URGENT HELP NEEDED!

Discussion in 'other software & services' started by DVD+R, Dec 8, 2007.

Thread Status:
Not open for further replies.
  1. DVD+R

    DVD+R Registered Member

    Joined:
    Aug 2, 2006
    Posts:
    1,979
    Location:
    The Antipodes
    Hello......
    As I type this the most unbelievable **** is happening to my hard drive :ninja: Its ERASING ITSELF!!! 2 minutes ago I had 281Gb remaining, and now I only have 295GB and its getting smaller, and the most crazy thing is....... I'm not installing anything to make it reduce, its doing it by itself, and I have no idea how long before its totally full :( ... Ok now I have 280GB :( Edit: corrected
     
    Last edited: Dec 8, 2007
  2. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,632
    Location:
    U.S.A. (South)
    Other gurus need to address this (soon) for you with their expert speculations and suggestions but what you described is from my experiences a classic virus "fill hard drive" crud attack. I've lurked virus underground sites where some of their members gloated over creating these fill-disk viruses, and i don't have a clue how anything like that could possibly have slipped into your computer system because surely not even a windows system malfunction would perform such a mischief as this one i believe.

    Opinions? Suggestions?
     
  3. DVD+R

    DVD+R Registered Member

    Joined:
    Aug 2, 2006
    Posts:
    1,979
    Location:
    The Antipodes
    Update: 272GB remaining :( Avira finds nothing, Kaspersky web scan finds nothing, nor does trend micro house call :blink:
     
  4. Hairy Coo

    Hairy Coo Registered Member

    Joined:
    Oct 19, 2007
    Posts:
    1,486
    Location:
    Northern Beaches
    Unplug the drive until you can think about it!

    Possibly a hardware fault-but cant off hand see why.

    May be worth contacting the manufacturers.
     
  5. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    Ummm, you say it's erasing itself, then that it's filling itself. Which is it? Also, identify files modified today - where's all the activity going on?

    Blue
     
  6. DVD+R

    DVD+R Registered Member

    Joined:
    Aug 2, 2006
    Posts:
    1,979
    Location:
    The Antipodes
    I said erasing.. it was easter who said it was a disk-fill virus ;)

    I'm wondering if it has anything to do with the Active@ KillDisk that I cleaned out my drive with yesterday, then reinstalled windows.. but surely it wouldnt have left anything behind that would continue to eraseo_O Or would it o_O
     
  7. Coolio10

    Coolio10 Registered Member

    Joined:
    Sep 1, 2006
    Posts:
    1,124
    Install a HIPS right now to see if it can detect what file is writing to the disk.
     
  8. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    No, you explicitly stated in your initial post:
    Does "full" have meanings that elude me at the moment?

    Blue
     
  9. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    I have to disappoint you this won´t help it is already in when you install hip.
    It mutates nearly anything related to security apps.

    I had this too.
    Easter is totally right I experienced this too some months ago. They use a raw disk access then erase totally silent one of your partitions. In my case it was D:\, fortunately I backed up many files on another hd otherwise this action could have been fatal, except some beautiful game screenshots most things could be recovered.

    It is this "old new new old" thing that nobody can detect,
    probably russian or chinese origin.

    Forget it, there actually does not exists a tool that really can detect it.
     
    Last edited: Dec 8, 2007
  10. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    Folks,

    There's no technical details in the thread thus far. It probably premature to identify a cause, never mind a geographic source (assuming there is one....)

    Blue
     
  11. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    Agree but actually only know one "official" tool that loves to make zero fills and thats RkUnhooker "A tool created in the order of Russian government" like EP declared but still a unfinished tool IMHO. Just to remember this unknown stealth thing makes from time to time zero fills with several specific executables like a slow virus and raw disk kill (extremely silent) you will hear no sound when they kill your partition, I experienced something like that.

    The problem is it can take a long time where no symptoms arise that makes it harder to detect like a real virus,
    then in hot phases you may notice a new push of indefinable and unexplainable activities. (zero fills, partition kill, stalker spam (the russian variant (cruel thoughts and schizophrenic messages between spam pictures)), strange beeper sounds, browser crashes, bsods, drwatson pop ups) Only to mention a few symptoms.

