Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

deleting files....


  • Please log in to reply
12 replies to this topic

#1 millipede

millipede

  • Members
  • 617 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:outer space
  • Local time:07:37 PM

Posted 14 January 2013 - 09:23 PM

Thanks in advance for anyone that tries to follow this. I try really hard to explain EVERY detail for some of the questions I post on here but I end up having some people not follow completely... I'm not sure if people just scan them or if I just either try to hard or fail in my explanation.

Windows 7 Dell Inspiron (I think I have more details in my profile)
Windows and Avast are ALWAYS up to date.
Ask if you need more info than that.

What happened: (complicated, as usual)

I'm looking at an acer aspire one(mini, with no dvd drive) for a friend. It's her daughter's. Said it kept asking for the system recovery cd's or something. So, I took it home. Turned it on and sure enough, it would not boot. Tried booting to safe mode, no luck. Got a 0xc000000f error at one point. Hard drive I believe. So... I decided to pop that hard drive into my Inspiron.
First boot, no issues with my computer. I was planning on checking the files and then running some software to test the hard drive thinking it may be failing or something.
well... When I went to look at the hard drive, it said there were NO files there. Hmmm... right click and select properties and it says it has 98MB on there, but NO files listed.
I was going to continue troubleshooting and try to test the hard drive...
BUT... I had plugged in a portable heater in the room, in the same outlet with another... was on low working fine, but tried a higher setting and guess what? Tripped the circuit breaker... lousy doublewide, everything on this half of the house is on ONE switch in the breaker. Anyway, my computer shut down hard.
I turned the power back on for this side and waited a few minutes... then went and turned my computer on.
Next thing I know I see "deleting files........" or something along those lines. I didn't get a chance to see what was being deleted as it was going by FAST and there was a lot of it. I panicked thinking my hd was being erased so I held the power button in and turned it off again.

My question is... Is there a chance that, even though no files were listed, the hard drive I plugged in had a virus that would delete a hard drive? During boot, my computer should not be trying to boot from that drive anyway...
Or is it at all possible that the deleting files had something to do with the computer not shutting down properly?


I took the bad hard drive out and boot to safe mode. I found nothing suspicious in the startup of msconfig. Ran a quick scan with avast and found nothing. Ran a full scan with malwarebytes... found 2 adware that have been there for a while and I'm not worried about(I know what program they're associated with) and there was one other entry that was left unchecked...
It was.
pup.bundleinstaller.somoto
listed in a Temp directory with the name betterinstaller.exe

I'm going to google that file next but am posting here first as I am EXTREMELY paranoid now that my computer has been compromised. I do NOT want everything being deleted from it. I mean, I was just about having a panic attack when it first happened. made me sick to my stomach. It's up and running in safe mode with no issues but I'm not going to boot normally til I'm fairly certain things are okay. It says I need to reboot to fully remove the malware it found and I will do that and stick with safe mode for now.
Please, advise me here. I'm really worried about that. I NEED to make sure my computer isn't going to lose everything if I boot normally.

BC AdBot (Login to Remove)

 


#2 millipede

millipede
  • Topic Starter

  • Members
  • 617 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:outer space
  • Local time:07:37 PM

Posted 15 January 2013 - 10:19 AM

hmm... I was hoping to have some thoughts by now. I'm still running my computer in safe mode just to be safe but, I'm thinking about booting normally to see what happens... and, maybe have my camera in hand recording bootup to see what happens.
I looked around in the even viewer last night... found a lot of things that failed to load and such but I didn't see anything in particular that was telling me there was a virus or even listing anything deleted. I've run full scans with avast and malwarebytes and haven't found anything else so far. I just remembered, I'm going to check to see if I have hijackthis installed and see if anything there stands out.
I'm not sure what happened yet... or what was actually being deleted. And I don't know where to look to find that info. :/

#3 Jimbob85

Jimbob85

  • Members
  • 308 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:VA, USA
  • Local time:07:37 PM

Posted 15 January 2013 - 11:52 AM

Sorry no one has been able to respond as of yet. From what you are describing, my guess is, that because of the hard shutdown when the breaker was thrown your pc was running a chkdsk on start up. If you want I would be glad to give you further info or even take a look at the chkdsk report for you, just let me know. It also may not be a bad idea to run your HDD manufacturers diagnostic test to make sure the drive is okay. If that test passes then you are probably okay. Chkdsk may have just been doing some house keeping.

#4 millipede

millipede
  • Topic Starter

  • Members
  • 617 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:outer space
  • Local time:07:37 PM

Posted 15 January 2013 - 12:02 PM

Thanks so much for the reply. Is it typical for chkdsk to show "deleting files ______" or something along those lines, and a LOT scrolling across the screen?
Do you think I should go ahead and try booting to normal mode at this point and see what happens?

