getting to data on drive after win 32 pave 64A attack 3

[jlockley]

double dipping a bit here, sine I also asked in hardware, but I am nearly desperate.
A virus, according to Windows Defender Win 32 .pav 64A, hit me early today. The drive is recognized by the Windows XP Start u p disk, which, however, will not run repair on it because it is inelligible for an upgrade (???!!! Huh??) Except for the Windows start up disk, the drive is visible only to the bios, but not in the management console and is not picked up by various restoration software. Probably the partitions are gone?

I've upgraded to w7 on a new drive, but I wonder how to get the data off this one, aside from a recovery service, which is financially out of the question.

BTW, the trojan got past a firewall, two virus programs and a malware prevention program. Winders defender found it, if the virus itself was't posing as Windows defender.

 

[jlockley]

Just looked up the "virus", and I was correct on one thing..the report was not from windows defender but from Think Point.

http://windowsprotection.net/remove...at-trojan-horse-win32-pav-64-a-removal-guide/

After their frolic, however, I cannot access my drive, so any thoughts appreciated.

 

[IPGuru]

Trinity Rescue Kit has a prety good partition recovery tool that may help (saved me a couple of times when my partition table got deleted)
it also contains photorec which is a good tool for recovering data files (not just photos as the name would suggest) even when the partition structure is corrupt.


I do not Have A.D.D. im just easily, Hey look a Squirrel!

 

[2ffat]

I would also recommend Dr. Web LiveCD. It is a bootable disk that has recovery tools for Windows and Linux. By booting from a CD, you don't run as high a risk of infection than if you try to boot from the infected disk to recover data.

Other bootable options include AVG Rescue Disk and CAINE. CAINE is more powerful but also more complicated.


James P. Cottingham
[sup]I'm number 1,229!
I'm number 1,229![/sup]

 

[goombawaho]

Create a BartPE CD and boot it up with another hard drive or memory stick attached (in addition to the afflicted one) and transfer the data.

Don't try to cure it if you don't want to fight - just get your data and nuke the drive.

 

[G0AOZ]

If the partition isn't visible to Windows, attach the drive to a working Windows system and get a copy of GetDataBack from here:

http://www.runtime.org/data-recovery-software.htm

This is trial version which allows you to check if recovery is possible, BEFORE you part with your dosh for the full version. It's been used to good effect by several Tek-Tip posters including myself.

Good luck.

ROGER - G0AOZ.

 

[jlockley]

Heartfelt thanks to you all, unfortunately drive is no longer recognized in bios or at startup. So it's done. I tried the runtime while it was.

I guess the need to slam it shut when the faux trojan attacked (hundreds of windows, one after another) gave it the final kick. It started clicking last night and it's gone now. ^^&$$*%##!!!!

 

[goombawaho]

Are you trying to say that at the same precise time a virus hit you, the hard drive crapped out due to a hardware malfunction?? That would be an unbelievable coincidence.

Have you tried everything to verify that it can't be seen (another PC, jumper settings, external drive cage).

 

[2ffat]

No, I think he's saying his slamming "it shut" while the hard drive was spinning due to caching hundreds of windows killed it.


James P. Cottingham
[sup]I'm number 1,229!
I'm number 1,229![/sup]

 

[goombawaho]

You mean he like physically slapped it?!?! Well - all bets are now off.

You know, just like with people, punching them doesn't usually improve their demeanor. I know this for a fact. It makes me more cranky every time.

 

[IPGuru]

modern hard drives auto park the heads so killing the power sould not do any damage (still not recommended if it can be avoided)
windoze is not so forgiving

it may still be worth booting with a live linux cd. linux accesses the hd controller directly & does not pay any attention the data in the Bios/Cmoss

I found this the hard way when I sucsessfully installed linux onto a 40gb hd on a laptop that would not see anything greater than 22gb. the install cd saw it fine, installed it without problem but then would not boot :-(

I do not Have A.D.D. im just easily, Hey look a Squirrel!

 

[jlockley]

Actually, no. I shut it down cold. There was no virus but a back door invasion of some sleezy software company simulating Windows Defender. It kept saying windows had shut the virus down (there was no virus), but the windows keept popping up faster and faster, suggesting downloading a trial copy of the Thinkpoint. At some point I got smart and realized that the problem was not the supposed virus but thinkpoint. About then everything froze except for the popups (Odd, I have every form of messenger and popup disabled), so I just shut it down cold. ("slammed it down"). That killed the drive...4 clickes, silence, 2 clickes, silence, 2 clicks and amen.

I am pretty p'd about it. Thinking of making a police claim when I have a moment. Know what data recovery will cost, and as I opened the drive, it's probably no longer possible.


The dry ice thing, by the way, did not work. (Putting a drive in the freezer can reportedly make it recognizable for a few minutes until it heats up..you can take the dry ice logic from there. (using baggies and a piece in one to drive out the air, ergo no moisture, drive in paper towel).

Anyway, didn't work.

 

[jlockley]

Thank you all, by the way. Very much.

 

[IPGuru]

How on earth dod I get a star when I keep mentioning the
L word

I do not Have A.D.D. im just easily, Hey look a Squirrel!

 

[jlockley]

If I could get at it, L or M or P or A..whatever could find the data. Unfortunately, this is one toasted drive and I need to muddle on as best I can. very upsetting, really.

 

[sggaunt]

Here is a fix that I have seen done, but it was years ago on what whas probobly a sub 1meg drive and doubt that it will work on modern drives.
First of all the (dry)ice thing never works that a modern myth, what I have seen done is this.
The drive is placed in a large plastic bag, big enough and deep enough so that you can get your hands inside and the bag closes round your arms (and the screwdrivers you need).
inside the bag open the drive and find the spindle bearing retaining screw. loosen this off slightly then retighten until you can just feel resistance.
The theory being that in some cases drive fail is due to the bearing siezing.
A desperate measure I thought even then, a plastic bag isnt exactly a clean room, but...



Steve: N.M.N.F.
If something is popular, it must be wrong: Mark Twain

 

[jlockley]

Might as well try, but it's already been open. Worth it at any rate.