So, late last night I am cruising the web looking for a stock extension for a keltec 2000.

I go to a gun website and begin to read their prices when the browser closes suddenly...then the error messages begin to appear one after the other.

Windows runs its safety computer scan program and detects a number of errors...I run the fix it solution.

The result... 5 messages on the hard drive being critically injured including the boot sector. hd C is unreadable.

warnings that my hd is exceeding system limits

then a warning stating that hd rotation speed has decreased by 20%

and an error stating that ram memory speed decreased and may cause system failure.

I had been using a shadow program that backs up my computer by taking a pic of the whole thing and sending it to a tera drive I have hooked up to it.

When I looked at the drive after hooking it up to my laptop....it was empty. Nothing on it. I had transferred nearly my whole drive manually to this tera thinking it would be secure and I could carry it with me on trips and download stuff from my laptop so I wouldn't lose any data. Now it appears wiped too.

I can boot the computer up and it takes me to a black, partial desktop for about 20 seconds....then the error messages start.

What do you think caused this?

I had similiar experience on my old computer and like you hit the "fix it" that started the real problem. If you can get the computer to the safe mode, maybe you can restore it to a couple of weeks ago. While turning on the computer continue tapping the F8 key to get to this "safe mode". It may not work for you, but it was my solution.

Malware disguised as fake windows safety program.

Malware disguised as fake windows safety program.

Most probably this is the deal.

Are any of these messages prompting you to go to some website and spend money to "fix" your computer? Not many hackers "break" computers for the fun of it any more when they can make money on a "hijacked" or "bot" machines.

Its malware. Boot into safe mode. Download and run the program "Rkill". It will kill most malware so that you can run a scan. Then download "MalwareBytes". Scan the pc with it. If it doesnt find anything my next step would probably be to run "ComboFix". Its a great program that does an excellent job at removing stubborn malware, but it can also break stuff occasionally. Use it with caution. Also download and run "tdsskiller", which will check for root kits. Id finish off with "Ccleaner" to remove all temp files, cookies, and stuff like that. Just cross your fingers that its a typical easy one. Iv only had 1 pc in the last 8 months that I couldnt clean. It was so infected I actually had to reload, cause I had way way more time invested in it than was billable, plus it was faster to reload it in this case than keep beating my head against the wall.

Its malware. Boot into safe mode. Download and run the program "Rkill". It will kill most malware so that you can run a scan. Then download "MalwareBytes". Scan the pc with it. If it doesnt find anything my next step would probably be to run "ComboFix". Its a great program that does an excellent job at removing stubborn malware, but it can also break stuff occasionally. Use it with caution. Also download and run "tdsskiller", which will check for root kits. Id finish off with "Ccleaner" to remove all temp files, cookies, and stuff like that. Just cross your fingers that its a typical easy one. Iv only had 1 pc in the last 8 months that I couldnt clean. It was so infected I actually had to reload, cause I had way way more time invested in it than was billable, plus it was faster to reload it in this case than keep beating my head against the wall.

Tagged for great advice. Will try this on my slow old pc later.

Cleaning it sounds good but how does this account for my terra drive (my supposed backup) being wiped? I looked at it on my laptop and it was 1/4 full and now is totally empty.

If it wiped my terra....wouldn't that mean that it also wiped part of my drive?

Cleaning it sounds good but how does this account for my terra drive (my supposed backup) being wiped? I looked at it on my laptop and it was 1/4 full and now is totally empty.

If it wiped my terra....wouldn't that mean that it also wiped part of my drive?

I dont think it actually wiped your tera drive. Im thinking that it is just telling you the drive is empty. The Window XP/Vista/7 2012 variants of malware will hide start menu items and files by settings a attribute on them. Hook the drive up to another pc and see what is on it. Once the malware is removed you will probably be able to see it.

wow, if that's true then all I've had is a scare...I hope you're right.

I am definitely going to look into some type of online backup that takes a photo of my whole system and stores it.

The idea of having to reload all my programs is just depressing, let alone the loss of vital data.

a warning stating that hd rotation speed has decreased by 20%

and an error stating that ram memory speed decreased and may cause system failure.

Those "error messages" are completely bogus. Your computer is infected with some sort of malware.

