Hello….I really think I may have a virus that has destroyed the bootsect on my drive making it un-detectable to the computer!!!!
I cannot boot into the WinRE via a disk or partition at all!
[How It All Started] Over a month ago, the left button on my Elan Touchpad just randomly quit working. I have an Asus K52Jc Laptop with Intel i5 processor and a Seagate Momentus 7200.4 500GB HDD that is just over 3 years old. I have been running Webroot Secure Everywhere AV for all of this time and have never had a problem with a virus/rootkit of any kind before this random problem. Therefore, I thought that maybe I just needed to upgrade the driver for the touchpad.
So I went to http://support.asus.com and downloaded the newest driver and install it…this didn't fix the left button issue. So, I rolled back the driver and tried another Elan Touchpad driver...still didn't fix the problem. Next, I took a look in the registry to see what the values were for the touchpad features…(to see if somehow the left button had been disabled)...and I found a lot of weird values...instead of 0's, 1's, or 2's, I found a couple of 13’s, a 14 value and many that were 3's and 4's!!! Weird!!! So I ran a scan with Webroot to see if maybe I had a virus of some sort…it just found a few pup files, but nothing that looked staggeringly dangerous!
[Mistake #1] While searching for answers, I saw something about AVG's PCTune-Up Utilities 2014…(I hate to say it…but I think I found it from a “google advertisement” that happened to be on bleepingcomputer.com), so I started doing research on it & read a bunch of info about it that seemed pretty good at the time so I downloaded their trial (7 days...I think!)
Well, it ran a bunch of tests and found a lot of errors, broken links, junk files, empty folders, etc. and it either got rid of then, or quarantined them. After that, the computer really seemed to be doing a lot better, but that stupid left touchpad button still wasn't working. (I know…I SHOULD have asked for help at this point!!!)
[Mistake #2] Well, since I had found all those strange values in the registry, I decided to do the "Registry Cleaner Utility" included in the AVG Utilities to see if it could find the error that was causing the left button to not function…(YES…I know...They are NEVER RECOMMENDED by most support people!!! Wish I had known that BEFORE I ran the cleanup!!!)
Anyway...it found a lot of errors and said that they had all been fixed and that I needed to restart the computer...which I did. Then I got a message that there were quite a few drivers that needed to be updated. So I did the driver update. After that completed, it asked me to restart the computer. When it came back on, it loaded Windows fine for about 10 minutes and then just suddenly closed and started to reboot….when it came back on the second time, it went to a black SOD!!! (It's acting much like what this poster described, or maybe like this one, but I didn't want to try any of the fixes suggested with out being told to do so!!!) So, I don't know if it's viral, or related to a registry, or update item!!!
[One “Saving Grace”] I do have a Western Digital External Drive for my back up, but I'm not religious about doing then & unfortunately the back up is over a year and a half old!!! However, it does have a .vhd file of the Computer from 2013-02-13. It also has a BootSect.BAK, a Bootsect.exe.mui file in a "en-US" folder and a Recovery.dat file on it. There may even be an NTUSER.dat file in it, but I'd have to keep looking through the backup zip files for it. (There are over a Hundred zip files in the backup!) Even with those files...at this point, I wouldn't want to try and install any of them, without your help and guidance through the process (for fear I'd "F" it up even more!!!!)
[How I’m Connected Now] I have an old HP Win XP computer (on which I'm writing to you now) so I originally downloaded AVG's Repair Disk and made a bootable USB, but I had no idea what I was doing, so I started looking for help from AVG. What an absolute JOKE that was!!!
Furthermore…I would NEVER recommend using any of AVG’s products, because I think their “Support Department" is, at best: extremely difficult to find (try finding a phone number that works to their India based agents), and at worst: an unintelligible, almost impossible to understand (because of their heavily accented & broken English) and completely useless “resource” (if you can call it that), unless you’re willing to pay them for what their software messed up to begin with!!! To me…it’s almost as bad as “ransomware”! (Just My Opinion!!!)
I called a ton of numbers to even find them and when I was finally able to speak to an AVG Tech, they wanted me to pay over $300 to "try" to fix my issues!!! A--holes...pay them to fix an issue that THEIR SOFTWARE had created!!! I told them they were crazy!!! Now I figure that it may have been a rootkit that was installed somehow, but still...I think they SHOULD have helped me...WITHOUT A CHARGE!!! Oh well...what's done is done!
[My Thoughts] Right now, it will not even read that the drive is installed. I don’t think that the heads have gone bad, or that the drive itself has failed…I think something has just completely corrupted the entire Bootsect & MBR, because I can hear the seek-arm looking for the boot sector, and when it cannot find it, it quits, but the seek-arm is NOT stuck and platter IS spinning just fine. (I also took the cover off and watched it!!!)
[What I’ve Tried] Initially, I did try chkdsk and fdisk (I think…it’s been over a month now!) and the drive initially showed up, but then all of the sudden it was gone…so maybe I messed it up further! Also...I have also tried the Partition MiniTool, TestDisk and PhotoRec, all to no avail, because as I said…it doesn’t even show the hard drive at all anymore as being connected at all...as a dev/sda, dev/sda0 or dev/sda1!
