Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Installing infected hd as a slave in order to clean it


  • Please log in to reply
13 replies to this topic

#1 Vermillion

Vermillion

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:56 PM

Posted 28 September 2009 - 04:30 PM

Hi,

Roughly 4 months ago, I ran into a boot loop problem with my graphic design & gaming rig. I attempted various things like booting from an xp cd, but since the system was vista, I just got blue screens (have lost vista cd) also, attempting to boot into safemode, resulted in the continual boot loop & 'last safe boot' resulted in restarts (continual boot loop).

At first I though I had a problem with my gigabyte motherboard as they are apparently notorious for boot loop issues. I installed a newly purchased asus board, my computer booted, didnt loop, but at the loading stage just before you type in your password, I got bluescreen for a second and it then rebooted. This was so annoying as I couldnt see the top error code or x(xxxxxx) error code that you get on the blue screen.

So I attempted to change my sticks of ram around, then used only one, then I Installed older 2 gig versions of my ocz ram, still same bluescreen result no matter what. Then I replaced my gainward gfx 275 with my older nvidia gs 8800 gpu, still same bluescreen result. I then gave up for a while, until I was given my mates old 200gig hd. This booted perfectly, I then cleared off a bunch of rubbish, set up my admin account, installed my drivers, and am now once again playing cod world of war happily, tho without dx10 that I had with vista, its not really making much use of the insane gpu I have.

So now, I have an incredibly powerful system, running on an old xp sp3 200gig hd. The conclusion I came to was that, Well I might aswell, slave the infected hd, use malwarebytes, antiva & comodo to give it a good cleaning in safe mod, and retrieve my 500gig+ of essential content lost 4 months ago.

Problem is, I really dont know how to do this properly! How do I go about slaving my infected vista sp2 500gig sata, clean it up properly (disposing of that hard to get grime in the registry & sorting out bad sectors) without infecting the old but clean xp hd?

(edit) before the original hd contracted a boot loop infection, it had been working fine for around 2 years. Also, the hd Im attempting to slave is a maxtor 'diamond max 22' 500gig sata. Problem is I cant seem to find any info on the jumper settings, on the drive they usually show it but on my one it only shows that setting it on the 2 pins farthest from the cable connector limits it to 1.5m/s and no jumper at all delimits to 3 mb/s..

Vermillion

Edited by Vermillion, 28 September 2009 - 07:32 PM.


BC AdBot (Login to Remove)

 


#2 Vermillion

Vermillion
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:56 PM

Posted 28 September 2009 - 08:06 PM

After some persistent investigation, I came across this http://www.seagate.com/staticfiles/support.../100496101a.pdf and read that there is actually no master or slave setting. The relationship is that it is always a master. This is highly disappointing news. Im going to connect it anyway, as theres clearly no other options here. Slave was justa safe way to get my data, Ill just have to risk it, hoping it boots, then hoping it auctually recognizes the dodge hd. Hmmm..

(edit) Could I get some advice on this before I go ahead with it?

Vermillion

Edited by Vermillion, 29 September 2009 - 06:30 AM.


#3 Vermillion

Vermillion
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:56 PM

Posted 29 September 2009 - 07:25 AM

-bump-

#4 OldPhil

OldPhil

    Doppleganger


  • Members
  • 4,017 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Long Island New York
  • Local time:10:56 AM

Posted 29 September 2009 - 07:42 AM

I am not sure if Seagate offers a write 0's program like WD does, with a write 0's program you can clean the drive with it being the only on hooked up. Alleviating any worry about you good drive, check the Seagate site carefully to see if they have something similar. May require emailing their tech guys.

Phil

Edited by OldPhil, 29 September 2009 - 07:44 AM.

Honesty & Integrity Above All!


#5 techextreme

techextreme

    Bleepin Tech


  • BC Advisor
  • 2,125 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pittsburgh, PA
  • Local time:10:56 AM

Posted 29 September 2009 - 08:00 AM

Serial ATA drives do not have a "master/slave" setting as IDE drives do. Each is connected to its own "channel" on the motherboard or controller card. They do however have "port" numbers. Port 0, port1, port2, etc. This is what will show up in the boot sequence and on the BIOS boot screen as port0, disk 1, port1, disk 2 and so on.

