[maliprog]

OK. Until we come up with something let's make sure that your system is clean from maleware.

Please do scan with Virus Removal Tool as I described before and post log here for me.

[Advertisements]

Firstly - generally speaking my PC is running much better. There hasn't been the consistent freezes where I had to turn it off at the front switch to get it running again or the general slowing down of programs which I had been suffering from up until a couple of days ago - I see that as a good sign. I hadn't realised that these problems were likely being caused by malware - I was putting too much trust in my antivirus/spyware/firewall programs.

What I have done today:

I have re-initilized & run my antivirus & antispyware programs
AVG antivirus scan - 0 problems detected
AVG rootkit scan - 0 problems detected
PC Tools Spyware doctor - 0 problems detected.

then I turned the above off & reran aswMBR & TDSSKiller.
I have attached their respective logs.

thanks

Attached Files

•  aswMBR.txt   2.22KB   131 downloads
•  TDSSKiller.2.7.7.0_28.01.2012_19.35.58_log.txt   53.56KB   131 downloads

[me4ever3131]

Firstly - generally speaking my PC is running much better. There hasn't been the consistent freezes where I had to turn it off at the front switch to get it running again or the general slowing down of programs which I had been suffering from up until a couple of days ago - I see that as a good sign. I hadn't realised that these problems were likely being caused by malware - I was putting too much trust in my antivirus/spyware/firewall programs.

What I have done today:

I have re-initilized & run my antivirus & antispyware programs
AVG antivirus scan - 0 problems detected
AVG rootkit scan - 0 problems detected
PC Tools Spyware doctor - 0 problems detected.

then I turned the above off & reran aswMBR & TDSSKiller.
I have attached their respective logs.

thanks

Attached Files

•  aswMBR.txt   2.22KB   131 downloads
•  TDSSKiller.2.7.7.0_28.01.2012_19.35.58_log.txt   53.56KB   131 downloads

[maliprog]

Your system is clean now. Let's try to get your partition back now.

Do you remember what was partition size and memory usage on E: and D: partition before this happened (not now)?

D: - Partition size - Memory usage
E: - Partition size - Memory usage

Let's try to see offline MBR dump. You will need USB memory drive with no files on it for this.

Download http://unetbootin.so...dows-latest.exe & http://noahdfear.net.../xpud-0.9.2.iso to the desktop of your clean computer

• Insert your USB drive
• Press Start > My Computer > right click your USB drive > choose Format > Quick format
• Double click the unetbootin-xpud-windows-387.exe that you just downloaded
• Press Run then OK and make sure to select the downloaded ISO file as source and don't let the installer get the linux from th internet.
• It will install a little bootable OS on your USB
• After it has completed do not choose to reboot the clean computer simply close the installer
• Remove the USB and insert it in the sick computer
• Boot the Sick computer
• Press F12 and choose to boot from the USB
• Follow the prompts
• A Welcome to xPUD screen will appear
• Press File
• Expand mnt
• You will see a list of folders: sda1,2...usually corresponds to your HDD
• sdb1 is likely your USB, please open that and confirm it's your flash drive.
• If it is your flash drive press Tool at the top
• Choose Open Terminal
• Type in: dd if=/dev/sda of=MBRbackup.zip bs=512 count=1 and hit Enter.

MBRbackup.zip should be created on your flash drive, please attach it to your next reply.

[me4ever3131]

Just to confirm something - your notes refer to "clean" & "sick" computers.

Can I use a laptop connected wirelessly to my PC as my "clean" computer & then insert the USB into my PC on which I'm trying to recover the lost partition?

re your other question.

D drive - can't remember either partition size or usage.
E drive - pretty certain that is a 160Gb drive but I can pull the cover off & check if neccessary - Disk Management shows 154.75

thanks

[maliprog]

Yes you can. Use your laptop as clean PC.

[me4ever3131]

OK, I'll see how I go

[me4ever3131]

Hi maliprog

Tried to follow your instructions as closely as possible.

Formatted a USB drive, ran exe file & made sure that I used the correct iso file.

