HDD Issues, need to completely erase it.

Long story short, I had hackers on my computer possibly have some currently. I believe that a trojan or some thing has been hidden deep in my HDD. The Hard Drive is a Western Digital Caviar SE 320 GB SATA. I checked the disk with fdisk and get a odd partitions and a message at the end that states: "Partition table entries are not in disk order." Also when I go into Gparted, to reformat the disk. It labels the HDD with only 298.01 GB of unallocated memory. The missing 20+GB I have tracked to be somehow connected to my USB device in fdisk it gives the HDD: Disk /dev/sda: 320.1 GB, 320,072,933,376 bytes
it has no partitions.
Then, the USB devices(Booting Xubuntu):
Disk /dev/sdb: 2003 MB, 2003795968 bytes
and partitions as follows:
This doesn't look like a partition table
Probably you selected the wrong device.
"
Device Boot Start End Blocks Id System
/dev/sdb1 ? 3224498923 3657370039 216435558+ 7 HPFS/NTFS/exFAT
/dev/sdb2 ? 3272020941 930513678 976730017 16 Hidden FAT16
/dev/sdb3 ? 0 0 0 6f Unknown
/dev/sdb4 50200576 974536369 462167897 0 Empty

Partition table entries are not in disk order
"

I am currently running OS from a bootable USB (Xubuntu 12.04). I have DBAN on a boot CD. I have not tried wiping the Hard Drive yet, should I go ahead? Even though in DBAN the size of the drive is 298.01GB/320GB? I really need some expert help.
8 answers Last reply
More about issues completely erase
  1. I would just kill the drive and start fresh! Even after fixing partitions or removing virus you will probably continue to have problems haunting you! If it's a matter of backing up vital data on your drive then try booting with an alternative method (live cd) and backing up your stuff.
    A fresh install after something like that is always the best option!
  2. ngrego said:
    I would just kill the drive and start fresh! Even after fixing partitions or removing virus you will probably continue to have problems haunting you! If it's a matter of backing up vital data on your drive then try booting with an alternative method (live cd) and backing up your stuff.
    A fresh install after something like that is always the best option!


    I already have all the data I wanted backed up. I guess I will run DBAN, just hope it wipes it entirely. I am just worried when I wake up tomorrow, after the wipe, that the virus(if there even is something on there) will still be able to communicate. I just fear that this hacker has a nice piece of software running for him. Oh well I guess I have nothing to really lose except time.
  3. You might also want to look into a strong security program to protect yourself and your network in the future.
  4. first off you need to delete the master boor record. http://www.webopedia.com/TERM/M/MBR.html
    if you dont you never know if you got ride of the virus with a format or fdisk.
  5. The drive will probably respect the Secure Erase command. This is built into the ATA command set and tells the drive to completely erase itself. It's a government-accepted way to sanitize a drive: http://csrc.nist.gov/publications/nistpubs/800-88/NISTSP800-88_rev1.pdf

    I use the Parted Magic distribution to issue this command.
  6. Sounds like a job for...kill disk! You can create a bootable disk and wipe the drive bit for bit. After running kill disk, I would check your unused space capacity and see if it still has a small partition that is being used.
  7. So, I didn't run DBAN last night due to the fact that it would not run on the hard drive. It states:

    DBAN has finished with non-fatal errors.

    ERROR /dev/sda (process crash)
    ERROR /dev/sda (process crash)
    ERROR /dev/sda (process crash)

    So, today I ran testdisk and found some rather interesting info:

    Disk /dev/sda - 320 GB / 298 GiB - CHS 38913 255 63

    The harddisk (320 GB / 298 GiB) seems too small! (< 7020021 TB / 6384672 TiB)
    Check the harddisk size: HD jumpers settings, BIOS detection...

    The following partitions can't be recovered:
    Partition Start End Size in sectors
    > btrfs 10035 118 47 3065497428 103 15 13710979677795088 [(%d st
    HFS 11636 121 31 163654 103 60 2442168066
    HFS 11853 5 5 189865 16 6 2859763475 [�S#~T%�^X]
    NTFS 19463 186 20 58364 0 36 624932864
    NTFS 19714 25 55 40983 250 2 341700608
    NTFS 21282 192 30 42552 161 40 341700608
    NTFS 21335 202 20 60236 16 36 624932864
    ext4 33314 6 37 43636 31 43 165824512
    ext4 33314 150 29 43636 175 35 165824512
    ext4 33316 3 40 43638 28 46 165824512

    clearly something is wrong when the hard drive shows that it has 7,000,021 TB in partitions/sectors.

    Now I really do not know what to do. I really want to try and least get the hard drive functional, because I do not have money to buy a new one. I do have an older

    I just wrote a new MBR to the first sector. So I will reboot, see what happens.

    EDIT: Those findings were after a deeper search was conducted on the drive in testdisk
  8. First of all, a hard drive in general only shows about 93% of the advertised size. This is due to two reasons:

    #1 - drives are advertised in BASE10, but the size reported in Windows is BASE2
    #2 - some space is lost due to formatting

    93% of 320GB is 297.3GB which is almost exactly what you have reported so that's normal.

    Formatting/Reinstall/Backup:
    0) save any data you need
    1) burn this CD www.ultimatebootcd.com
    2) use the Active - Killdisk feature that overwrites ALL DATA
    3) Reinstall your OS
    4) make a backup Image if possible that you can RESTORE easily if you have future problems (I'm not familiar with Linux. I use Acronis True Image for Windows.)
Ask a new question

Read More

Hard Drives Storage