Some extensive and "in depth" reading on SATA can be found here.

Hope this helps.

Techextreme

"Admire those who attempt great things, even though they fail."

-- Seneca

 


#6 Vermillion

Vermillion
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:56 PM

Posted 29 September 2009 - 09:26 AM

Cheers guys.
@ oldphil, when you say clean, do you mean, reformat, wiping everything clean/starting afresh or virus deletion, leaving essential data safe clean? My goal is to recover the data without reinfecting my ide hd, not whipe the hd clean, I may have misunderstood you, sorry if i did.
@techextreme, im having a ganders at that the plethora of info on wiki you linked, but honestly I really dont know what Im looking at there. Im currently shifting through my asus bios, and cant see anything about ports.

One thing I did notice which could be relevant is this information on the bios main page:

primary ide master (Not detected)

primary ide slave (ST3200826A)

sata 1 (Not detected)

sata 2 (Sony dvd rw dru)

sata 3 (Not detected)

sata 4 (Not detected)

Shouldn't the currently installed ide hd come under the primary ide master instead of primary ide slave? This doesn't any make sense. I was hoping to change the sata to primary ide slave, as aparently new motherboards like mine automatically change a sata to ide mode.. (edit) ..when running on xp.

-Vermillion

Edited by Vermillion, 29 September 2009 - 10:39 AM.


#7 techextreme

techextreme

    Bleepin Tech


  • BC Advisor
  • 2,125 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pittsburgh, PA
  • Local time:10:56 AM

Posted 29 September 2009 - 12:39 PM

Your Seagate IDE Hard drive has jumpers just like every older IDE hard drive. The only thing that is incorrect on it is where the jumper is set. Look here and pay attention to the "2" top settings ( master or single drive and drive is slave ). You will probably find that your drive is missing a jumper altogether.

Now, will this affect your computer and how it runs? The answer is no. As long as you do not plug any other devices into the IDE cable that your Seagate hard drive is connected to, it will work and run just fine.

When I said "ports", I was referring to "sata 1, sata 2, etc". Sorry I should have been more clear on that but I think now you understand what I was referring to.

As you see from your BIOS screen, your Sony DVD-RW is connected to SATA 2 ( port 2 ). You can connect any other device that is SATA to any of the open SATA ports and your machine should recognize it without issue.

If your motherboard supports the SATA II standard, sometimes referred to as "SATA300", you will want to remove the jumper from the Diamondmax hard drive to obtain the greatest throughput ( read "speed" ) from the drive.

My initial thoughts on your first and foremost problem which was the "boot-loop" in Vista would point me to a driver issue of some kind and not a virus, but I can't rule that out. Connecting it to your machine as it sits now and running a virus scan on the drive would definately be the first thing I did if I was in the situation you are now.

I hope this info helps and doesn't confuse you.

If I confused you, come on back with more questions and either myself or someone here will be more than happy to help.

Techextreme

"Admire those who attempt great things, even though they fail."

-- Seneca

 


#8 OldPhil

OldPhil

    Doppleganger


  • Members
  • 4,017 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Long Island New York
  • Local time:10:56 AM

Posted 29 September 2009 - 06:04 PM

Cheers guys.
@ oldphil, when you say clean, do you mean, reformat, wiping everything clean/starting afresh or virus deletion, leaving essential data safe clean? My goal is to recover the data without reinfecting my ide hd, not whipe the hd clean, I may have misunderstood you, sorry if i did.
@techextreme, im having a ganders at that the plethora of info on wiki you linked, but honestly I really dont know what Im looking at there. Im currently shifting through my asus bios, and cant see anything about ports.

One thing I did notice which could be relevant is this information on the bios main page:

primary ide master (Not detected)

primary ide slave (ST3200826A)

sata 1 (Not detected)

sata 2 (Sony dvd rw dru)

sata 3 (Not detected)

sata 4 (Not detected)

Shouldn't the currently installed ide hd come under the primary ide master instead of primary ide slave? This doesn't any make sense. I was hoping to change the sata to primary ide slave, as aparently new motherboards like mine automatically change a sata to ide mode.. (edit) ..when running on xp.

-Vermillion


Yes the program from WD totally reformat's the drive to factory clean, I would think Seagate would also have a similar program.

Phil

Honesty & Integrity Above All!


