Probably the WORST malware damage I've ever seen...

[Coke Robot]

K, I have a laptop that has a 500 gig hard drive and the complaint was that Windows wouldn't startup, Bootmgr is missing. The first thing I did was an std scan, Kaspersky 2012 found a few and I had to reboot to disinfect my machine since it spread to my drive.

After the reboot, I checked out what's in the hard drive and there's literally nothing but 1.5 gigs of files on it. I looked into the Windows folder and checked the gig amount in it, 1.3 gigs. There's no user data, or program data. It's almost like it was reformatted and Windows was gutted. Explorer.exe is gone.

At the moment, I'm running a file recovery on it and hopefully restore things back. But, my question is, how in the blue hell can something like that happen? Especially on 7, that is unheard of, at least to me.

 

[Maguscreed]

You are not alone never seen anything like that.
Just wondering though, have you ever attempted to view the drive when not actually booting from it before?
Do you use bitlocker or any other advanced security features.
There's a ton of reasons you wouldn't be able to see or view the files even though they were there.

edit: also were you booted from that drive when you ran the scan?
because if not it would not consider any of them as system files.

 

[Coke Robot]

You are not alone never seen anything like that.
Just wondering though, have you ever attempted to view the drive when not actually booting from it before?
Do you use bitlocker or any other advanced security features.
There's a ton of reasons you wouldn't be able to see or view the files even though they were there.

edit: also were you booted from that drive when you ran the scan?
because if not it would not consider any of them as system files.

Yeah, I took it out from the laptop and into my system and looked around. I was thinking there might had been a Windows security thing going on so I double checked in ubuntu and it was the same result.

The drive isn't bitlocked since Home Premium is/was installed.

And no, the scanning was through my system since Bootmgr is missing on the laptop drive.

 

[Antkenn]

Partition deleted and missing bootmgr

I am currently working to recover data from a windows seven samsung laptop.
On boot the same message missing bootmgr.
Using the recovery manager I was unable to recover the drive or to restore unless I optioned to reinstall to factory.
Removing the drive and slaving it to my computer, the drive was recognized but it asked me to format it to make it accessible.
I have just run a recovery program that took six hours to recover the data on the five hundred gb drive.
The owner had allowed her teenage son to use the computer so I am unsure if malware is responsible.

 

[Maguscreed]

Yeah you should have repaired the bootmgr first it's actually a pretty simple process.
I wish you luck in your file recovery attempts.

 

[Antkenn]

Repair bootmgr

Thanx haven't damaged anything yet but am unable to start computer in safe mode or when I boot from cd then cancel and use command prompt I can't copy bootmgr or reinstall system from system partition.
I'm about to create a system disc from recovery and then install a basic windows installation then, as the system recovery cd can only be accessed from windows, reinstall the system to original state.
The samsung recovery option to restore to factory state stalls about one third of the way through so this is my only option unless you recommend another.

The client tells me that they were playing World of Warcraft and suspect they have been attacked by one of the players ?

 

[Maguscreed]

Likely paranoia the game client for WoW only talks to the server, there are no direct connections between players.
I think it unlikely.

 

[Antkenn]

Ok great to know. I won't tell the mother that though. She is smart enough to have backed up to a portable. System restored via new install. Till next time.