Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HDs not in Drive Image XML


  • Please log in to reply
9 replies to this topic

#1 PieLam

PieLam

  • Members
  • 242 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Memphis, TN
  • Local time:11:20 PM

Posted 19 September 2014 - 10:02 AM

Hi all,
 
I have this wierd problem that I can't figure out...  I'm not 100% sure that it's even Malware, but I don't know what else it could be... (I pride myself on knowing these kinds of things)
 
In the past, I would simply run the malware tools that are on my flash drive.  Doing that, usually cured my infections.  I've done just that about 2 previous times now.  Before those times though, I sought & followed the expert help here on BC.  I've been very happy with the help I've gotten here.  This time, I'm stumped and need the experts' help again...  (this'll be round 4 on BC)
 
Now, on to my strange (to me) problem...
 
I don't schedule regular timely back-ups even though I know I should. 
 
Yesterday, I decided I should create a new back-up since my last one was old (in June).  I also decided that I should back-up ALL 5 of my systems, since I usually just BU my main system (one system is actually used by my wife & I rarely use it, another system is one that my daughter uses & that I rarely use as well) [I have & use my own account on both of these.]
 
All but one are running Win 7.  The 5th one is running FreeDOS and is pretty much like an old-old MS-DOS (pre-Windows. I know I'm dating myself) system that I use for nostalgic & compatibility reasons.  I rarely use it as well.  In fact, it's been 2-3 months, probably more, since I used it last. Since it is a "DOS" environment system, I may not bother with a BU for it (since my BU app is a Windows app) [I use Drive Image XML].  But, I haven't made a concrete decicion about this, yet. 
 
My main system (named PIE5), where this problem started, had been doing strange things, these past few days, that I don't understand. One of the biggest things was: in trying to save a document from notepad & MS Word.  Notepad told me that the directory (folder) doesn't exist, Word just wouldn't save (no error message given).  This folder, that I was saving to, wasn't a new location, it was one that I'd saved other documents (DOX) in the past.  I even verified the folder's existance in Windows Explorer, fearing an HD problem.  That's when I concluded that I'd gotten infected somehow, someway, & un-be-knownst to me.  (In the past, I always knew the cause of my infections.)  
 
So, I ran AdwCleaner, attempted to run MS Rootkit Revealer,  but it wouldn't run.  MS Rootkit Revealer gave me an error message, but I just dismisssed it since MS Rootkit Revealer is a MS product.  After that, I ran AntiSpyware by SUPER AntiSpyware, Anti Root kit by Malwarebytes (ran fine), & MiniTool Box.  In that order from a folder on my HD which is a duplicate of the folder on my flash drive.  No major problems were found, so I assumed things were ok, but that was all before yesterday (9-18-2014) when the biggest issue revealed itself, in attempting to create a BU.
 
I tried to run Drive Image XML, it opened fine, but when I clicked on the <back-up> button all 3 HDs (C:, D:, & F:) were missing, when I was to select them for backing up.  I got a little panicky.  Then, I gained a little comfort when I opened "My Computer", & seen all 3 HDs were there! I figured, I'd gotten infected somehow, so I decided to get the BU going on the HP LapTop (LT) & deal with the malware on PIE5 afterwards. After installing Drive Image XML from my portable HD, the BU for the LT was underway. It ran, more or less, without any problems.  My panicky state started to subside, thankfully.  
 
Incidenlty, the LT is around 5 yrs old.  This was its first complete BU.  I'm so thankful for the reliability of HP products!
 
After the BU on the LT completed (about 2 hours later), I moved on to the HP NetBook (NB).  
 
Figuring it might have some infections even though it'd only been about a month or so since I'd cleaned it, I ran Anti Malware by Malwarebytes (MBAM). MBAM found zero infections!   :)   Ater installing Drive Image XML just like on the LT, the HD (C:) wasn't in the list of drives to select for BU, just like on PIE5.
 
I left the NB, for now, to try my 4th system (named Sempron28 after its Sempron 2.8 Ghz AMD CPU).  It did the same thing as the NB & PIE5!  My panicky state was back on the rise!   :(
 
Back to PIE5, I thought that I'd be able to run all my malware tools and my C: D: & F: would reappear in Drive Image XML, but they didn't, yet in "My Computer", they're they are, just like on the other 3 systems!
 
