Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hard Drive Fail Warning or Virus?


  • This topic is locked This topic is locked
9 replies to this topic

#1 shark13

shark13

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:11:23 AM

Posted 22 April 2014 - 06:29 PM

Hello,

I awoke this morning to a box that appears to be from windows stating that my hard drive is about to fail and that I should back up my data immediately (done).  After further research though it appears that there are also viruses that mimic this alert for different purposes.  Is there a way we can scan/search my system and determine if my hard drive is really about to fail or whether I have a virus?

 

Thanks,

 

Marc

Attached Files



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:23 PM

Posted 23 April 2014 - 05:05 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

Use the Windows Error Checking utility (Check Disk), with the options to fix file system errors and scan the disk surface for errors, attempt recovery of data and repair the disk:

  • Click the "Windows Orb" Start button, then click Computer.
  • Right-click on the drive that you wish to check > Properties > Tools tab
  • In the "Error checking" section, click on Check now.
  • Place a checkmark in both boxes > Start.
  • If the disk you have chosen is the Windows system disk:
  • A message will notify you that a restart is necessary ask "Do you want to check for hard disk errors the next time you start your computer?".
  • Click Schedule disk check > OK and close all windows.
  • Re-start the computer. The disk will be checked when the system boots.
  • This will take some time to run and at times may appear stalled but just let it run.
  • When the disk check is complete, the system will re-start automatically and load Windows.


A log of the disk check is recorded only if the scheduled re-start is used, and only for drives on the same HDD as the Operating System.
To open Event Viewer and view the log:

  • Click the "Windows Orb" Start button -> type "eventvwr" without the quotes -> press the key.
  • The Event Viewer window will open.
  • In the left pane, expand "Windows Logs" and then click on Application.
  • In the right pane, at the top, click on the column heading Source to sort the list alphabetically.
  • Look in the Source column for "Wininit", with an entry corresponding to the date and time of the disk check.
  • Click on that Wininit entry to select it.
  • On the top main menu, click Action > Copy > Copy Details as Text.
  • Paste the contents into your next reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 shark13

shark13
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:11:23 AM

Posted 23 April 2014 - 01:36 PM

Hello Marius,

Thank you for your help.  After I received the message and after I backed everything up I ran this test (yesterday).  I have listed the result from that test below.  

 

Log Name:      Application
Source:        Microsoft-Windows-Wininit
Date:          4/22/2014 11:07:33 AM
Event ID:      1001
Task Category: None
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      BUSINESS
Description:


Checking file system on C:
The type of the file system is NTFS.


A disk check has been scheduled.
Windows will now check the disk.                         

CHKDSK is verifying files (stage 1 of 3)...
  421376 file records processed.                                         

File verification completed.
  807 large file records processed.                                   

  0 bad file records processed.                                     

  0 EA records processed.                                           

  59 reparse records processed.                                      

CHKDSK is verifying indexes (stage 2 of 3)...
  506616 index entries processed.                                        

Index verification completed.
  0 unindexed files scanned.                                        

  0 unindexed files recovered.                                      

CHKDSK is verifying security descriptors (stage 3 of 3)...
  421376 file SDs/SIDs processed.                                        

Cleaning up 926 unused index entries from index $SII of file 0x9.
Cleaning up 926 unused index entries from index $SDH of file 0x9.
Cleaning up 926 unused security descriptors.
Security descriptor verification completed.
  42621 data files processed.                                           

CHKDSK is verifying Usn Journal...
  35715816 USN bytes processed.                                            

Usn Journal verification completed.
CHKDSK discovered free space marked as allocated in the
master file table (MFT) bitmap.
CHKDSK discovered free space marked as allocated in the volume bitmap.
Windows has made corrections to the file system.

 294095871 KB total disk space.
 156805232 KB in 253515 files.
    132196 KB in 42622 indexes.
         0 KB in bad sectors.
    533015 KB in use by the system.
     65536 KB occupied by the log file.
 136625428 KB available on disk.

      4096 bytes in each allocation unit.
  73523967 total allocation units on disk.
  34156357 allocation units available on disk.

Internal Info:
00 6e 06 00 d5 84 04 00 57 9c 07 00 00 00 00 00  .n......W.......
a5 7f 00 00 3b 00 00 00 00 00 00 00 00 00 00 00  ....;...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................

Windows has finished checking your disk.
Please wait while your computer restarts.

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" />
    <EventID Qualifiers="16384">1001</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2014-04-22T21:07:33.000000000Z" />
    <EventRecordID>66096</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>Application</Channel>
    <Computer>BUSINESS</Computer>
    <Security />
  </System>
  <EventData>
    <Data>

Checking file system on C:
The type of the file system is NTFS.


A disk check has been scheduled.
Windows will now check the disk.                         

CHKDSK is verifying files (stage 1 of 3)...
  421376 file records processed.                                         

File verification completed.
  807 large file records processed.                                   

  0 bad file records processed.                                     

