Trashed Drive

  • Thread starter Thread starter pgx
  • Start date Start date
P

pgx

A friend called with major problems. Most of her files were missing.
Her hard drive, which had about 18 gig used, now has only about 1 gig
used, the desktop is almost empty, and the start menu is missing most
of the programs that were once there.

This all happened after getting a message from Norton Antivirus that
there was a problem, to download a specified file, and execute it.
This got her several pages of instructions to follow. She was unable
to complete the instructions because files and registry entries
requested were not there. After a reboot, the system was in its
current state. Most of the files and folders are still on the drive,
with the directories disconnected from the root, and the files marked
unused in the fat

Does this ring a bell as to the cause? And Cure???

Thanks in advance.

Phil
 
current state. Most of the files and folders are still on the drive,
with the directories disconnected from the root, and the files marked
unused in the fat

Does this ring a bell as to the cause? And Cure???

Thanks in advance.

Phil
Click to expand...

Ummm

"This all happened after getting a message from Norton Antivirus that
there was a problem, to download a specified file, and execute it."

Seems unlikely, you mean she thinks that Norton sent her an email? Nope, i
dont think so.

Fake email, linking to malware file that deleted her data and program files.

alan
 
A friend called with major problems. Most of her files were missing.
Her hard drive, which had about 18 gig used, now has only about 1 gig
used, the desktop is almost empty, and the start menu is missing most
of the programs that were once there.

This all happened after getting a message from Norton Antivirus that
there was a problem, to download a specified file, and execute it.
This got her several pages of instructions to follow. She was unable
to complete the instructions because files and registry entries
requested were not there. After a reboot, the system was in its
current state. Most of the files and folders are still on the drive,
with the directories disconnected from the root, and the files marked
unused in the fat

Does this ring a bell as to the cause? And Cure???

Thanks in advance.

Phil
Click to expand...

Cause: Most likely malware related.
Cure: [1]Well, you didn't give us enough information. It could be one
or more of thousands of different malware. In a situation like this
you could slave the hard disk on different machine (with up to date
AV) and try to disinfect the infected hard disk. The report should
tell you what infectors were present and you 'MIGHT' be able to
copy/back up some files by copying them to the master drive - after
they have been disinfected of course.Then you reformat the drive and
reinstall Windows. [2]Reformat and start from scratch.


Regards,
Ian Kenefick
http://www.ik-cs.com
 
|
|Seems unlikely, you mean she thinks that Norton sent her an email? Nope, i
|dont think so.

No. Sorry if I was not clear. She got a dialog box from Norton AV
running on her computer.

I will try to post the exact message tomorrow.

Phil
 
From: <[email protected]>

|
|> Seems unlikely, you mean she thinks that Norton sent her an email? Nope, i
|> dont think so.
|
| No. Sorry if I was not clear. She got a dialog box from Norton AV
| running on her computer.
|
| I will try to post the exact message tomorrow.
|
| Phil


Phil:

PLEASE be exact.
You will get the best advice and information since there are so many variables associated
with malware.

Some malware deliberately masquerade as legitimate software or software vendors in a Social
Engineering attempts to get you infected with something.
 
Does this ring a bell as to the cause? And Cure???
Click to expand...
Saw it once on a Windows 98 box in 2000. They got some virus and it
deleted nearly everything save what was in the root folder of Windows.

The only recourse was to do a format-reinstall as it was unrecoverable
and there were no guarantees that the files left weren't infected.

I hope she backs up regularly. If not then this is going to be one hell
of a lesson.
 
|
|PLEASE be exact.


The message:

"Unable to restore the security settings. Please uninstall and
re-install all Symantec products to correct the problem."

This appears (google) to be a legitimate Symantec message, but I was
told that when she followed the directions, she didn't find what was
described.

The recovery directions then had her inserting the Windows ME disk,
which for her was a Gateway restore disk, which did a format and
install, leaving things in the state they are now. Hopefully, I can
recover some of the files, but I am still trying to make a good guess
about how this started.

Any thoughts?

