JoeyM
JoeyM SuperDork
4/10/11 9:05 a.m.

THIS IS NOT A CANOE!!!!!! I'm only putting it here in case if anybody else needs the info in the future.

Short version

for people who don't want to suffer through my long story.
this tutorial explains how to use an Ubuntu linux installation CD to recover data from a dead windows hard drive. It worked very well.

Long version

I was using someone else's computer, and made a novice mistake. That's the root of the problem right there.

I was trying to download a youtube video, and doing so on a computer that didn't have Download Helper (the browser plugin I normally use for that purpose.) I tried googling "download youtube" and clicked on one of the links.....and contracted a particularly nasty case of malware.

You've probably seen those fake "scanning your PC for viruses" web pages that try to get you to click on them, thus installing a virus. I fell for a variant of that ruse....this was capable of popping up a window (despite pop up blockers) that didn't look like a browser window. It's not my PC, so the fact that I didn't recognize the program didn't phase me. I think it said "Windows Recovery"....anyway, I was gullible and clicked when said there were hard drive errors...bad sectors and such. What it did was somehow lock the drives without destroying the data. This malware-disguised-as-a-utility then said that it was the free version, that only detected errors, and that we'd need to purchase the full version.......

At this point I was suspicious, and decided to shut down all applications through task manager and run some antivirus scans.....the machine was frozen, and task manager would not start....I shut off the power with the plan that I would run a scan after rebooting.....and the machine would not boot.

We took it to our local PC repair guy, one who I trust and have dealt with for years, and he quickly figured out that malware had disabled the the hard drives; this machine had two hard drives, one for the OS, one for data. He wiped the OS drive and reinstalled, figuring that would solve the problem.....but then he found out that the malware had also affected the data hard drive.

Mr. PC repair guy said all the data was still there, but he didn't know how to get to it. He could see the drive in windows explorer, could right click on it and look at properties, seeing how full it was, etc, but could not open it or browse through it. The PC's owner told the PC repair guy to stick a new data drive in it, and that we'd restore from a backup that was made far far too long ago, knowing that we could restore much - but certainly not all - of the data.

Back in a former life, I liked computers. That was many years ago, but I used to be a real unix nerd, and I knew that there was a chance that there was a chance linux or BSD could see the files when windows could not. I asked for the old, locked hard drive with the data on it. About 30 seconds of googling found this tutorial. The process of recovering the data was long, but not difficult.....ultra-easy, in fact.

After hooking the old drive up again, I booted the machine with an Ubuntu Linux live CD, which has an option to try linux without installing. That gave me a unix session on the box, and mounting the old drive and copying the data was a point-and-click affair.

I used to earn a living sysadmining unix servers, so I was prepared to drop to the command line, find the hard drive, fsck it, mount it, etc., but none of that was necessary. This was strictly mouse driven...no knowledge of linux/unix commands was required, and anyone should be able to do it.

We have the data, and are good to go. Obviously, good backups will become a normal event on this PC.

Take Home

  1. Don't use other people's computers. If you do, don't click on any software you don't recognize.
  2. The weakest link is your user. (In this case, me.) this PC had a good antivirus setup (multiple anti-virus and anti-malware programs, automatically updating and scanning each day.) I defeated all of them by clicking.
  3. Your back up policy is the best thing to save your bacon. This PC had a GREAT antivirus policy, but backups were far too infrequent. DO THEM OFTEN.
  4. Linux and BSD can see drives that windows can't. this tutorial might let you recover your data.
aircooled
aircooled SuperDork
4/10/11 12:02 p.m.

Good info thanks.

Don't feel to bad, this scam is very popular and a lot have gotten stung. I was listening to a tech radio show last Sunday and he was getting lot of calls about this. The infection can even come from a respectable web site that has gotten infected and apparently there were a LOT of these infections a week or so ago.

I have seen two instances of it myself, but neither clicked anything so removing the warning was not that hard (at least is wasn't then). You have to wonder how many people are paying the yearly extortion for this.

JThw8
JThw8 SuperDork
4/10/11 1:15 p.m.

Dont feel bad at all, I had this one hit my PC and I didnt click ANYTHING and it still locked down some of my data.

I was able to go in through DOS and reset the attributes on all directories to access the data and copy it to a backup drive then I rebuilt the primary drive.

You'll need to log in to post.

Our Preferred Partners
jSTMv9YUokqJure8y1le9ZMir1MI9M8cw2jfdkOEN9TruvHyskxM2dFtVzqcSv7Y