Two weeks ago, I cleaned a scareware virus (PAV) from a PC. The drive was acting flaky, so I did a scandisk and repaired what appeared to be typical file damage. After that, the drive was unreadable. I reloaded the OS and restored data from the backup and everything was fine. I don't see this kind of damage often, but I know it happens sometimes, so I didn't think much about it.
Last week, I cleaned another scareware virus (a different one), and the drive also became unreadable after correcting drive errors. Only this one had an an unusual twist. The BIOS will not detect the drive until I force it to. After saving the configuration and rebooting, the the BIOS again does not recognize the drive. Additionally, before correcting the damage, I saw a warning from Eset that ATAPI.SYS was infected. (Take note, elise025.)
I have run three types of diagnostics on this drive, and all say it is fine and bootable -- no partition errors or anomalies. Further weirdness: I can read the drive fine from another system as long as it's on an the PCI-IDE add-on adapter in my "cleaning" PC, but it will NOT register at all through the on-board PCI channel of the original system, NOR a USB adapter plugged into ANY system....??!!
Today I got back a PC that I had cleaned a scareware virus from several weeks ago (also PAV). It had run fine in the interim, but now the HD seemed to be dying. The system would lock or BSOD after a certain amount of time -- whether running Windows or diagnostics from a bootable CD. Scandisk found no errors, nor any other of utilities I used, yet as I was still working diagnostics, drive finally went out totally and -- low and behold -- the BIOS would no longer detect it! I thought this was just a coincidence until I connected it to another system to attempt data recovery, and it reads the drive just fine! The symptoms on this drive are exactly the same as the one I described just above
I do hit streaks of really weird luck sometimes, but rarely this weird. Anyway, just consider this a "Heads Up" news item from the "Bleeding Edge" of security issues.
Edited by garmanma, 23 December 2009 - 11:42 AM.
Moved to more appropriate forum-MG