On PIE5, this time around, while the BU on the LT was still going, I ran the following in this order: Emsisoft Emergency Kit, Eset Smart Installer, Rogue Killer, & TDSSkiller (not 100% sure about  this one).  None of these corrected the issue & only found a few, what I consider, minor infections.
 
So, at this point, I only have 1 BU out of 5.  I'm completely stumped & don't know what to do, please help me!  My panick level is at DefCon 4...   :)

Edited by PieLam, 19 September 2014 - 10:06 AM.


BC AdBot (Login to Remove)

 


#2 PieLam

PieLam
  • Topic Starter

  • Members
  • 242 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Memphis, TN
  • Local time:11:20 PM

Posted 19 September 2014 - 04:55 PM

OOPS I intended to post my system specs.... Here's the Speccy link to 'em:

 

 

http://speccy.piriform.com/results/ydqZ8R4uKs6inP0C8cg8mQq



#3 JohnC_21

JohnC_21

  • Members
  • 24,002 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:20 AM

Posted 19 September 2014 - 09:08 PM

DriveIMage could be corrupted. I understand you use DriveImage XML but I would recommend you take a look at Macrium Free. This software is one of the fastest imagers around. It will also let you create a WinPE bootable disk with a small download that will let you do offline backups and restores, even to a bare drive which DriveImage cannot. It will also let you browse a stored image by mounting it as another drive letter. If My Computer can see the drives I believe Macrium Free will see them also.



#4 PieLam

PieLam
  • Topic Starter

  • Members
  • 242 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Memphis, TN
  • Local time:11:20 PM

Posted 20 September 2014 - 06:17 PM

 

JohnC_21, on 19 Sept 2014 - 9:08 PM, said:
DriveIMage could be corrupted.
 
I thought of that possibility, but since DriveImage XML ran fine on the LT, and only screwed up on my other 3 systems, I dismissed that possibility in favor of a malware issue.
 

 

I understand you use DriveImage XML
 
Yes, it's worked in the past for me & therefore I'd become  fairly familiar with it.  That's why I continued its use...
 

 

but I would recommend you take a look at Macrium Free. This software is one of the fastest imagers around. It will also let you create a WinPE bootable disk with a small download that will let you do offline backups and restores, even to a bare drive which DriveImage cannot. It will also let you browse a stored image by mounting it as another drive letter. If My Computer can see the drives I believe Macrium Free will see them also.
 
Thanks!!  I'll definitely check into it.  I'm not opposed to trying new & potentially more capable softwares, but I don't particularly like turning my back on tried & true sofware, either.  Neither do I like not knowing why something stopped working.
 
I may be reading too much into this malware thing???  I doubt it though.
 
BTW, what's a WinPE bootable disk?  And by "restore to a bare drive", does that mean like a 'new' never-been-used-before bare drive?  I assumed DriveImage XML could do this, but never tested this since HD failure hasn't happened, YET.  I assumed an image created by DriveImage XML would restore to a new drive.  It seems that I read that it could, but now <???>

Edited by PieLam, 20 September 2014 - 06:20 PM.


#5 JohnC_21

JohnC_21

  • Members
  • 24,002 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:20 AM

Posted 20 September 2014 - 06:30 PM

Yes, I meant a bare unformatted drive. Unless Drive Image changed, under their FAQ it stated that the drive has to be partitioned and formatted before DriveImage could be used. In order to restore the drive you needed to put DriveImage on a BARTPE disk. Macrium will do this for you.

 

 

Q. How do I restore an image back to a working state?

A. Note that you must put the image into an existing partition. If necessary create a new partition with Windows Disk Management first. You do not need to format the drive. The size of the partition you create will determine the size of the drive - for example if you create a 20GB partition and then restore a 10GB size image to it, the size of the drive will still be 20GB.

 

 

As far as the Malware issue goes, have you tried HitmanPro? If Malwarebytes and TDSSkiller found zero issues then I would believe there is no problem. Edit: There is always a chance you have a file system problem.


Edited by JohnC_21, 20 September 2014 - 06:31 PM.