  0 EA records processed.                                           

  59 reparse records processed.                                      

CHKDSK is verifying indexes (stage 2 of 3)...
  506616 index entries processed.                                        

Index verification completed.
  0 unindexed files scanned.                                        

  0 unindexed files recovered.                                      

CHKDSK is verifying security descriptors (stage 3 of 3)...
  421376 file SDs/SIDs processed.                                        

Cleaning up 926 unused index entries from index $SII of file 0x9.
Cleaning up 926 unused index entries from index $SDH of file 0x9.
Cleaning up 926 unused security descriptors.
Security descriptor verification completed.
  42621 data files processed.                                           

CHKDSK is verifying Usn Journal...
  35715816 USN bytes processed.                                            

Usn Journal verification completed.
CHKDSK discovered free space marked as allocated in the
master file table (MFT) bitmap.
CHKDSK discovered free space marked as allocated in the volume bitmap.
Windows has made corrections to the file system.

 294095871 KB total disk space.
 156805232 KB in 253515 files.
    132196 KB in 42622 indexes.
         0 KB in bad sectors.
    533015 KB in use by the system.
     65536 KB occupied by the log file.
 136625428 KB available on disk.

      4096 bytes in each allocation unit.
  73523967 total allocation units on disk.
  34156357 allocation units available on disk.

Internal Info:
00 6e 06 00 d5 84 04 00 57 9c 07 00 00 00 00 00  .n......W.......
a5 7f 00 00 3b 00 00 00 00 00 00 00 00 00 00 00  ....;...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................

Windows has finished checking your disk.
Please wait while your computer restarts.
</Data>
  </EventData>
</Event>



#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:23 PM

Posted 24 April 2014 - 03:53 AM

Your system indicates some hardware issues.

Let´s scan for possible malware, then we send you to the general pc help.

 

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 shark13

shark13
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:11:23 AM

Posted 24 April 2014 - 04:58 PM

Hello,

Below is a list of threats found.

 

C:\Users\Beads Worldwide\Desktop\My Downloads\cbsi-3_2_5_41-10910569.exe    a variant of Win32/CNETInstaller.A potentially unwanted application
C:\Users\Beads Worldwide\Desktop\My Downloads\MightyFAX_Keygen.exe    a variant of Win32/Keygen.CY potentially unsafe application
C:\Users\Beads Worldwide\Desktop\My Downloads\SDFix.exe    Win32/PrcView potentially unsafe application
C:\Users\Beads Worldwide\Desktop\My Downloads\mightyfaxv3.07keygenorion\MightyFAX_Keygen.exe    a variant of Win32/Keygen.CY potentially unsafe application
C:\Users\Beads Worldwide\Desktop\My Downloads\SmitfraudFix\Process.exe    Win32/PrcView potentially unsafe application
C:\Users\Beads Worldwide\Desktop\Truck Folder\temp\search\settings.php    PHP/Kryptik.AB trojan
 



#6 shark13

shark13
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:11:23 AM

Posted 24 April 2014 - 04:59 PM

I also wanted to point out that previously I was getting a message about the state of my hard drive every 10-15 minutes in the form of a popup.  I never selected the option to stop all future reminders.....I only canceled each message individually.  Well, for the last day or so I have not seen a message pop up.  I just thought this may be relevant.

 

Thanks



#7 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:23 PM

Posted 25 April 2014 - 04:45 AM

 

C:\Users\Beads Worldwide\Desktop\My Downloads\cbsi-3_2_5_41-10910569.exe    a variant of Win32/CNETInstaller.A potentially unwanted application
C:\Users\Beads Worldwide\Desktop\My Downloads\MightyFAX_Keygen.exe    a variant of Win32/Keygen.CY potentially unsafe application
C:\Users\Beads Worldwide\Desktop\My Downloads\SDFix.exe    Win32/PrcView potentially unsafe application
C:\Users\Beads Worldwide\Desktop\My Downloads\mightyfaxv3.07keygenorion\MightyFAX_Keygen.exe    a variant of Win32/Keygen.CY potentially unsafe application
C:\Users\Beads Worldwide\Desktop\My Downloads\SmitfraudFix\Process.exe    Win32/PrcView potentially unsafe application
C:\Users\Beads Worldwide\Desktop\Truck Folder\temp\search\settings.php    PHP/Kryptik.AB trojan

Delete these files.

 

 

 

When finished, please start a new topic here: http://www.bleepingcomputer.com/forums/f/7/internal-hardware/

Tell the helper that you came from here and no malware was detected.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#8 shark13

shark13
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:11:23 AM

Posted 25 April 2014 - 01:05 PM

Does this mean that the pop up I am receiving is legitimate and not a virus in any way?



#9 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:23 PM

Posted 28 April 2014 - 07:01 AM

There is no malware detected that may have faked this message and your log files show evidence of hard drive failures.

No, I don´t think this is malware related.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#10 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:23 PM

Posted 08 May 2014 - 04:21 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users