#9 OldPhil

OldPhil

    Doppleganger


  • Members
  • 4,017 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Long Island New York
  • Local time:10:56 AM

Posted 29 September 2009 - 06:09 PM

primary ide slave (ST3200826A) this looks as if there are no jumpers on your primary, I have seen that work in the past with a single drive.
Set the drives according to Techextreme's diagram that should work Ok.

Honesty & Integrity Above All!


#10 windowstech

windowstech

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Location:Arizona
  • Local time:07:56 AM

Posted 29 September 2009 - 09:04 PM

The best thing to do is boot to the Windows installation CD and format the bad drive. Viruses can be really hard to clean. Just nuke that drive!!!
Windows Tech
MCSE

#11 Vermillion

Vermillion
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:56 PM

Posted 30 September 2009 - 09:26 AM

Thanks techex, I understand what your saying now. In regard to the ide, the jumpers are currently on 'cable select mode' should i leave them as they are? What Ill intend to do is boot, makes sure the ide is first boot device, cd is second and sata third - then boot into safe mode, scan with aviria, while thats happening hopefully comodo will keep any viri in check.

I came to this site last year when I was unknowingly given a pirated version of the new gta by a friend, which gave me some proper dread viruses, after some hardcore antivirus app useage and many, many log postings, I eventually managed to slay all the viri scum and was good to go (all thanks to this place). If this is the same sorta deal, Im unsure if just aviria will be enough to deal with these sinister viri. But then again, it could just be a driver issue like you said, cant rule that out.

Ill deff switch the jumper on the diamond max to obtain the greatest throughput ( read "speed" ) from the drive, I personally couldnt believe I had that option all along!

I was also told that if I used a usb to sata cable my chances of getting viri would be slashed. Is this true?

I also lost my copy of vista 32, and have attempted to reformat the sata drive a few times with some dodgey xp disc, but only got bluescreen as the xp disc im using looks rather ancient and sketch- I know theres other options out there to reformat, but at this stage, when its possible to recover my data, I will attempt that option. If all fails ill nuke both drives, as theres nothing of any value on the ide except a working os. So I really have nothing to lose. Hmmmmm..

Edited by Vermillion, 30 September 2009 - 09:28 AM.


#12 Vermillion

Vermillion
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:56 PM

Posted 30 September 2009 - 10:25 AM

Hmm, for some reason when I pressed f8 to get into safe mode, the boot menu came up.. wierd, so now Im just doing the virus scan In normal mode, hope this goes well, found one trojan so far.

#13 Vermillion

Vermillion
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:56 PM

Posted 30 September 2009 - 11:14 AM

Ok, it seems I was auctuallt scanning my ide and not the sata. I also cant see the sata in my computer, but when I right-click on the c dive and select properties I can see the diamond max sata amongst the dvd and ide. It also says its location is 0 for the sata. How do I access this naughty sata? Whats goin on here?

(edit) the sata also shows up in the bios as sata 1

Edited by Vermillion, 30 September 2009 - 11:25 AM.


#14 techextreme

techextreme

    Bleepin Tech


  • BC Advisor
  • 2,125 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pittsburgh, PA
  • Local time:10:56 AM

Posted 01 October 2009 - 10:05 AM

Sorry for the delay in getting back to you.

If I'm reading correctly, your SATA drive that you want to scan had Windows Vista on it. In this case, Windows XP will NOT see the disk until you write a signature to it.

Click on Start then Run. In the run box type "diskmgmt.msc" ( without the quotes ). This will bring up the "Disk Management Console or Page".
Upon opening this, your computer should come up and say something similar to "a new disk has been found and must have a signature written to it.....". Let Windows XP write a signature to the drive and finish the dialogs. You should now see a page that looks like this. Look at "File System" and look down the list. They should all now read NTFS and Healthy to the right. The CD/DVD drive will not show anything if there is no media in the tray.

If when looking in the "File System" column you do not see NTFS or you see "unknown" then chances are very good that the drive is damaged.

Now, here's where it gets a bit hairy. Your Vista disk has much more security on it than Windows XP. With that being said, you will have to "take ownership" of any folders that you want to copy or extract files from.

I hope this helps,

Techextreme

"Admire those who attempt great things, even though they fail."

-- Seneca

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users