Sign in with
Sign up | Sign in
Your question

HDD Issues, need to completely erase it.

Last response: in Storage
Share
May 15, 2012 7:24:48 AM

Long story short, I had hackers on my computer possibly have some currently. I believe that a trojan or some thing has been hidden deep in my HDD. The Hard Drive is a Western Digital Caviar SE 320 GB SATA. I checked the disk with fdisk and get a odd partitions and a message at the end that states: "Partition table entries are not in disk order." Also when I go into Gparted, to reformat the disk. It labels the HDD with only 298.01 GB of unallocated memory. The missing 20+GB I have tracked to be somehow connected to my USB device in fdisk it gives the HDD: Disk /dev/sda: 320.1 GB, 320,072,933,376 bytes
it has no partitions.
Then, the USB devices(Booting Xubuntu):
Disk /dev/sdb: 2003 MB, 2003795968 bytes
and partitions as follows:
This doesn't look like a partition table
Probably you selected the wrong device.
"
Device Boot Start End Blocks Id System
/dev/sdb1 ? 3224498923 3657370039 216435558+ 7 HPFS/NTFS/exFAT
/dev/sdb2 ? 3272020941 930513678 976730017 16 Hidden FAT16
/dev/sdb3 ? 0 0 0 6f Unknown
/dev/sdb4 50200576 974536369 462167897 0 Empty

Partition table entries are not in disk order
"

I am currently running OS from a bootable USB (Xubuntu 12.04). I have DBAN on a boot CD. I have not tried wiping the Hard Drive yet, should I go ahead? Even though in DBAN the size of the drive is 298.01GB/320GB? I really need some expert help.
a b G Storage
May 15, 2012 7:44:12 AM

I would just kill the drive and start fresh! Even after fixing partitions or removing virus you will probably continue to have problems haunting you! If it's a matter of backing up vital data on your drive then try booting with an alternative method (live cd) and backing up your stuff.
A fresh install after something like that is always the best option!
m
0
l
May 15, 2012 7:51:40 AM

ngrego said:
I would just kill the drive and start fresh! Even after fixing partitions or removing virus you will probably continue to have problems haunting you! If it's a matter of backing up vital data on your drive then try booting with an alternative method (live cd) and backing up your stuff.
A fresh install after something like that is always the best option!


I already have all the data I wanted backed up. I guess I will run DBAN, just hope it wipes it entirely. I am just worried when I wake up tomorrow, after the wipe, that the virus(if there even is something on there) will still be able to communicate. I just fear that this hacker has a nice piece of software running for him. Oh well I guess I have nothing to really lose except time.
m
0
l
Related resources
a b G Storage
May 15, 2012 9:50:53 AM

You might also want to look into a strong security program to protect yourself and your network in the future.
m
0
l
a c 289 G Storage
May 15, 2012 1:13:50 PM

The drive will probably respect the Secure Erase command. This is built into the ATA command set and tells the drive to completely erase itself. It's a government-accepted way to sanitize a drive: http://csrc.nist.gov/publications/nistpubs/800-88/NISTS...

I use the Parted Magic distribution to issue this command.
m
0
l
a b G Storage
May 15, 2012 1:27:31 PM

Sounds like a job for...kill disk! You can create a bootable disk and wipe the drive bit for bit. After running kill disk, I would check your unused space capacity and see if it still has a small partition that is being used.
m
0
l
May 15, 2012 7:06:54 PM

So, I didn't run DBAN last night due to the fact that it would not run on the hard drive. It states:

DBAN has finished with non-fatal errors.

ERROR /dev/sda (process crash)
ERROR /dev/sda (process crash)
ERROR /dev/sda (process crash)

So, today I ran testdisk and found some rather interesting info:

Disk /dev/sda - 320 GB / 298 GiB - CHS 38913 255 63

The harddisk (320 GB / 298 GiB) seems too small! (< 7020021 TB / 6384672 TiB)
Check the harddisk size: HD jumpers settings, BIOS detection...

The following partitions can't be recovered:
Partition Start End Size in sectors
> btrfs 10035 118 47 3065497428 103 15 13710979677795088 [(%d st
HFS 11636 121 31 163654 103 60 2442168066
HFS 11853 5 5 189865 16 6 2859763475 [�S#~T%�^X]
NTFS 19463 186 20 58364 0 36 624932864
NTFS 19714 25 55 40983 250 2 341700608
NTFS 21282 192 30 42552 161 40 341700608
NTFS 21335 202 20 60236 16 36 624932864
ext4 33314 6 37 43636 31 43 165824512
ext4 33314 150 29 43636 175 35 165824512
ext4 33316 3 40 43638 28 46 165824512

clearly something is wrong when the hard drive shows that it has 7,000,021 TB in partitions/sectors.

Now I really do not know what to do. I really want to try and least get the hard drive functional, because I do not have money to buy a new one. I do have an older

I just wrote a new MBR to the first sector. So I will reboot, see what happens.

EDIT: Those findings were after a deeper search was conducted on the drive in testdisk
m
0
l
a c 87 G Storage
May 15, 2012 8:08:27 PM

First of all, a hard drive in general only shows about 93% of the advertised size. This is due to two reasons:

#1 - drives are advertised in BASE10, but the size reported in Windows is BASE2
#2 - some space is lost due to formatting

93% of 320GB is 297.3GB which is almost exactly what you have reported so that's normal.

Formatting/Reinstall/Backup:
0) save any data you need
1) burn this CD www.ultimatebootcd.com
2) use the Active - Killdisk feature that overwrites ALL DATA
3) Reinstall your OS
4) make a backup Image if possible that you can RESTORE easily if you have future problems (I'm not familiar with Linux. I use Acronis True Image for Windows.)
m
0
l
!