scalliano
Elite
Posts: 1095
Yup, that's me
|
I have a SEVERE problem which I hope someone can help me with. I was hit by a trojan horse last night and while I supposedly got rid of it, I got a "Delayed Write Failed" message. When I restarted the computer CHKDSK started and proceeded to delete a whole host of index entries on my slave HD. When Windoze finally loaded my main download folder was completely gone, replaced with a hidden found.000 folder which contained everything that had been deleted. Naively, I recreated the folder and moved all of the stuff back. However, once I did that the folder became completely inaccessible! The properties window says that the folder is empty, yet there is no extra free space on the HD. I am convinced that the files are still there (a folder containing 25Gb of data doesn't disappear that quickly) but I've tried absolutely everything I can think of, including taking back ownership (didn't work, as the system couldn't access the folder to make the changes), running Norton Utilities to check for any corruption (none found) and even accessing the HD from DOS (kept getting invalid drive letter message). If anyone knows anything about how to reverse this please let me know - I have four years worth of stuff in that folder and I can't get at it for love nor money  |
|
|
|
|
Logged
|
PSN ID: scalliano
The Arena knows no gender, colour or creed, only skill.
|
|
|
Tabun
Pixel Procrastinator
Team Member
Elite (3k+)
  
Posts: 3330
|
I'll try not to sound like an ass, but I fear that's hard to avoid:
FOUR YEARS? I suggest backing up important data (that is, anything you don't want to lose) once or twice a month, at the very least. Do that from hence forth, and be free from worry.
I really hope someone can help you out, because I can't: 25 Gb of data can disappear just like that. If you still have the found.001 file, you can try to restore individual files by hand, but I wouldn't recommend it. I myself have never been able to restore anything that was 'saved' by chkdsk this way, but maybe someone else has?
Good luck mate, and try to find good antivirus software no matter how this turns out..
|
|
|
|
|
Logged
|
| Tabun |
?Morituri Nolumus Mori? |
| |
|
|
|
|
WolfCub
|
I'd recommend downloading a Linux Live CD such as Mepis or Knoppix, and then mounting the slave drive and checking to see if the files are there. If they are, create a FAT32 partition, and copy all of them over and then see if windows can see all the files. If you need help doing this, reply.
|
|
|
|
|
Logged
|
|
|
|
|
Kain-Xavier
|
If they are, create a FAT32 partition, and copy all of them over and then see if windows can see all the files. Question, wouldn't he need unpartitioned space though? Creating a partition over the existing one would wipe out everything no? |
|
|
|
|
Logged
|
|
|
|
|
Lordbane2110
|
I have an idea though it maybe risky, on my pc i have 4 Hard Drives (SCSI wise). if anything like that happens and it has only once
i use a little known program called stinger, as with all trojans getting rid of it the normal way isn't possible as there's tons of permutations between trojans
a backdoor trojan alone has over 70 different types, and it only takes 1 to severely cripple your pc. also try avast anti virus gett the free trial version and let it restart your pc normally, if your using XP it will remove the NT compatability, so you will have to reinstall it. however it sounds like the files are still there, but the trojan has blocked access
if stinger and avast don't work, which they should then let me know and i'll try and come up with something.
|
|
|
|
|
Logged
|
|
|
|
|
Phoenix
|
I've had my hard drive get trashed before, it was due to a controller going bad as opposed to a trojan, but damage is damage, right? I used Norton Utilities to find and recover almost all the missing files, but some were completely shot. The problem with hard drives is that while your data may be there, any write operations to the drive are going to look for space that's not allocated on the FAT table. This means the more you tinker with the drive, the more stuff that's going to be corrupted that you're trying to recover. However, what you're describing sounds like the FAT table itself is corrupted, or at least the directory entries. The files may be valid, hence the space concern, but the paths could be missing. That's what happened to me, so if you have a copy of Norton Utilities or System Works laying around I'd recommend using it to find your missing data. Otherwise, use the drive as little as possible until you're ready to attempt a recovery. There's a good chance you can recover your files, but you'll have fun figuring out what was where since the paths will be gone. I just hope it didn't play with your partition table.
As for the trojan... better make absolutely sure it's completely gone before you do anything else, and check your system for spyware. I've removed trojans from other systems before, and the two often go together. If you have a utilities disk to check Windows out, like Norton Systemworks, you should run it after you're sure any spyware and trojans are gone to clean up any potential registry and file system damage. Once you've cleaned up your main drive, then I'd look at the slave drive and try to recover whatever is possible. You may even want to unplug the slave drive until you're sure the main one is clean.
|
|
|
|
|
Logged
|
  I fly into the night, on wings of fire burning bright...
|
|
|
scalliano
Elite
Posts: 1095
Yup, that's me
|
Well, with the help of my mate's little program I mentioned plus countless hours over the weekend scanning, cutting, copying, pasting and deleting I've managed to retrieve pretty much everything that went AWOL, backed up everything else that was accessible and formatted the drive in question and am now in the process of getting everything back on.
Now, however, after buggering up the WinXP installation on my master drive in the process, (completely my fault) I just have to reinstall everything else, including Norton AV and Utils, but I'm getting there.
Touch wood!
|
|
|
|
|
Logged
|
PSN ID: scalliano
The Arena knows no gender, colour or creed, only skill.
|
|
|
|
Phoenix
|
Never give up! 
|
|
|
|
|
Logged
|
I fly into the night, on wings of fire burning bright...
|
|
|
|