When loading the AVG Repair Disk I have been able to see that it says "NTFS signature is missing"! AND "cannot mount dev/sda...boot mgr corrupt or missing"! Also, during the 'Startup Repair Diagnosis' I think I also got this error "0xc0000e9" And, in a 'Temp File' on the Desktop there's one that says it found the "Error Code = 0x15 Boot Mgr is missing or corrupt" (I think that's from when I had the drive in an external enclosure trying different tests!)
[I Got a "Matched Drive"] I was able to find another drive on eBay that was made within a month of mine and ALL of the data, firmware, etc. (including the numbers on the stickers on the PCBs) are the same as on mine!!! So when it got here, I swapped out the PCBs to see if it would be able to read the Boot Sector on that corrupt HD...it would not…but then again, that could have been because there was NO information on the RAM of that PCB yet...I'm not sure!!!
See, at that point, I had NOT restored my backup onto it, nor had it been formatted or partitioned yet (because I don’t know how to do that!) So my thought process now is that maybe if I can “Restore” the backup from last year on that new drive, and THEN change out the PCBs…maybe it would actually see it…who knows!?!?!?! Or maybe you’ll have a way to walk me through something else...like a software fix, and then that won't be necessary?!? I'm not sure!!!
I have also purchased “Recovery Software” and a “System Disk” from neosmart.net (neither of which did any good) and I bought “Recover My Files” from getdata.com (which did absolutely nothing either…it couldn’t even see the drive either), so now I’m completely at a loss.
I have also taken the computer completely apart and cleaned every inch of it's insides (which was extremely dirty!) The point of doing this was to get to the CMOS button battery below the keyboard, because a tech I know suggested that taking it out for about 30 seconds which, he said, should reset the CMOS! But that didn’t do anything to help the situation. (Stupidly, I just put the same one back in the board and then put it back together…I probably should have put a new one back in its place, but it's too much trouble now to take it all apart and put it back together again, just for that one little battery...unless you think it'll make a difference?!?!?)
[The Bottom Line] What it comes down to is that I'd REALLY like to be able to fix this drive if there is ANY POSSIBLE WAY and not lose all of that data from the last year and a half!!! Because, if I can't, it will devastating! I cannot tell you how many hours of work that is!
Oh...and since I cannot even boot the computer, except into Parted Magic, or to Hirens or one of those, I don't know if I could even run the Gmer or the DSS items on the Asus Computer, because it cannot find the HD, much less boot into Windows!!! But I could post the information that Parted Magic gives me in the "System Information" program if you need it. I’ve also been able to boot into MiniXP on the Hiren’s Live Boot CD.
At the urging of my tech friend, I posted on techsupportforum.com…I did get a response from a tech…but without even trying ANYTHING at all, he told me the drive’s shot and to just install from the backup and start from there on the new drive! Really frustrating!!! So, that support ticket is now closed. I have also downloaded a ton of things like Puppy, RuntimeLiveCD, Systemresccd, and a lot of others, but at this point I haven’t tried to do anything with them, because I didn’t want to make more of a mess of this thing without asking YOU GUYS first for your help and ideas…I now know now that’s what I should have done to begin with!!!
[One Bit of Really Good News!!!] When I was booted into either Parted Magic or one of the programs on the Hiren’s disk…the left button on the touchpad DID WORK!!! So, this tells me that, as I suspected, the problem is NOT A HARDWARE FAILURE…is has to be a software setting that “something”, such as a virus, had changed the settings for the touchpad, making it partially unusable!
[Maybe More Good News] I forgot to mention, that when this drive was functional, I had stored all of the Windows files and all of the Program Files on the C: Partition...and all of my Data Files were on the other D: Partition! In other words, if I could only recover that D: Partition, I would have all of my files back from the last year and a half!!! I hope that helps in some way!!!
Currently, the newly purchased empty eBay drive (which has all the same numbers as the original corrupt drive: ST9500420AS, PN: 9HV144-286 & FW: 0003SDM1…even the numbers on the PCB stickers are identical!!!) is installed inside the ASUS computer. The original drive (the one with the corrupt Boot Sector) is in an external enclosure and connected via USB and I think it is showing up in Midnight Commander as the /sr0 drive but I can’t be positive! Do I need to put it back inside the Asus before we proceed?
I also went to Tiger Direct and bought another 1 Terabyte Seagate SSHD that I thought about either installing as the main HD, once all of this is figured out…or I can just take it back for a refund, if we find that my drive can be saved, and then I’ll used the one from eBay as another backup (or vice versa), or as extra storage in an external enclosure.
I know this is long, but…Thank You Soooo Much in advance for any help you can give me...I use this Asus computer for ALL of my work stuff and I am going to just be sick if y'all are unable to help me!!! Thanks again...Wendi
Edited by Wendi_W, 20 October 2014 - 05:39 PM.