Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Secondary Hard Drive Deleted Partition..?


  • Please log in to reply
2 replies to this topic

#1 nitro1

nitro1

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:12:28 PM

Posted 08 September 2011 - 07:37 PM

Hello,
I've recently reformatted one of my computers, installed a fresh copy of Windows XP Pro, and left the secondary drive full of data. Initially, there seemed to be no problems, the system was working well. Until I decided to install Avira AntiVir Personal Free Antivirus. A scan revealed that there was an infection in the master boot sector of HD1, and Boot sector D:\. As far as I know, my D drive was set up as HD1, so I'm not sure why the messages were shown twice, but in case it helps, here are the event log messages in order.

The file 'Master boot sector HD1'
contained a virus or unwanted program 'BOO/Whistler' [virus]
Action(s) taken:
Contains code of the BOO/Whistler boot sector virus.
The boot sector was not written!

The file 'Boot sector 'D:\''
contained a virus or unwanted program 'BOO/Whistler' [virus]
Action(s) taken:
Contains code of the BOO/Whistler boot sector virus.
The boot sector was not written!


A virus or
unwanted program 'BOO/Whistler' [virus] was found in Boot sector of drive 'D:'.
Action executed: Deny access

A virus or
unwanted program 'BOO/Whistler' [virus] was found in Master boot sector of drive 'Master boot sector HD1'.
Action executed: Deny access


The file 'Boot sector 'D:\''
contained a virus or unwanted program 'BOO/Whistler' [virus]
Action(s) taken:
Contains code of the BOO/Whistler boot sector virus.

The file 'Master boot sector HD1'
contained a virus or unwanted program 'BOO/Whistler' [virus]
Action(s) taken:
Contains code of the BOO/Whistler boot sector virus.


It was either after the 2nd set or 3rd set that I noticed my D drive was no longer present in My Computer. I have since determined that it is recognized, but described as unallocated in disk management.

I've heard of people recovering partitions and lost hard drives, and was hoping for some guidance before I go screwing around on my own. I'm open to paying for software or professional services to have it done, but only as a last resort. Any help would be greatly appreciated. Let me know what other info I can provide or if I should be posting this in a different forum. Thanks in advance.

BC AdBot (Login to Remove)

 


#2 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:11:28 AM

Posted 09 September 2011 - 04:59 AM

Greetings nitro1,
From your description, the D:\ is no longer shown in "My Computer" because Avira has denied access to it. Your assumption that it is still recognized as unallocated in the disk management console is accurate but I would expand a bit on that point. I believe the volume still contains data but may appear in disk management as unallocated space due to the fact that Avira is currently holding it prisoner. The system still sees the partition but not the data (sort of). And that is the best way I can think of to describe this to you in simple terms.

The Boo/Whistler virus (an avira term) is a member of the family of tdss rootkit infections. Your best move at this point would be to create a thread in the malware removal forum. Include the link there to this thread so we won't lose track of these few pieces of info. Good Luck!

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven


#3 nitro1

nitro1
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:12:28 PM

Posted 10 September 2011 - 01:41 PM

Thanks 1972vet. I have posted a topic here.

I have also used partition wizard to recover my D drive, but am still seeking advice in my new topic on how to disinfect. I think this topic can probably be closed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users