I dont think it actually wiped your tera drive. Im thinking that it is just telling you the drive is empty. The Window XP/Vista/7 2012 variants of malware will hide start menu items and files by settings a attribute on them. Hook the drive up to another pc and see what is on it. Once the malware is removed you will probably be able to see it.
And infect another system?
Doesn't sound like a good idea to me.

Some of those antivirus 2012 variants are a real pain in the butt for sure.

Sappy13 has a great post on getting rid of viruses. Also I have found that if you can disabling system restore can make the process go a little more smoothly; especially when dealing with the 2012 versions.

Another thing I do when dealing with problem viruses is remove the drive and run multiple scans using Malewarebytes, ESET, Trendmicro and such. I have had times were one solution doesn't find all malware but the others will catch it.

As was mentioned previously download and run the following programs first in normal boot mode then boot into Safe Mode and run them...
Malwarebytes (http://www.malwarebytes.org/)
Sophos Anti-Rootkit (http://www.sophos.com/en-us/products/free-tools/sophos-anti-rootkit.aspx)
TDSS Rootkit Removing Tool (http://support.kaspersky.com/viruses/solutions?qid=208280684)

Run an online anti virus scanner like this one...
http://www.eset.com/onlinescan

If none of the above programs completely remove the malware, download and run Combofix (http://www.bleepingcomputer.com/download/anti-virus/combofix).

If the computer is seriously infected and won't let you install or run the programs mentioned then look for the stand alone runtime versions of those programs, copy them to a boot CD or USB thumb drive and boot the computer with the boot CD or boot USB thumb drive and run the programs to clean the PC.

Once the PC has been cleaned check your Anti Virus program and Firewall to ensure the malware hasn't made any changes to those programs. Sometimes the malware will adjust the anti virus and firewall software so it ignores and won't clean the malware.

One word of note however, there is no 100% sure way to know that the malware has been removed with any of the cleaning programs. Only way to be sure is to wipe the drive, reformat/partition the drive, and reload all of your programs and data from original installation medium. If using backup software you can usually do a full restore from them, however it's possible the backup version may contain infected files if the backup was run on the infected machine.

And infect another system?
Doesn't sound like a good idea to me.

Well unless he has a linux or mac box then he has no other way to test it. He could use a live 'linux distro and browse to it also. But typically the malware is only going to be on the actual system, not the external drive. Chances are it is located in the system32 folder mascarading as another file, or is in a temp folder with a name consisting of random letters/symbols. If he has another pc on the same network, he could share the drive and browse to it from another pc.

Now the backup of his system could be infected, depending on when the last snapshot/backup was taken. So unless it is a backup system with multiple revisions on it(dating before infection was noticed), then he still could be out of luck even if it was visible.

Once his system is cleaned and all important data/documents are verified to be there, the op should probably wipe the tera drive of the old backup files and create a new full backup. Also delete all old system restore points and then create a new one of the system. If he does that he will have 2 backups to go to in case this happens again, as long as the next malware doesnt prevent those options from being available.

Guys, thanks a lot. Turns out it was malware that changed the attributes of files so they could not be seen. The tech today said he is seeing scores of these problems and has a program he uses after cleaning it up that enables you to create point at boot up that you can return to later if something like this comes up and restore to that point eliminating the problem. I'll share the name of the program when I get my computer back.

It appears all files including start up menu are fine, no data lost thank the Lord.

The program is called Rollback

Malware disguised as fake windows safety program.


Without a doubt.

Sorry, you're going to need professional help on this one. I believe the only way I've really fully recovered a client from this is by backing up all data, wiping and reinstalling windows.

Especially if this is one of those that "deletes" (actually just hides) all your files....PC just doesn't work right again....best to wipe & reinstall.

Guys, thanks a lot. Turns out it was malware that changed the attributes of files so they could not be seen. The tech today said he is seeing scores of these problems and has a program he uses after cleaning it up that enables you to create point at boot up that you can return to later if something like this comes up and restore to that point eliminating the problem. I'll share the name of the program when I get my computer back.

It appears all files including start up menu are fine, no data lost thank the Lord.


.....I love being right. :cool:

Yes, it's scary, but fortunately is an easy fix; un-hide the files. Only way to do that is to attach the HD to another PC via USB.

If he was able to recover your PC to its prior state before this virus without reinstalling windows, I could learn a thing from him. :dunno: