Hard Disk Comes Up Empty?

Question

Last night I went to go play one of my favorite games, Minecraft, when I got an error that just read jibberish. I clicked "OK" and the same box came up, again, and again, and if I tried to close it, it kept coming up. Then all the boxes disappeared, and my computer froze up. All but a few of my icons disappeared, and all my task bar shortcuts disappeared. None of the Windows UI was responding. A really strange system restore came up, telling me my the indexes and clusters on my hard disk were broken. It started this fixing process I couldn't control. Then it said I had to buy the full program to fix it. I knew this was wrong, so I closed it. Then a message came up that said my hard drive was spinning to fast, so, I turned off my computer. When I turned it back on the OS wouldn't boot. I assumed the worst and went to bed.

Well I tried again in the morning, and although very slow it started up. It seemed fine, but I went on the offensive looking for a virus. I found that a lot of my settings had been cleared, Visual Studio said it had to configure its environment for first time use, weird stuff... But the biggest red flag for a virus was that whenever I browsed to a webpage via Google, it redirected me to a bunch of advertisements. I looking through the processes running, and I found MyWebSearch junk which I swiftly deleted. That seemed to fix my webpage redirection problem, but my computer is very slow. Now comes the hard disk problem:

The computer says my D drive (for extra storage) is empty... But, all the programs installed on it run fine. I tried to see if it would work using DIR in the command prompt, and when I did it, I heard this high pitched sound like those mosquito ringtones coming from my computer, and it said no files were found. I think this is because of that indexing problem, where the files are there, but the computer can't browse them? (Update: Searching the drive turns up results, and I can now only view those results, like its indexing them as I find them?) I have no idea, not sure how this hardware really works.

I was going to run chkdsk before I went to bed, because I know it is usually a long process, but is there something special I should do to fix this problem?

Never mind, the redirection problems are back. When I tried to navigate to this question, I was taken to 63.209.69.106, which was some sort of extremely crude search provider.

Ok, so the solution to the hard drive problem was using this:

attrib *. -h -s /s /d

You "went on the offensive looking for a virus" with which anti-virus software? — Paul, Nov 06 '11 at 03:21
@techie007: Some of my clients have encountered this type of SpyWare, and System Restore only made things worse. If this is the SpyWare I'm thinking of, then a full backup is definitely in order first (as backups are important anyway). =( — Randolf Richardson, Nov 06 '11 at 05:23
I've not yet seen a System Restore make anything worse but hey, not like I've seen everything. :) — Ƭᴇcʜιᴇ007, Nov 06 '11 at 05:30
The only other situation I can recall that made things worse was when a SCSI driver was downgraded (the current driver version at the time resolved a serious phantom disk write error that was a major problem with the previous version of the driver that System Restore brought the system back to; re-updating the SCSI driver resolved the problem, but it sure scared the heck out of everyone when this happened). — Randolf Richardson, Nov 06 '11 at 05:33
@RandolfRichardson Hehehe, yeah I could see that causing some brown jeans. I don't think that is a risk when dealing with malware though. :) — Ƭᴇcʜιᴇ007, Nov 06 '11 at 05:46
I don't have any anti-virus program (I know this sounds crazy...) because I've never had them work (They usually just end up break all my games and other annoying side-effects). This is the first problem I've had in 3 years. — smoth190, Nov 06 '11 at 15:12
@smoth190: I've had excellent success with F-Prot Anti-Virus not interfering with games (and other popular applications); it does NOT have a fancy interface, it does NOT consume vast amounts of system resources, and it does NOT have annoying animated icons (some programs animate their icons constantly in the System Tray): http://www.f-prot.com/ — Randolf Richardson, Nov 06 '11 at 19:44
@Randolf Richardson: I'll check it out, I guess it's time to get virus protection — smoth190, Nov 08 '11 at 02:14
@smoth190: You can download F-Prot from http://www.f-prot.com/ -- having virus protection, even when you don't have any viruses, is one of the best ways to prevent a lot of problems caused by viruses, hence _it's always time to get virus protection._ =) — Randolf Richardson, Nov 08 '11 at 08:56

Randolf Richardson · Accepted Answer · 2011-11-06T05:38:51.117

Back up your hard drive before attempting anything else! A good tool for this is:

Drive Snapshot - Disk Imaging (free backup for 30 days, free restore forever)
http://www.drivesnapshot.de/

You've got SpyWare on your computer -- a few of my clients have encountered stuff like this where the computer makes a bogus scare-tactic claim very similar to yours (e.g., the hard drive is spinning too fast, some of the sectors are overheating, the processors need some exercise, the hard drive has failed completely, the video card's GPU is on the verge of exploding or melting down, etc.).

