Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Infected External Hard Drive

  • Please log in to reply
3 replies to this topic

#1 zwiebel


  • Members
  • 2 posts
  • Local time:09:40 PM

Posted 21 November 2009 - 08:33 AM

Hello everyone!

The problem
I was running an old Acer laptop with Windows XP. It crashed and won't start. (details below) I'm not particularly worried about the stuff I had on the laptop itself, but on an external hard drive that I'm afraid is infected with anything that my laptop was, and was also somehow connected to the crash in the first place. First and foremost I'm asking for help to make sure the hard drive is clean.

The other day, when I started my computer, my default browser (Firefox) also started with some dating site (meet local something .org) open. I figured I was infected but put it off for the day as I was on minute schedule to get some university work done. My external hard drive was connected then, but I disconnected it later. The next day, when I started up my laptop again the same thing happened, but when I connected my hard drive, F-Secure immediately popped up saying it's found something - two things, the other in the hard drive and the other one I'm not sure about anymore. I told it to do what it does (quarantine, "recommended") but in the middle of the process the laptop crashed.

When you start up my laptop now it gives this "Windows crashed, want to start in safe mode or normally" screen with a couple of options. Whatever I pick from there, hard drive connected or not, the next thing is Windows loading screen and then immediately a flash of the Blue Screen of Death and a re-start.

I don't remember having installed any new software or hardware very recently, but I did smartly click on an unexplained MSN link I probably shouldn't have.

Current situation
I'm currently on someone else's Ubuntu and the hard drive is working fine here. I found a new read-only folder on it that I'd never seen before and deleted it (unfortunately I don't remember the folder's name or contents exactly). I've back-upped its most important contents, but I still want to be sure they're clean to bring back on a Windows.

As for my laptop, I haven't done anything on it yet. Considering switching to Ubuntu on it while I'm sorting this mess anyway.

Thank you for reading,
Oh, it's been jerried.

BC AdBot (Login to Remove)


#2 azfreetech


  • Members
  • 182 posts
  • Gender:Female
  • Location:Mesa, AZ
  • Local time:12:40 PM

Posted 21 November 2009 - 11:12 AM

It's possible to scan additional drives with MBAM and SUPERAntiSpyware so I would get those and scan the external drive. Let us know what they find.
DJ Digital Gem

I gave up on computers and now I just DJ!

#3 zwiebel

  • Topic Starter

  • Members
  • 2 posts
  • Local time:09:40 PM

Posted 21 November 2009 - 12:05 PM

It's possible to scan additional drives with MBAM and SUPERAntiSpyware so I would get those and scan the external drive. Let us know what they find.

Thank you for the suggestion. These are Windows programs however. Do you think it's safe enough to connect my hard drive to a Windows computer to do the scanning, or would it work/be safe to do it trough Wine?
Oh, it's been jerried.

#4 garmanma


    Computer Masochist

  • Members
  • 27,809 posts
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:03:40 PM

Posted 23 November 2009 - 07:50 PM

If you are going to attach it to a Windows computer to scan it, I would first run Flash Disinfector on the computer
Just remember to hold down the shift key when attaching the drive

Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
  • Hold down the Shift key when inserting the drive until Windows detects it to keep autorun.inf from executing if it is present.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: As part of its routine, Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that was plugged in when you ran it. Do not delete this folder...it will help protect your drives from future infection by keeping the autorun file from being installed on the root drive and running other malicious files.
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users