#5 Jimbob85

Jimbob85

  • Members
  • 308 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:VA, USA
  • Local time:07:37 PM

Posted 15 January 2013 - 12:10 PM

It does happen sometimes but I would not say that it happens "typically". I would try to go ahead and boot into windows if it were me. I would however run the diags on the drive just to make sure that the drive is ok and, I personally would force a chkdsk to run as well, which will have to run on reboot. That's my 2 cents worth. :hysterical:

#6 millipede

millipede
  • Topic Starter

  • Members
  • 617 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:outer space
  • Local time:07:37 PM

Posted 15 January 2013 - 12:51 PM

Okay, I boot to normal mode without any apparent problems.
I opened up the Dell Support Center and ran their recommended hardware test, which tested all hardware including a short smart self test for the hdd. everything passed without problems.

I googled quickly where to find chkdsk results. I always forget those things but remembered it was easy to find. If what I found was correct, it was listed as wininit under source in the application(under windows) section of event viewer. I found one entry, and it was a chkdsk log... only, it was from last May or something. Nothing from yesterday.
So now I would have to wonder... is there nothing listed from yesterday because I shut the thing down during whatever was happening? Or, because what was happening was something else? I don't want to find that I've lost a ton of files... but, I don't even know where to look to see what could be missing. Everything seems to be working well enough that, I would think if a bunch of files got deleted I'd be running into problems already.
I'll go ahead and force a chkdsk in a minute here.

#7 Jimbob85

Jimbob85

  • Members
  • 308 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:VA, USA
  • Local time:07:37 PM

Posted 15 January 2013 - 01:09 PM

Your assumption is very likely correct. A shutdown during a chkdsk would prevent a log. This is why I would force a chkdsk, so that I could read the log. I doubt that any of your data was deleted, like I said before my assumption is that it was gen house keeping. It would mot hurt to verify your important data anyway with the hard shutdown.

#8 millipede

millipede
  • Topic Starter

  • Members
  • 617 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:outer space
  • Local time:07:37 PM

Posted 15 January 2013 - 02:19 PM

Ran chkdsk... no errors found that I saw. Saw nothing that looked anything like what I saw (the deleting files thing).
Anyway... here's some info. Let me know if I need to save and post it in another way or something...

Log Name:      Application
Source:        Microsoft-Windows-Wininit
Date:          1/15/2013 1:06:27 PM
Event ID:      1001
Task Category: None
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      Inspiration
Description:


Checking file system on C:
The type of the file system is NTFS.
Volume label is OS.


A disk check has been scheduled.
Windows will now check the disk.                         

CHKDSK is verifying files (stage 1 of 3)...
  354048 file records processed.                                         

File verification completed.
  689 large file records processed.                                   

  0 bad file records processed.                                     

  0 EA records processed.                                           

  44 reparse records processed.                                      

CHKDSK is verifying indexes (stage 2 of 3)...
  411522 index entries processed.                                        

Index verification completed.
  0 unindexed files scanned.                                        

  0 unindexed files recovered.                                      

CHKDSK is verifying security descriptors (stage 3 of 3)...
  354048 file SDs/SIDs processed.                                        

Cleaning up 400 unused index entries from index $SII of file 0x9.
Cleaning up 400 unused index entries from index $SDH of file 0x9.
Cleaning up 400 unused security descriptors.
Security descriptor verification completed.
  28738 data files processed.                                           

CHKDSK is verifying Usn Journal...
  34875168 USN bytes processed.                                            

Usn Journal verification completed.
Windows has checked the file system and found no problems.

 475730943 KB total disk space.
 107754052 KB in 199491 files.
    119116 KB in 28739 indexes.
         0 KB in bad sectors.
    470647 KB in use by the system.
     65536 KB occupied by the log file.
 367387128 KB available on disk.

      4096 bytes in each allocation unit.
 118932735 total allocation units on disk.
  91846782 allocation units available on disk.

Internal Info:
00 67 05 00 92 7b 03 00 69 8c 06 00 00 00 00 00  .g...{..i.......
95 12 00 00 2c 00 00 00 00 00 00 00 00 00 00 00  ....,...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................

Windows has finished checking your disk.
Please wait while your computer restarts.

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" />
    <EventID Qualifiers="16384">1001</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2013-01-15T19:06:27.000000000Z" />
    <EventRecordID>37172</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>Application</Channel>
    <Computer>Inspiration</Computer>
    <Security />
  </System>
  <EventData>
    <Data>

Checking file system on C:
The type of the file system is NTFS.
Volume label is OS.


A disk check has been scheduled.
Windows will now check the disk.                         