Another reason I recognize this SpyWare is that you've noticed that your drive D: appears empty but that the programs installed on it still work -- this SpyWare has flagged all your files and directories with the "Hidden" and/or "System" attributes, and it has probably done the same for your entire C:/WINDOWS/ directory. After you get this SpyWare removed, you'll still be left with this horrible side-effect, and re-installing Windows will probably be needed if you can't determine which files and directories should and shouldn't be flagged as a Hidden and/or System. But, of course, the highest priority is to get all your data.

Removal of this particular SpyWare never worked on a live system that is infected -- the scan will need to be performed from a clean system that has your infected hard drive mounted as a secondary (or by using a SATA/IDE-to-USB device), or by using a bootable CD that has the tools to remove this SpyWare.

The two tools I recommend for this (the first one should suffice) that I've found to be trustworthy are:

Malware Bytes (free software with subscription options)
http://www.malwarebytes.org/

SpyBot - Search & Destroy (free software)
http://security.kolla.de/

Once you've completed the removal using the clean system, install Malware Bytes on the computer that was infected and run it once more to make sure any other remnants are cleaned up from the file system and Windows Registry as well.

Then, also make sure your anti-virus software is up-to-date and that the updater is actually working -- you may need to re-install it as this particular SpyWare [, as I recall,] permanently sabotages many anti-virus programs.

Perhpas the user should also check out [What to do if my computer is infected by a virus or a malware?](http://superuser.com/questions/100360/what-to-do-if-my-computer-is-infected-by-a-virus-or-a-malware) — Ƭᴇcʜιᴇ007, Nov 06 '11 at 05:30
I'll try this. My only question is, is it a bad thing that the Windows folder is hidden? I always assumed it was hidden by default. — smoth190, Nov 06 '11 at 15:20
@smoth190: It's not supposed to be "Hidden," however, a wide variety of files and directories within it are. **STRONG RECOMMENDATION:** Get a full backup of your hard drive before proceeding further. — Randolf Richardson, Nov 06 '11 at 19:42

score 0 · Answer 2 · answered Nov 06 '11 at 06:30

0

To unhide easily:

Start the command prompt, elevated if on vista or 7. Click start, type CMD then press Ctrl Shift Entrr. Click yes. On XP, press Windows R, type CMD and press enter

Type cd \ and press enter

Type 'ATTRIB -h . /d /s' and press enter

Ignore files it doesn't change as they're system files as well

Sorry for the poor formatting but I'm on a phone typing this

answered Nov 06 '11 at 06:30

Canadian Luke

24,199
39
117
171

It's important to note that although this should be fine for the majority of data files, it's not suitable for many of the other directories and files that Windows depends on (many need to be flagged as "Hidden") and using this command on the boot drive will likely introduce different problems. – Randolf Richardson Nov 06 '11 at 09:30
What problems exactly? Windoes will find it's files when they're hidden. It won't reset system files to unhidden – Canadian Luke Nov 06 '11 at 14:35
I had to add a view arguments but I got this to work. There are no system files on my D drive anyway :) – smoth190 Nov 08 '11 at 02:33
@smoth190 Well, if it worked, you should at least +1 it – Canadian Luke Nov 08 '11 at 17:32
@Luke My reputation is to low – smoth190 Nov 08 '11 at 22:43
@smoth190 You can vote up with whatever reputation you want – Canadian Luke Nov 09 '11 at 00:52
@Luke I think I'm doing it wrong :( "Vote up requires 15 reputation" – smoth190 Nov 09 '11 at 02:39
@smoth190 The hell? Did not know that – Canadian Luke Nov 09 '11 at 05:58

Hard Disk Comes Up Empty?

2 Answers2