Sign in with
Sign up | Sign in
Your question

Virus that damages the hard disk and ruins windows ability to boot

Last response: in Storage
Share
March 3, 2011 5:50:22 AM

Hello. Please read all of this before jumping in with “no a virus cant damage your hard disk”

In October 2010 I had 5 friends up and down the country ( UK ) with computers that suddenly stopped working. All of them had the same issue, the computers had become slow over a number of days weeks, and then one day locked up and on reboot would not get any further than the windows title screen before resetting and looping.

Safe mode, recovery console and all other routes such as check disk all revealed the same results, large numbers of bad clusters on the discs rendering them unable too boot.

This has happened on computers with XP and Vista, not happened on 7 yet. All of them are of different types and different ages from different manufacturers, but nearly all with Seagate and Maxtor drives.

Now to the current issue.

I’m an engineer on a ship, and in the last 2 days I have had 10 computers out of a network of 40 go down in this manner.

The network has started to run slower and slower over the last 3-4 weeks, so have random computers on the network, even ones that have no work load or use other than reading internal e-mail and writing word documents have got to the point where they chug along and take almost 15 minutes to log on and set up before they are usable.

We are running Sophos onboard but it is difficult with a limited connection speed via satellite to do massive updates etc, but nothing has been detected on the computers or the network.

All of the computers that have failed have the same problems, they wont boot up and just loop round and round. They have all got lots of damaged clusters, usually in sequential numbers and usually all in the same areas on each computer as the computers are all the same type and model from the same manufacturer and are essentially clones.

It would seem that the damaged areas of the disk are all to do with the locations where files are stored to boot windows xp

I am able to slave the damaged drives to another computer and recover data that way, and have even had limited success in repairing the damaged areas of the disk with check disk from windows 7 as seatools can’t recognise the disk’s.

I have also managed to get several disks up and running again only for them to fail hours later, or when moved back to their proper cases from the test rig. I have also managed to get an “unfixed” disc to boot by slaving it to a good disk as “Secondary Master” but telling the bios to boot it first, when it gets up to loading windows, it takes its time but it logs in, and then windows searches for some damaged files and gets them fro them good “Primary Master” disk.

I did catch during one fixing session windows WMI getting stopped by windows Data Execution Prevention service as something was trying to run in protected areas of read only memory…

I believe there is a malicious code going around the internet that causes write actions to be performed over the same section of a disk many times thus rendering those sections of the disk as damaged or unreadable. This is the cause of the slow running of the computer and then the failure of windows.

The director of Western Digital did state in an interview that it would be possible for a virus to attack portions of the hard disk and cause damage to them, but only if attackers could workout the “backdoor” access’s to the disks, but this would have to be done for every disk manufacturer.

Well to conclude this, I am not the only person to see this happening, and the fact that I have 10 dead drives on my desk from a relatively enclosed environment onboard a ship, coupled with the others I’ve seen back on land shows clear evidence that something is killing off hard drives, and nearly all of them are Maxtor with a few Segate ones mixed in.

SO:

Does anyone have any information on this?
Has anyone else seen this kind of behaviour happing?
Is this an attack on Maxtor / Seagate or is it aimed at windows users?

I think it must be a virus or code of some sort but everyone keeps telling me that you can’t destroy a disk with a virus… well just because its not been seen before doesn’t mean it cant happen. If you “wear out” a portion of the disk through localised over use isn’t this effectively “destroying” the disk?

Comments welcome








a c 116 G Storage
March 3, 2011 11:30:03 AM

First, welcome to Tom's Hardware!

Questions for you:
1) How old are these disks?
2) Have these disks been de-fragmented on a regular basis?
3)How full are these disks? It is not a good idea to load a disk over 70% of its rated capacity.
4) What anti-virus program is installed?
5) How good is the AV maintenance? (updates, virus scans, etc.)
6) Have the Operating Systems been updated on a regular basis per manufacturer's recommendations?
7) If USB flash memory keys are inserted by users, are these keys virus free? How is the virus free status verified? (This is one way for viruses to get in)
m
0
l
!