DV Info Net

DV Info Net (https://www.dvinfo.net/forum/)
-   Non-Linear Editing on the PC (https://www.dvinfo.net/forum/non-linear-editing-pc/)
-   -   Bizarre Malware/Virus affecting Drive Letters and Disk Numbers (https://www.dvinfo.net/forum/non-linear-editing-pc/505766-bizarre-malware-virus-affecting-drive-letters-disk-numbers.html)

Adam Gold March 2nd, 2012 12:42 PM
Bizarre Malware/Virus affecting Drive Letters and Disk Numbers
 
Not strictly related to Editing, but as this happened on my backup desktop which also has Premiere on it, and on which I do some sporadic editing when my main editing rig is otherwise engaged, I thought I could stretch the rules a little. Besides, I trust the PC and Hard Drive experts here (Harm? Randall? Are you out there?) more than the other guys out there on the interwebs, and haven't found anything about this after a day of Googling.

For the past few weeks I've been getting bizarre redirects on every site I go to, including DVInfo. Most of the time the links work fine, but once in a while I'll get a page that says "Page has moved, redirecting" and my browser will take me to a site I didn't request, like "yellowpages.com." Reloading the page or going back in the History usually results in the correct page. Multiple malware and virus scans turned up nothing, and a search through my cookies file also revealed no likely culprits. Googling this issue suggested it might be related to my router, but as none of the other PCs in the house were experiencing this, it didn't seem too likely.

Two days ago MSE started screaming about a contaminated file, and as I clicked "Clean Computer" I saw all my programs winking off one by one and that phony "Internet Security" window started running, doing a fake blackmail scan. It disabled rkill and everything else I tried to run, claiming they were viruses. But I was able to restart in Safe Mode, run MBAM (which found and deleted the malware, supposedly) and restart.

Then yesterday, I got another MSE message, and again as I clicked "Clean Computer," everything winked off and the PC shut down. On the attempted restart, all the POST and BIOS stuff seemed to run fine, but Windows wouldn't start at all. After hours of noodling around, including getting messages that said "No OS Found," I was able to figure out that both the disk numbers and drive letters had been changed. My OS drive, formerly Disk 0/Drive C:, was now Disk 2 and Drive F. Nothing I did could get Windows to boot off this drive, even though the BIOS found the drive and identified it by brand and model. I booted off the Windows CD but none of the repair/restore options worked, even though there were previous system images and backups and restore points on the system.

I finally had to reinstall Windows, and thankfully I did not format the disk first -- it saw the old install and backed it up to "windows.old" and thus I was able to recover the bulk of the stuff that Windows stores on C: by default (I have since changed these locations to a physically different drive).

But now, my C: drive is still identified as Disk 2, while my D: is now called Disk 0. There are no options to change this in the BIOS Setup screens. Does this really matter and if so, any ideas on how to change it back? Changing drive letters is easy; changing Disk Number is not.

Isn't this the most bizarre thing ever? Has anyone heard of anything like this? My signature has never felt more appropriate.


All times are GMT -6. The time now is 09:14 PM.

DV Info Net -- Real Names, Real People, Real Info!
1998-2024 The Digital Video Information Network