Two Active partitions

  • Thread starter Thread starter gdavid9
  • Start date Start date
G

gdavid9

As the title suggests, I have two disks in a PC and both have an active
partition showing the same data.

The old original drive got infected by a trojan and wouldn't boot I
managed to repair this but suggested to the PC owner that they would be
best to get a new hard drive and install a clean copy. This was fine.


They took there PC home connected to the net to download AV software
before reconnecting the old orginal drive. Once they did this it
apprently did a scan disk detected corrupt files on the old drive and
orphaned files etc etc.

Can I recover from this by not making the old drive an active
partition, will the data actually still be there?

I would hang the disk of another XP machine but I don't have a suitable
old PC with XP.

Both are NTFS.
 
If you were able to sell someone a new hard drive as a solution to a Trojan
infection, you are, indeed, an exceptional Flim-Flam Man!!!
Steve
 
wow, thanks for the constructive information!

For the record I didn't sell him anything and I didn't bother writing
the entire story of what was wrong with his PC as we'd be here all day!
 
Without the whole story we'd only be guessing. From what you've told us so
far it sounds like either it's an NTFS ownership issue or the file system is
corrupt. As you say the pc had problems I'm guessing it's the latter. It has
nothing to do with active partitions.
 
Originally the system was failing to boot, reporting a corrupt system
registry hive, I repaired this by replacing it with a backup hive,
obviously it was still not particualrly healthy. He wanted to preserve
his data on the drive and without any backup means hence, I suggested
they get a new drive as they are fairly cheap. I installed a new OS on
this whilst the other drive was disconnected.

I let them take it home to download AV software prior to connecting the
old drive.

I wasn't there when he connected the old drive but it was apparently
detected but stated that it was corrupt and proceeded to try and
recover and replace security settings.

After this it booted into XP and they reported that they couldn't see
any of the data that was there previously. There old drive now
mirrored the new drive in contents. I checked this by creating a file
on the C drive and sure enough there it was on the old drive.

I marked the old drive as not active but it seems the data has been
completely overwritten. I have used some recovery software but it
doesn't show his data.
 
As you weren't there to see what happened and it sounds like the person who
was is not a very knowledgeable user I think you are out of luck. If the
files are updated on both drives in real time then somehow they created a
RAID 0 array. This could have been via the BIOS of a RAID controller. If the
controller was set to use a RAID 0 array and a new drive to the array (i.e.
their old drive) was installed it may have automatically updated the array
and synchronised the drives. If this happened the data on the original drive
is for all intents and purposes gone unless you send it to a very expensive
data recovery shop. Even then it is likely the recovery will not be complete
or even very useful. I'm guessing here but from what you have told us it
seems the most likely scenario.
 
I have to say Im a bit stumped by it. Its only a standard PC so no
raid capabilities. Ive hung hundreds of OS disks of another without
any issues. They were both hung of the same IDE cable so I advised
them to make sure that the new disk was the master and the old the
slave. Its frustrating as I had his old drive in a useable state (if a
little slow) so could have done something with it prior to attaching
the old drive. Its little consolation but at least he has a clean OS
and has no doubt learnt a lesson about backing up!
 
What happens if you remove the NEW drive and use only the old one?

Does it still show the contents of the NEW drive?
 
Back
Top