this *should* work.
My two fears are that it will either insist on "repairing" one of the two
bogus partitions (rather than the physical drive), or, decline the recovery
floppy, after deciding that it was made from a different disk.
I've downloaded a utility to edit the disk's ID, in case that problem arises.
If all else fails, I downloaded "MBRTool" from
http://www.diydatarecovery.nl/~tkuurstra/mbrtool.htm to back up and restore
the boot/MBR info. I'll backup from the new drive, and restore to the old
one.
If my attempt via the recovery console (fixboot, fixmbr) didn't do any *new*
damage, I *think* I'll be home free. I know that the machine was running
fine for several days *after* the F-Prot utility did it's thing. The problem
only manifested itself when I rebooted, when it read the MBR. So I'm pretty
confident that the *data* on the drive is OK (if the fixmbr etc. didn't screw
it by trying to dump a backup copy of the "repaired" MBR in the middle of the
real data, or somesuch.) I'm hoping that if worse comes to worst, any real
data loss will be minimal, only affecting one file (hopefully unimportant),
or at worst, one dir.
I *do* intend to send a epilog to the F-Prot folks when the dust settles.
Right now, I don't have email. My email client (old character-mode Eudora
Pro) is on the farkled partition, and my spamload is backing up at the ISP.
*groan* They tell me I've got a 198MB allocation and it's only at .7% as of
yesterday, so hopefully I won't lose any mail thanks to this nightmare.
