Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Probably the WORST malware damage I've ever seen...


09 Aug 2011   #1

Windows 7 Ultimate x64
 
 
Probably the WORST malware damage I've ever seen...

K, I have a laptop that has a 500 gig hard drive and the complaint was that Windows wouldn't startup, Bootmgr is missing. The first thing I did was an std scan, Kaspersky 2012 found a few and I had to reboot to disinfect my machine since it spread to my drive.

After the reboot, I checked out what's in the hard drive and there's literally nothing but 1.5 gigs of files on it. I looked into the Windows folder and checked the gig amount in it, 1.3 gigs. There's no user data, or program data. It's almost like it was reformatted and Windows was gutted. Explorer.exe is gone.

At the moment, I'm running a file recovery on it and hopefully restore things back. But, my question is, how in the blue hell can something like that happen? Especially on 7, that is unheard of, at least to me.


My System SpecsSystem Spec
.

09 Aug 2011   #2

Microsoft Community Contributor Award Recipient

Windows 7 x64
 
 

You are not alone never seen anything like that.
Just wondering though, have you ever attempted to view the drive when not actually booting from it before?
Do you use bitlocker or any other advanced security features.
There's a ton of reasons you wouldn't be able to see or view the files even though they were there.

edit: also were you booted from that drive when you ran the scan?
because if not it would not consider any of them as system files.
My System SpecsSystem Spec
09 Aug 2011   #3

Windows 7 Ultimate x64
 
 

Quote   Quote: Originally Posted by Maguscreed View Post
You are not alone never seen anything like that.
Just wondering though, have you ever attempted to view the drive when not actually booting from it before?
Do you use bitlocker or any other advanced security features.
There's a ton of reasons you wouldn't be able to see or view the files even though they were there.

edit: also were you booted from that drive when you ran the scan?
because if not it would not consider any of them as system files.
Yeah, I took it out from the laptop and into my system and looked around. I was thinking there might had been a Windows security thing going on so I double checked in ubuntu and it was the same result.

The drive isn't bitlocked since Home Premium is/was installed.

And no, the scanning was through my system since Bootmgr is missing on the laptop drive.
My System SpecsSystem Spec
.


09 Aug 2011   #4

Windows vista 64
 
 
Partition deleted and missing bootmgr

I am currently working to recover data from a windows seven samsung laptop.
On boot the same message missing bootmgr.
Using the recovery manager I was unable to recover the drive or to restore unless I optioned to reinstall to factory.
Removing the drive and slaving it to my computer, the drive was recognized but it asked me to format it to make it accessible.
I have just run a recovery program that took six hours to recover the data on the five hundred gb drive.
The owner had allowed her teenage son to use the computer so I am unsure if malware is responsible.
My System SpecsSystem Spec
09 Aug 2011   #5

Microsoft Community Contributor Award Recipient

Windows 7 x64
 
 

Yeah you should have repaired the bootmgr first it's actually a pretty simple process.
I wish you luck in your file recovery attempts.
My System SpecsSystem Spec
09 Aug 2011   #6

Windows vista 64
 
 
Repair bootmgr

Thanx haven't damaged anything yet but am unable to start computer in safe mode or when I boot from cd then cancel and use command prompt I can't copy bootmgr or reinstall system from system partition.
I'm about to create a system disc from recovery and then install a basic windows installation then, as the system recovery cd can only be accessed from windows, reinstall the system to original state.
The samsung recovery option to restore to factory state stalls about one third of the way through so this is my only option unless you recommend another.

The client tells me that they were playing World of Warcraft and suspect they have been attacked by one of the players ?
My System SpecsSystem Spec
09 Aug 2011   #7

Microsoft Community Contributor Award Recipient

Windows 7 x64
 
 

Likely paranoia the game client for WoW only talks to the server, there are no direct connections between players.
I think it unlikely.
My System SpecsSystem Spec
09 Aug 2011   #8

Windows vista 64
 
 

Ok great to know. I won't tell the mother that though. She is smart enough to have backed up to a portable. System restored via new install. Till next time.
My System SpecsSystem Spec
Reply

 Probably the WORST malware damage I've ever seen...




Thread Tools



Similar help and support threads for2: Probably the WORST malware damage I've ever seen...
Thread Forum
Malware-splosion: 2013 Will be Malware's Biggest Year Ever Security News
Can malware damage the files? System Security
Malware Removal Guide 2011: How to Get Rid of All The Latest Malware Security Basics
How do I unblock Windows Update after malware damage? Windows Updates & Activation
What was the worst... Chillout Room
What was the worst OS you have ever used? Chillout Room
What is the worst ever...? Chillout Room

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 05:36 AM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33