Posted 14 October 2009 - 03:07 PM
Ok first off, I am a member of the IT department at my work place, and are a bit perplexed what we have or don't have.
We have a computer that was running incredibly slow, we were also having a major slowdown in our network, with this computer appearing to be a source of a lot of traffic. Investigated it and having ran several utilities, it has symantec anvirus as default virus protection, we never really were able to find out if anything was infecting it. Having read a fair amount and tried to learn how to use it, we tried combofix and it detected a couple of .msi files but not a lot. Tried to a defrag then and it said errors, rebooted it and showed as dirty, and the fun began.
Scanned for a day or so, and of course after it cleaned it, the drive wasn't booting. Figured that was coming, moved the drive to another machine, attempting to use it as a slave and try to recover some data. It would scan, did so for a few days, lost the drive access a time or 2, but finished the scan finally, with very little acessible. Also had a problem with Symantec trying to run an installer on the system drive, which already has it. Figured that was an attempt from the drive to infect the other drive. Now the original drive is making the clicks of doom. Figure its toast. If that was the case, we've lost some important data but that was kind of expected originally.
Problem is that the second drive, in the system we put the 'infected' slave drive in, is now giving some errors and thus far, we haven't been able to find anything on it. It's kind of confusing, it appears that whatever was on the first drive has jumped/infected the other drive, which appears to be corrupting the drive itself. Not sure what is out there that could be doing that, not sure if it is, if its an ugly coincidence (doubt that), and just trying to figure out if the drive is infected, something is reporting it as damaged to cause you to erase/delete or what is going on.
Seriously at this point, just trying to figure if there is anything kind of new that sounds like this. I think it was doing physical damage to the drive by probably a write/overwrite type function but have nothing to go on or not really a solid direction to start. If its something, some infection/worm/etc trying to figure out what it is, and scan some other workplace computers to make sure its not going out or hasn't went out on the local network would be very good. The system we used to stick the drive in, is at the moment up, but after the corruption it showed, we're not sure if there is something on it, or what. So please, feel free to post some ideas/suggestions/programs, etc. We ran seatools on it (its a maxtor drive) and it showed 100 errors on the drive that didn't have any damage prior to the other one being put in there so if there is something going on, trying to nip it in the bud is very much the goal.
I'll try to help explain anything if I didn't explain it very well. Its a county government, so the IT dept is me and one other guy and we're both pretty perplexed here.
Thanks in advance.