Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't see contents of infected drive on another computer


  • Please log in to reply
3 replies to this topic

#1 eponymous archon

eponymous archon

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:53 PM

Posted 25 August 2009 - 01:59 AM

Hi,

I was hoping someone could help me as I attempt to tackle a virus-infected drive. If anyone has a solution different from the one I am pursuing, I would appreciate hearing about it! Similarly, if someone sees in my description a cause of my problems that I have not, please do point it out!

Background problem:
My desktop came down with some fake antivirus virus last week. I was going to try to fiddle with the registry to fix, but the registry and task manager were disabled by the virus. I was going to boot into safe mode, but my computer, upon restart, entered into the "Last Known Configuration" screen, and every option keeps returning me to that screen.

My solution:
Not owning a bootable Windows XP disk, I thought my best hope was to take the drives out of my desktop, swap them into an external drive, and read the drives on my laptop, so that I could at least transfer the contents from them to another external. Then, I would put the desktop drives back into the desktop and format/reinstall Windows. I had two WD hard drives in the tower desktop; the startup drive has two partitions, while the 2nd WD drive also had two partitions.

New problem
I swapped what was my desktop's startup drive into an external, but when it showed up on the laptop, I could only see 1-2 folders...none of the other contents was visible. Of the visible folders, one that was visible, a "Shared Folder" of some sort, kept returning "Access restricted..." I check the storage capacities of the drive, and the numbers indicate that the data are still there, but I just cannot see them. I suspect that, because most of the data was within "My Documents" and because all the User Accounts on my infected drive's XP OS were password-protected, the data is somehow restricted from simply being seen on another computer even when the drive is in slave mode.

Questions
(1) Am I even going about this the right way? Would a bootable XP disc obviate my drastic hardware solution? Is there some other way to get access to those drives without taking them out of the tower? I just couldn't seem to get past the "Last Known Config" screen.

(2) How can I read the data on my desktop drives via another computer? The external HD I was using to read the desktop drives on the laptop itself came installed with a WD drive, so I don't think there was an issue there. :thumbsup:


Any help would be greatly appreciated!

Edit: Moved topic from XP to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 56,131 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:10:53 PM

Posted 25 August 2009 - 10:02 AM

Hello :thumbsup:.

Well...I would have a problem with taking a known infected drive...and connecting it in any manner to another system...unless I was absolutely sure that that defenses installed on the 2d system could nullify/neutralize the infection, keeping it from spreading to the 2d system.

<<Not owning a bootable Windows XP disk...>>

If that is true...how do you expect to format/clean install the infected drive?

System manufacturer and model?

Any blue screen error messages?

There are many reasons a system may not boot properly...why is it that you categorically state that you have a virus-infested drive?

<<I swapped what was my desktop's startup drive into an external, but when it showed up on the laptop, I could only see 1-2 folders...none of the other contents was visible.>>

That could be an indication of a files system or hard drive problem...I've alse seen such cited as evidence of possible infection.

When a system partition is moved from one system and attached as a secondary drive on a different system, users are usually unable to access Docs & Settings folders from the 1st drive. This is routine and can be overcome by following procedures at How to take ownership of a file or folder in Windows XP - http://support.microsoft.com/kb/308421 .

Password protection for system access...is not operative here at all. Since the password is designed to be effective when that partition/drive is a system partition...it has no effect on access to files when that partition is a secondary drive on a different system.

Louis

#3 eponymous archon

eponymous archon
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:53 PM

Posted 25 August 2009 - 10:32 PM

Hi Louis,

Thanks for your response! A cousin put my tower together and installed all the software for me. The drives are all WD Caviar Blue 200GB. The motherboard is an Asus, I believe, and the chipset is Pentium, but the unit is almost five years old, so I forget additional stats (but I can try to dig out specific ones you think it will help diagnose the problem). I tried using the XP disk he gave me, but it only seems to allow me to install XP...neither my tower's nor my laptop's optical drive seem to see it and boot from it, even after I set the optical drive first in the boot priority. So I figured the disc I have would at least let me clean install XP, if not let me boot from it. Do you know how I can get an XP disc that I can boot from? Would making floppy boot disks give me the same recovery capabilities that an XP CD would give me?

I didn't encounter a blue screen ever. I went into some control panel and clicked "safeboot..." so that the computer would definitely start up in safe mode next time I restarted. I wanted to go into safe mode so that I might be able to access the registry to fix the problems like disabled task mgr, etc. But on the next restart, it went to the "Last Known Config" screen and never has come out of it.

Do you think that I should put the drives back in the tower and work on them from there? I thought there might be some risk infecting my laptop by connecting the drives to my laptop, but I ignored that because I was so desperate to get the data off those drives.

I think that they are infected because, shortly before the Last Known Config screen problem, a fake pop-up came up recommending a bogus antivirus program (also was in the system tray). My actual Norton AV found some sort of "fakeavalert" virus. Consequently, my task manager and my registry were disabled. All these symptoms made me think that the virus had caused my problems.

Sorry for the length, but I am hoping the more info I give, the better people might be able to help. Any help on what course of action you think I should best take next would be greatly appreciated.

Thanks a lot!

#4 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:11:53 PM

Posted 27 August 2009 - 08:09 PM

Would making floppy boot disks give me the same recovery capabilities that an XP CD would give me?

You do not use boot floppies with XP

Do you know how I can get an XP disc that I can boot from?

You must enter the BIOS and make the CD/DVD drive the first boot device
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users