During the last weeks I have experienced 2 sudden incidents that have made my system unbootable and wiped the partitions on both my disks (total data loss). This has been initiated by apparent driver downloads/updates that have started automatically ”out of the blue”. Both happened on the evening of the 15th (January and February).
SYMPTOMS: There have been three incidents. The two last ones I’m sure are related, but the first one may have a "normal" explanation and may well not be related to the other two:
#1. In DELL BIOS I turned NVIDIA Optimus technology from OFF to ON. When exiting BIOS and starting Windows new display drivers were downloaded and installed automatically (no questions asked). After a required reboot a number of system files were missing, error messages started to appear, one of the security options in Windows 7 was disabled and couldn’t be enabled (I am on an XP system now and don’t remember the name). Norton IS, Spybot S&D and Windows Defender did not find anything. I finally recovered the system from a Norton Ghost image from a few days prior to the BIOS change.
#2. A update window suddenly appeared on the screen (not initiated by me). The title bar said something about updates of Intel drivers (wireless driver was one of them). It developed into a black screen with a progress bar and red letters across it (”do not turn your computer off” or something like that). I think it also was with a Windows logo like during the startup process. According to the messages about three different updates were performed – all BIOS related. One of them was EC BIOS. I have had DELL computers for some years, but never experienced automatic BIOS updates like this – and I’m quite sure it was no question about if I wanted to do the update or not (or later). After the ”updates” had finished, the computer restarted. Then a blue screen for a short while and an endless self running loop of new startup attempts and the same blue screen reading among others:
”A problem has been detected and Windows has been shut down to prevent
damage to your computer…
*** STOP: 0X0000007E (…
Dumping physical memory to disk…”
Using an external USB enclosure I connected both disks (system SSD and data HDD) to another laptop (XP). No data was found (no partitions).
Again, I recovered the system disk from a Norton Ghost image (from a month back in time). A bit later the data disk in mysterious ways became readable again. I’m not sure what I did to do that (maybe it happened independently of my efforts).
I suspected an infection and did repeated thorough scans with the programs mentioned below. Nothing found.
The DELL logo was no longer showing during the startup process, something I am quite sure it did before. I did repeated attempts to flash a BIOS update (from A07 to A09), but nothing happened (still A07). Even flashing from a USB stick during startup (with USB before HDD in the start up sequence) did not work. I ran the ePSA Pre-boot System Assessment - no problems found. This was during a very busy period, so I did not have time to take it any further.
#3. Quite similar to #2. This time it started with a completely empty DOS window (black) appearing on the screen. The title bar said something about installing. Shortly afterwards there was a small Windows message box also saying something about installing (network (?) drivers I think). No questions asked. I quickly closed both windows, but about half a minute later the system shut down, restarted and went into the same blue screen-start up loop as in #2. Although this time with a slightly different error message:
”A problem has been detected and Windows has been shut down to prevent damage to your computer.
*** STOP: 0X0000003B (…
Dumping physical memory to disk…”
I have photos of several blue screens from both incident #2 and 3 (they are the same within but not between incidents).
All partitions were gone and both disks were again empty (external enclosure connected to another laptop). EaseUS Partition Master did not find any partitions (but the disks showed up OK). EaseUS Data Recovery Wizard (should be a powerful tool) gave no results during Partition Recovery. In the Complete Recovery it recognized the small (about 16 MB) ”FAT16 (DELL)” partition on the system drive, but nothing else. I find this odd. In this last incident it was only about 1 minute from the installation message appeared to system shutdown. Even on a speedy SSD that shouldn’t be enough to wipe the whole disk that thoroughly clean.
Apart from the incidents above there have been no obvious signs of virus/malware infections (no popup windows, no redirected web pages, no unusual messages about virus scanning needed and no system crashes). This is where I stand now.
OCCURRENCE: Incident #1 was in November (not sure about date). Incidents #2 and #3 were on 15th January and 15th February, respectively. Both happened at about 9 PM (UTC+1). Very odd that it happened on the same date (15th) and time...! In both cases (#2 & 3) the download window(s) appeared out of the blue as I was passively watching web TV. There had not been any downloads, clicks on links or anything for an hour or more prior to this.
SOFTWARE: I have Norton Internet Security installed and active as my main protection (2012 version, updated to 2013 a couple of weeks ago). I run weekly full scans of my system with this program. I also do weekly full scans with Spybot - Search & destroy, Windows Defender and Secunia PSI. After the incident a month ago I also installed Malwarebytes Anti-malware and have run several full scans with it. Signatures have been manually updated prior to all searches with all programs (automatic updates is also active). None of these programs have ever found anything else than a couple of low rated browser cookies. Windows update is automatic. Java has been held updated. I don't use Adobe Acrobat/Acrobat Reader. Main browser is Firefox (occasionally Chrome and IE). I am security conscious and don't open/preview links or attachments in suspicious e-mails. The same during browsing. I have installed some programs/utilities (no games) from sites I thought were secure (mostly download.com/CNET), but have always scanned the downloaded files with Norton IS and Spybot S&D before installation.
SYSTEM: DELL Latitude E6430 with Windows 7 64-bit. Samsung SSD as system disk, Seagate HDD as data disk in internal HDD caddy. Intel i7-3720QM and NVIDIA NVS 5200M. The laptop was new in October.
It seems a bit strange that a virus or malware is this "lethal", but still I cannot see any other likely explanation. I haven't done a clean install yet. I know that some bugs may be difficult to find, but I am still puzzled by the fact that none of the anti-virus/-malware programs I have been using have found anything and that the system has been running so normal until these incidents suddenly occurs. I have read that viruses/malware may hide in the boot sector or in the BIOS. Can that be the problem here?
I would be very grateful for any suggestions.