Results 1 to 6 of 6
This question does not pertain to any specific distribution. I attempted a simple data recovery/transfer on a hard drive that appears to have been infected with an unknown virus. The ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 04-18-2009 #1
- Join Date
- Jan 2007
Viruses and Data Recovery
1. Anything to the identification of what might ruin BIOSs and HDs in this fashion, i.e., the type or identity of what I might be dealing with here.
2. Not being a virus expert, are there any other damage posibilities to the MB?
3. Most importantly, since the boot HD is probably ruined also, how I might attach it to another PC safely such that data recovery on it may be performed and GRUB can be reinstalled, and without further infections? If I understand this correctly, this virus seems to have unlimited capability, and this is similar to the redirectional virus that I encountered recently, where the infected HD when connected as Slave drive, was still identified by the PC as the boot drive despite the jumper settings.
Any insight would be greatly appreciated.
- 04-18-2009 #2
It is rare for a virus to corrupt the BIOS.
I would go ahead and try mounting it as
a slave on a computer running linux, and
try to look at the data.
If it locks up the computer, it's probably a
- 04-18-2009 #3
- 04-18-2009 #4
Try booting the original machine from a live CD again with no other drives connected. If this fails disconnect all drives and try to access BIOS setup & restore factory default settings. If BIOS has been corrupted then get BIOS flash tool from the MB manufacturers site and flash BIOS.
- 04-18-2009 #5
- Join Date
- Jan 2007
- 04-20-2009 #6
- Join Date
- Apr 2009
- I can be found either 40 miles west of Chicago, in Chicago, or in a galaxy far, far away.
I have had external USB drives lockup a system on me when booting if they don't have a bootable partition in them, because the BIOS was configured to boot from USB first. However, I very much doubt that you have damaged your system. If the USB drive is not connected, does it still fail to boot or display the BIOS splash screen when you power it on?
If the BIOS/POST splash screen shows, then go into the BIOS and remove the USB drive from the boot device list. Then save the BIOS settings and reboot.
If the BIOS/POST splash screen doesn't show, then you have nuked your system, and I can say with about 110% certainty that the USB drive didn't do it, unless you wired the drive's power supply directly to the USB controller...
Also, what bigtomrodney said - don't set the drive to slave in your external enclosure. Most of the enclosures are wired to use either master or cable-select. Do you have the documentation for the enclosure? It should say.
Finally, from what I think you are implying, that this drive had Windows data on it that you think might have been virus-infected. Plugging it into a Linux machine will NOT infect the Linux system. However, if it is a bootable device and your system tried to boot from it and it had a boot-sector virus, then in that case your system hard drive may have been compromised with a boot virus. Even in that case, only the most virulent and recent viruses have any capability of compromising the BIOS of the system, and AFAIK that is in theory only, though anything's possible, I suppose.
1. It is possible your system tried to boot from a USB drive that infected it with a boot virus. This is not terribly likely, but possible.
2. Your BIOS is misconfigured and it is trying to boot from a USB drive with no boot sector. This is, IMO, the most likely scenario.
3. Your USB drive is misconfigured (slave vs master/cable-select jumpered) - this could be related to #2 in causing the system to hang, because if it is a bootable USB drive, this will cause the system to hang trying to access the drive.
[/Conclusions]Sometimes, real fast is almost as good as real time.
Just remember, Semper Gumbi - always be flexible!