Phil
 
On that special day, , ([email protected]) said...
The recovery directions then had her inserting the Windows ME disk,
which for her was a Gateway restore disk, which did a format and
install, leaving things in the state they are now.
Click to expand...

I am afraid she'll have to ditch whatever had been there before the
incident. Your description indicates that this restore disk does a ghost
image restore, and such a process doesn't look if there is valuable data
on the disk; everything will be overwritten in one go, including FAT and
partition table.

Which means, the system was returned to a state like the day when she
bought it, and all the software she had installed meanwhile, is
overwritten and gone. This is the registry of Day One. No wonder, that
nothing could be found inside.


Gabriele Neukam

(e-mail address removed)
 
|
|PLEASE be exact.


The message:

"Unable to restore the security settings. Please uninstall and
re-install all Symantec products to correct the problem."

This appears (google) to be a legitimate Symantec message, but I was
told that when she followed the directions, she didn't find what was
described.

The recovery directions then had her inserting the Windows ME disk,
which for her was a Gateway restore disk, which did a format and
install, leaving things in the state they are now. Hopefully, I can
recover some of the files, but I am still trying to make a good guess
about how this started.

Any thoughts?
Click to expand...

Yes.....Norton and WindowsME do not play nice. We get a lot of people on
the MS Win ME news groups with real messes and they are usually caused by
using Norton or NIS. Tell her to put anything but Norton on her computer
when she reinstalls WinME. AVG is fine.....as is the free EZ Trust from
Microsoft. In fact, anything but Norton is fine. (or McAfee, just my
personal opinion)

Norton states on the box for 2005 version that it is compatible with
WinME......IT ISN'T!!

However, I have never heard of it doing all of the things you state, so
perhaps it was a lethal combination of things.

Heather
 
from the said:
|
|PLEASE be exact.


The message:

"Unable to restore the security settings. Please uninstall and
re-install all Symantec products to correct the problem."

This appears (google) to be a legitimate Symantec message, but I was
told that when she followed the directions, she didn't find what was
described.

The recovery directions then had her inserting the Windows ME disk,
which for her was a Gateway restore disk, which did a format and
install, leaving things in the state they are now. Hopefully, I can
recover some of the files, but I am still trying to make a good guess
about how this started.

Any thoughts?
Click to expand...

Could have been a real disc or memory problem - whatever it was the
evidence is long gone now. This is why I =WILL NOT BUY= a PC which only
comes with 'recovery discs'. A proper copy of the real MS system/install
discs would probably have allowed a proper recovery with no lost data.
As it is, the recovery has trashed just about everything - this is where
she needs some backups, or else a proper (expensive) disc recovery
service.
 
The recovery directions then had her inserting the Windows ME disk,
which for her was a Gateway restore disk, which did a format and
install, leaving things in the state they are now. Hopefully, I can
recover some of the files, but I am still trying to make a good guess
about how this started.

Any thoughts?

Phil
Click to expand...


Without puting too fine a point on it she is screwed. Restore discs do
exactly what the name suggests, restores the system to the state as it was
when it left Gateway. Any files, data, email or anything else she had is
gone.

Get rid of ME and move onto Win 2K at least. Take restore disc and place in
bin

Wow, hard lesson, bad news.

Alan Brown
 
Gabriele Neukam said:
On that special day, , ([email protected]) said...


I am afraid she'll have to ditch whatever had been there before the
incident. Your description indicates that this restore disk does a ghost
image restore, and such a process doesn't look if there is valuable data
on the disk; everything will be overwritten in one go, including FAT and
partition table.

Which means, the system was returned to a state like the day when she
bought it, and all the software she had installed meanwhile, is
overwritten and gone. This is the registry of Day One. No wonder, that
nothing could be found inside.

Gabriele Neukam

(e-mail address removed)
Click to expand...


The original system probably didn't occupy as much space as when it
was overwritten, so there is some (very slim) chance some files could
be recovered by slaving the drive on another system and using a file
recovery program. There are a number of freeware ones that work just
fine, e.g. see

http://www.webattack.com/Freeware/system/fwdatarecovery.shtml

Good luck!

Larry
 
Back
Top