Hello,
After a virus got hold of my pc, one of my internal drives is showing offline. It was rarely used and a recovery tool demonstrated that the data remains (all 1 TB of it!), but windows detects none. Moreover, it appears to have been converted from SATA to RAW. Also, the computer now starts up very slowly and sometimes won't shut off normally. Otherwise, the effects of the virus seems to have been neutralized via tools I found and downloaded off the web.
Thanks in advance! I have 1 TB of data I want to recover! And I'm wondering if the problem drive could be slowing my pc's start-up? Or is it something else? I use Windows 7.
Hi, JonXavier. Welcome to LandzDown Forum.
Hardware is not my area of expertise. However, I cannot imagine what tool you used that would convert the files on your SATA drive to RAW (binary/image format).
If you would like to ensure that the virus has been removed from your computer, please post the logs in the Malware Removal Posting Instructions (http://www.sysnative.com/forums/security-arena/2507-malware-removal-posting-instructions.html).
In the event you are certain your computer is clean, let me know in your reply and I will contact a friend who is familiar with SATA drives. Regardless, please also indicate in your reply what tools you used.
I'll jump in here, but first I'll quickly mention that it'd be a good idea to make sure the system is truly cleaned up - if you want to do this, have a look at the link Corrine provided above.
And a quick terminology note: SATA is a hardware interface. I think what you mean here is it no longer sees the volume as NTFS. When Windows sees a file system type it doesn't recognize it labels it as RAW. Hence the 'it sees the whole 1TB of it' part - the partition is still there but Windows can't mount it. Along this line, the delay in startup *may* be caused by Windows trying to understand what this disk has on it - if the system boots up faster with it disconnected then that's a good indicator.
I don't know what malware you had on this system but maybe it's possible it destroyed the partition table on this disk. Maybe it just corrupted by magic / power spike / improper restart / defective area on the hard disk platter / leprechauns. I'm going to be brutally honest with you: this might not be repairable, and if it is repairable, trying to fix it yourself might render it truly unrepairable if you take the wrong approach or make a mistake.
You need to consider a very important question right now: how important is this information to you? Your answer determines your next step.
- I could care less about this data.
You can format the drive out. Or, if you're bored/intrigued you could try the next option. Given we don't know what caused this I would treat this drive as suspect (as in, don't put anything critically important on it). You are regularly backing up your files, right?
- I care somewhat and am willing to risk trying a repair on my own. If I lose the data, oh well.
I have a few links below that I found on this issue. I would strongly advise that if you are not extremely familiar with using computers, or if you are in extreme need for this data, that you do not do this. One mistake could render the data unrecoverable. You could either find someone you trust that is more knowledgeable at this, or jump to the next option.
How To Fix: External Disk Drive Suddenly Became RAW
http://html5.litten.com/how-to-fix-external-disk-drive-suddenly-became-raw/
Bleeping Computer thread: External drive showing raw data after removal without ejecting
http://www.bleepingcomputer.com/forums/t/481048/external-drive-showing-raw-data-after-removal-without-ejecting/
- If I lose this data I'm going to be in a huge world of hurt.
Send the drive out for professional recovery. There are companies that specialize in this (I've linked to one below). It's not cheap - think $1,000+ depending on how interesting it gets.
OnTrack
http://www.krollontrack.com/data-recovery/data-recovery-services/hard-drive-recovery/
Proceed with caution. If your computer still has malware on it, or has a chance of still having some remnants on it, clean it up first. If you do get the drive/data back, there might be malware on there -- make sure it's cleaned up, too. And then get a backup solution in place if you don't have one already.
Regards,
Aaron
--
This information is provided "AS IS" without warranty, and confers no rights. The third party links I provided are for informational purposes only and do not indicate an endorsement by Microsoft, nor does Microsoft warrant their content.