ZoneAlarm warned me that unetbootin was trying to access the internet so I stopped that access as I assumed that was installer trying to get linux from the internet.

The procedure appeared to run OK & I closed it down as per your instructions. I've included a screen shot to show what files are on the USB stick. I noticed that there is a linux.cfg file there.

When I inserted the USB into my sick PC & constsntly pressed f12 it wouldn't show me the USB but just booted up as per normal.
I tried a number of times - pressing f12 constantly from when I turned the PC on uptil it booted.
I tried a different USB stick in case there was a problem with the USB but to no avail.

Is it possible that there is something not set in the BIOS which prevents it booting from a USB or removable device - just me clutching at straws.

thanks for your patience.

Attached Thumbnails

• 

[maliprog]

Maybe F12 is not option on your system. Please read This tutorial how to set CD-ROM as primary boot device. Follow the same steps but you must set Removable drive as your first boot device.

After you set this just insert your USB memory and restart system. It should automatically boot your USB now.

[me4ever3131]

Booted up from the USB & xPUD ran as per your directions

where the folder list appeared my HDDs appeared as sdb1 & sdb2, the USB was sdc1

I typed in the script as per your instructions & then wondered if "=/dev/sda" referred to the HDDs so reran it & substituted sdb for sda.

Tried to attach MBR sda backup.zip & AVG wouldn't allow it - said it contained a virus, see attached jpg.

MBR sdb backup.zip attached OK

If MBRsdb should be sda, I'll rerun the process.

thanks

Attached Thumbnails

• 

Attached Files

•  MBR sdb backup.zip   512bytes   224 downloads

[maliprog]

You did good job. AVG reported this file but it's false positive.

Can you try Partition Find and Mount. Please read Quick guide and see if you can get your files back with this Free tool. It's very easy and safe tool. Try both your HDD and see if you can get your lost D partition.

[me4ever3131]

Maliprog - that seems to have worked beautifully. See the attached screenshot.

I've opened the folders on the restored D drive & everything seems to be OK.

Can I ask some final questions?

1 - I'm interpreting the screen shot as showing C & E as one physical HDD & D as a seperate physical HDD, is that correct because if it is I've mislead you earlier. I was very definite that the E drive was a physically seperate drive.

2 - I've been using AVG as my antivirus software, do you thing AVAST is better? - perhaps you aren't supposed to comment on different programs.

3 - These antivirus programs you got me to download & run - can they just be used generally every so often to keep my system clean

Thank you so much for your time & effort it is really appreciated.

[maliprog]

I'm interpreting the screen shot as showing C & E as one physical HDD & D as a seperate physical HDD, is that correct because if it is I've mislead you earlier. I was very definite that the E drive was a physically seperate drive.

I asked you specifically about this. In Disk Management I saw this and that was very misleading to us. You give us a lot of had headache . Do you confirm now that D drive is separate HDD on your system?

I've been using AVG as my antivirus software, do you thing AVAST is better? - perhaps you aren't supposed to comment on different programs.

My personal favorite between these two is Avast.

These antivirus programs you got me to download & run - can they just be used generally every so often to keep my system clean

NO. This is really delicate programs and all output from them need to be double checked. You can only use VRT once a while on your own. It's stand alone antivirus solution and you can use it to double check your system.

We are not done yet with your D drive. This is only recovery step for your data. Your partition is lost and you'll need to reformat this drive again.

Please backup your data now. After that get back and I'll prepare initialize and reformat step for your drive.

[me4ever3131]

Like I said - I was quite definite that the C & D were one physical drive & the E was another physical drive.

It is some years ago that I had the second drive added & I assumed that the last drive added would have had the last letter allocated - I'm not sure how that didn't happen also both D & E are 160Gb. - Sorry for the headaches

I'm starting a full back-up of all 3 drives now - it will take sometime, I'll be in contact when it finishes.

[maliprog]

OK. Take your time and do backup. I'll be here.

[me4ever3131]

The C & E drives backed up OK, but I couldn't back-up the D drive - I guess this to do with the next stage of the process.

thanks