#6 PieLam

PieLam
  • Topic Starter

  • Members
  • 242 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Memphis, TN
  • Local time:11:20 PM

Posted 22 September 2014 - 09:33 AM

JohnC_21, on 20 Sept 2014 - 6:30 PM, said: 

 

Yes, I meant a bare unformatted drive.

 
Just wanted to be sure we were on the same page...  Sometimes my old-school termonology differs.
 
Unless Drive Image changed, under their FAQ it stated that the drive has to be partitioned and formatted before DriveImage could be used.
 
It sounds like your UP on these sorts of things, more than I am.
Partitioning & formatting, though, is not much of an issue for me, especially since "modern" HDs come <low-level> formatted for you.  (In the old days of MFM & RLL HDs, they didn't!)
 

 

In order to restore the drive you needed to put DriveImage on a BARTPE disk. Macrium will do this for you
 
That'd be cool!  What do you mean by a BARTPE disk, I'm not familiar with that term...  Is it the same as a bootable Windows disk?
 

 

As far as the Malware issue goes, have you tried HitmanPro? If Malwarebytes and TDSSkiller found zero issues then I would believe there is no problem.
 
Well, John, it's strange to me... I'm not 100% sure that I actually ran TDSSkiller, I do know, I thought about running it, but it seems that I changed my mind because I thought that it MAY be one of the apps that I shouldn't run unless under the advice of a BC expert, sort ot like ComboFix, etc...
 
I did run HitManPro last night and it did find some infections, but afterwards, when I checked, the same problem with Drive Image persisted!
 
I was very impressed with its speed and that it found more infections!
 
I also ran Macrium last night.  As you predicted it would, all my drives were present!  And after I learned its I/F, It ran W/O any problems.  I'd like to just replace DriveImage with it.  That'd be the easiest thing to do.  But after the trial expires...  Also, doing that, would be like sweeping it under the rug. You don't see it , but it's still there, lurking. It wouldn't actually _fix _ my problem.  :(
 

 

There is always a chance you have a file system problem.
 
What'd be a good way to verify & detect that?

Edited by PieLam, 22 September 2014 - 10:12 AM.


#7 JohnC_21

JohnC_21

  • Members
  • 24,002 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:20 AM

Posted 22 September 2014 - 12:30 PM

The free version of Macrium does not have a trial period. You may have installed the full version.

 

Let's say your computer does not boot because of malware or a bad drive. In order to restore an image of DriveImageXML you would first need to partition the disk and then boot a BartPE disk (Bootable XP OS) that had a DriveImageXML plugin. With Macrium you select WinPE as a Recovery Disk and then it will download some files from the internet. It will ask you to burn a disk or create a iso file. With the Recovery Disk, because it is WinPE, you would be able to boot the disk and do a disk image backup and restore outside of Windows. This is good if as I just mentioned you cannot boot because of malware.



#8 PieLam

PieLam
  • Topic Starter

  • Members
  • 242 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Memphis, TN
  • Local time:11:20 PM

Posted 23 September 2014 - 05:40 AM

JohnC_21, on 22 Sept 2014 - 12:30 PM, said:

The free version of Macrium does not have a trial period. You may have installed the full version.
 
It seems that I did use the full version.  I'll try again...
 

 

Let's say your computer does not boot because of malware or a bad drive.
 
In that case, I'd burn a bootable CD on another PC with the tools I'd need. But, having to do that, would be a pain, though. 
The solution using Macrium would be much simpler & easier!  Thanx!
 
Thanx, again,  for all your help and taking time with me!  I know that I'm not the easiest to deal with, but your help has been great & I'm thankful!

Edited by PieLam, 23 September 2014 - 06:07 AM.


#9 PieLam

PieLam
  • Topic Starter

  • Members
  • 242 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Memphis, TN
  • Local time:11:20 PM

Posted 23 September 2014 - 05:59 AM

JohnC_21, on 22 Sept 2014 - 12:30 PM, said:
The free version of Macrium does not have a trial period. You may have installed the full version.

Edited by PieLam, 23 September 2014 - 06:00 AM.


#10 PieLam

PieLam
  • Topic Starter

  • Members
  • 242 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Memphis, TN
  • Local time:11:20 PM

Posted 23 September 2014 - 06:01 AM

JohnC_21, on 22 Sept 2014 - 12:30 PM, said:
The free version of Macrium does not have a trial period. You may have installed the full version.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users