    Some people think they use a registry incrimination tactic to remain persistent. Easy to check: Format your harddisk, reinstall windows and if old registry entries of former installation re-occur (without having reinstalled those apps) you got them or better said you have become a prisoner of their matrix.
     
    Last edited: Dec 8, 2007
  12. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,632
    Location:
    U.S.A. (South)
    It does by all practical means look like your Vista? i presume is been intruded alright, because the only other explaination i might offer is that something is amiss in the Vista O/S system itself or even the drive might be giving off false progress measurements? Purely speculation at this point without more data to decipher.

    Sorry i can't offer more since Vista isn't reached my attention either mentally or physically, but hopefully courtesy some of the replies coming in it will help narrow down at least a more accurate assessment of the cause for this behavior.

    EASTER
     
  13. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    I only tested the beta of vista, I didn´t know that this happened on vista.
     
  14. DVD+R

    DVD+R Registered Member

    Joined:
    Aug 2, 2006
    Posts:
    1,979
    Location:
    The Antipodes
    Depends if English is your Native Language or not :cautious:

    Erasing as in deleting thus rendering the hard disk full as there is no more space available. To make it more simple this problem whatever it is, is acting like a Slack space wiper, which fills your entire disk in the process of cleaning.

    However, CHKDSK DOS indicates that there is no obsolete space that is falsely reporting itself as used, and no other errors either. I'm going to wipe the drive once again this time with WipeDrive Pro 5 to eliminate any possible remains of this Virus if indeed thats what the problem is, as it was first talked about by EASTER
     
  15. fce

    fce Registered Member

    Joined:
    May 20, 2007
    Posts:
    758
    why you don't want to use your FDISR?...
     
  16. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Well, that sentence didn't make sense to me (English isn't my mother tongue) until your last post.
     
  17. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    Same here, and English is my native tongue, but it is clearer now.

    A complete restart does seen best regardless of cause.

    Blue
     
  18. DVD+R

    DVD+R Registered Member

    Joined:
    Aug 2, 2006
    Posts:
    1,979
    Location:
    The Antipodes
    Well I'm back, and everything has been restored :D even though it took 6 hours to completely wipe my drive with 3 overwrites to sanitize the hard disk.
    I'm back to having 287GB of free space which is stable,and hasent reduced any further since I'm running with just bare essentials at the moment, Avira Premium Security, and a full load of windows and microsoft updates, sound and graphics drivers etc..

    fce.... FD-ISR had been killed dead, so that wasent an option. How it happened in the first place is still a mystery to me :ninja: but it just goes to show, you never can be 100% safe.


    Made sense to me :shifty: but then again, I was schooled at Oxford :cautious:
     
  19. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,041
    Now that you've recovered, you might consider making some off disk FDISR archives. That way you can restore even very old images, and if necessary reinstall FDISR. THen the archives bring you current.
     
  20. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    Less the Oxford background and more that you were seeing additional information live:cautious:

    In any event, my personal preference is to augment a multiboot configuration with a recent clone of the master physical drive as a bare drive on the shelf, available to pop in at any moment. Given hardware vs software costs these days, it's almost a wash whether you go with a hardware or software solution. Total change time ~ 2 minutes. Any serial codes that may be needed to update the configuration are separately available electronically if required.

    Blue
     
  21. fce

    fce Registered Member

    Joined:
    May 20, 2007
    Posts:
    758
    any idea if bare metal recovery will survive with this problem?

    <snipped unnecessary remark - Peter2150>
     
    Last edited by a moderator: Dec 9, 2007
  22. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,041
    Hard to answer that question, as the problem really was never defined.
     
  23. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,632
    Location:
    U.S.A. (South)
    This that Pete suggests should be a required practice for all FD-ISR users. In keeping with that same plan myself i been able to 100% completely restore my 200Gb Maxtor x 3 partitions to perfect operation again without losing a single piece of data. There was no backup image to turn to at the time so it was crunch time whether FD-ISR would completely come thru or not, and it mastered the task just as expected.
     
Loading...
Thread Status:
Not open for further replies.