CHKDSK is verifying files (stage 1 of 3)...
  354048 file records processed.                                         

File verification completed.
  689 large file records processed.                                   

  0 bad file records processed.                                     

  0 EA records processed.                                           

  44 reparse records processed.                                      

CHKDSK is verifying indexes (stage 2 of 3)...
  411522 index entries processed.                                        

Index verification completed.
  0 unindexed files scanned.                                        

  0 unindexed files recovered.                                      

CHKDSK is verifying security descriptors (stage 3 of 3)...
  354048 file SDs/SIDs processed.                                        

Cleaning up 400 unused index entries from index $SII of file 0x9.
Cleaning up 400 unused index entries from index $SDH of file 0x9.
Cleaning up 400 unused security descriptors.
Security descriptor verification completed.
  28738 data files processed.                                           

CHKDSK is verifying Usn Journal...
  34875168 USN bytes processed.                                            

Usn Journal verification completed.
Windows has checked the file system and found no problems.

 475730943 KB total disk space.
 107754052 KB in 199491 files.
    119116 KB in 28739 indexes.
         0 KB in bad sectors.
    470647 KB in use by the system.
     65536 KB occupied by the log file.
 367387128 KB available on disk.

      4096 bytes in each allocation unit.
 118932735 total allocation units on disk.
  91846782 allocation units available on disk.

Internal Info:
00 67 05 00 92 7b 03 00 69 8c 06 00 00 00 00 00  .g...{..i.......
95 12 00 00 2c 00 00 00 00 00 00 00 00 00 00 00  ....,...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................

Windows has finished checking your disk.
Please wait while your computer restarts.
</Data>
  </EventData>
</Event>


#9 Jimbob85

Jimbob85

  • Members
  • 308 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:VA, USA
  • Local time:07:37 PM

Posted 15 January 2013 - 02:31 PM

I won't claim to know all that much about chkdsk but from what I do know...

0 KB in bad sectors : this is very good news. From what I see it looks like chkdsk did some cleanup but other than that the log looks good. :thumbsup:

Since your dell diags and chkdsk all came back okay I would say that very likely you have nothing to worry about. Of course like always there is no substitute for good practices, make sure to keep all of your data backed up.

#10 millipede

millipede
  • Topic Starter

  • Members
  • 617 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:outer space
  • Local time:07:37 PM

Posted 15 January 2013 - 02:35 PM

Thanks... I was quite paranoid about viruses because that laptop hard drive that I popped into my desktop was empty except for 98mb that I was unable to see. And the lady and her daughter could give me no insight as to how that happened. Kids... I was told she didn't download things but she had to have gotten into something somewhere... And now it's all gone. I'm going to put that one back into the laptop and format it... and try to contact Acer and see if there's a way to re-install windows... but, I'm thinking they might be out of luck on that.
Oh the joys of computers. :)

#11 Jimbob85

Jimbob85

  • Members
  • 308 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:VA, USA
  • Local time:07:37 PM

Posted 15 January 2013 - 02:52 PM

A thought about the laptop hard drive. I would suspect a bad HDD from the way you are describing the drive and what all has happened. I would try a HDD diag test on that drive. It may be more than just data corruption, which a format and reload will not fix. I am posting instructions below for using the Western Digital HDD diag test, which will test other drives as well, you just cant use it on a warranty claim that way. I would recommend using an adapter to connect the laptop drive to your pc if possible. That way you can start the "other" drive once you have booted your pc. This should prevent any future chkdsk's on boot, unless you have another hard shutdown. :lol:



Please read and reread this in detail before you start, if you have any questions please ask!!

Please click the DOWNLOAD link on this Page, under the pic of a HDD
Save it to and unzip it to your desktop
Open the app and select your drive under "Drive#"
Click the little drive above the top information box
Pick "Extended Test" and then start
This test will take a while with larger drives
NOTE: DO NOT select Write Zeros in the last box or you WILL lose all of your data!! Please be careful and double check what you pick!!!!

#12 millipede

millipede
  • Topic Starter

  • Members
  • 617 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:outer space
  • Local time:07:37 PM

Posted 15 January 2013 - 03:18 PM

I may have used that application for another hard drive on another computer not all that long ago.
I'm not sure I have any kind of such adapter. I'm certain I don't. What would that be called exactly so I can look around and see how much they are as that would be quite handy.
As it is, I have to turn my computer off, disconnect the wire from my dvd drive and plug it into the hdd before turning the computer back on. I just don't have extra connections in there even.

#13 Jimbob85

Jimbob85

  • Members
  • 308 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:VA, USA
  • Local time:07:37 PM

Posted 15 January 2013 - 03:25 PM

I personally have used an adapter very similar to this one. StarTech makes very good stuff. They are others types of adapters as well, but this one works and is usually cheaper.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users