Second HDD suspicions

Discussion in 'hardware' started by Pfipps, Jun 24, 2008.

Thread Status:
Not open for further replies.
  1. Pfipps

    Pfipps Registered Member

    May 15, 2007
    I have been meaning to reformat my computer, but obviously have been putting it off since it takes so long. When I was browsing around in my second HDD, I found an old text file with some notes I kept, and I found a weird cryptic message that I never remember putting down. Was someone able to access my files? i don't know, and the act would be weird since that was all I noticed, and I am very careful, but you can never be 100% sure.

    So I reformatted the second HDD, and then I ran my "system restore disk" for the first HDD. I removed my second HDD because the restore disks don't touch the second HDD.

    If there is some sort of malware or rootkit on the second drive (the restore disk would clear out the primary drive) would a windows format clear it too? I put the data from the second drive onto a flash drive. What should I do?

    Remember, the only evidence I have is a cryptic message added in a text file I had.

    I am running both a HIPS and AV/Antispyware with returnil.
  2. markymoo

    markymoo Registered Member

    Sep 25, 2007
    Hello, is the cryptic message non sensical? Does it have some cryptic pattern or is it completely garbled? It could be file corruption and not infection. Have you noticed anything else irregular such as slow pc or browser? If you not used ChkDsk in a long time or not shut your pc down properly and you been saving to the file often it can not save the right data. My advice for future is always makes 2 copies of a file at 2 different locations preferably on 2 different drives. I do this when i write docs or software. A good software is Second Copy , auto copys file(s) on schedule to another location.

    Malware usually infects the system partition and 99% of the time installs into the Windows or Program Files folders and not cross over to files on other drives unless you accessing them or loading into memory. Best policy is not rely on one or two protection softwares but a range. Get some freeware rootkit scanners and also use AV online scanners.

    If you have malware active in memory and you format the Windows then the infection could still write to the newly formatted drive and even into the boot part. It is best you wipe the drives outside of Windows with a clean dos util or from BartPe Windows Recovery that formats and wipes the boot part also. Without going into too many details on the subject i recommend UBCD On there is a ton of dos software including HD manufacturers software and erasers. Download the ISO and burn the bootable CD.

    I have no faith in the Sytem Restore it's a liability and becomes bloated if keeping lots of restores, and won't restore all the changes. The restore is kept on the same drive as the Windows, if the Windows goes bad even minor, bad registry etc. it becomes a failed restore. I advise using a reliable image backup software so you can store the images on another drive. This will ensure you restore your Windows and system partition exactly. Not using System Restore it can be disabled the pc will run alittle faster.
    Last edited: Jun 30, 2008
  3. chris2busy

    chris2busy Registered Member

    Jun 14, 2007
    memory malware can be killed in many ways :D the best one is unplug ur power supply,take off motherboard battery and insert it back on after 10 mins or so(i think those things are still in theory-hardware type malware)
    if the file is infected,you can check by ziping it and mailing it to a virus analyst...say... newvirus[at]kaspersky(dot)com...if they reply u that there was a malware was in it,they will add the signature and then u can clean ur drive with their online scanner(or avp tool)...another reccomendation..turn autorun for all drives off so that malware cannot jump(from cd's,usb drives) to your HDD's...

    keep away from sys restore..go for imaging products...lots of free+reliable out there
Thread Status:
Not open for further replies.