Sunday, July 11, 2010


Look! We're back!

As mentioned earlier, the Magic Elf Box here at Rancho LawDog had a brief dalliance with a bit of code named "the Antivirus 2010 virus" obviously written by a socially-deficient, sexually-repressed, basement-dwelling, vertebrae-lacking, yellow-bellied, gonad-deprived, rubber-nappy-wearing little script monkey for fun and profit.

Not only did it sleaze right past the Windoze firewall, but running Malwarebytes Anti-Malware not once, but five times (twice in Safe Mode) didn't even touch it.

Finally jerked the cables on the tower and drove it down to Best Buy to turn it over to the tender mercies of the Geek Squad.

Got a call from the resident Alpha Geek cheerily informing me that, "We ran two tests, and they both say you've got a bad hard-drive."

*blink, blink*

The hard-drive was working fine when that sodding virus kept opening Explorer and visiting such lovely sites as [deleted].com, [deleted].biz, and [OhGawdMyEyesDELETEDDELETEDDELETED].info. Anti-Malware did a complete scan five -- count-'em FIVE times -- and didn't seem to have a problem accessing the hard-drive.

Of course, it didn't find the bloody virus, either, but that's beside the point.

Not to mention that Herself and I have a great deal of data (read: stories) stored upon said hard-drive.

No go, sayeth The Geek.


So the old hard-drive is sitting in a cardboard box on the desk next to the Magic Elf Box as I type this.




Jon said...

Dog, have someone you know with throw away box, an a USB transfer kit load up that HDD and see if they can save your data.

For one The Geek Squad only wishes they hired geeks, I know I got turned down for employment there because I knew way too much about computers once.

And for two - its worth a chance to save that work.

Pat St. Jean said...

Bring it to the DFW area, I've got a USB enclosure and a Mac. We can get your data off as long as the drive can still spin up. No promises that there aren't borked files, but it's a couple hours of work max.

Jake (formerly Riposte3) said...

That sounds fishy, Dog. My first thought is that they borked the drive trying to get the virus off, and are just saying it was bad to cover their backsides. Or maybe just trying to sell some hardware.

I don't trust the Geek Squad. These are the same guys that tried to talk me out of putting linux on the computer I was buying from them, while at the same time trying to convince me of the awesomeness of Vista.

Jon and Pat have it right. Find a real geek and get them to recover your data. If they can clean the drive, you may even be able to hook it into your system as an addition drive, and you'll have even more space.

Lee said...

'Dog, now might be just the time to consider an operating-system move. Now sit tight, I promise this won't hurt a bit ;-)

Depending on what all you actually run on your computer, you might just find that switching to a user-friendly Linux distribution will eliminate a goodly chunk of the headaches you have with computers. If all you're doing is internet-browsing, flash-gaming, email-sending, blogging, etc etc etc, check out and download/burn a copy of their latest and greatest OS to CD.

Boot from that sucker and try their "Live CD" option and see if you can't do just about everything you've been doing in Windows just as well if not better. It doesn't touch Windows at all, and if you decide you don't like it just pop the CD out, reboot, and voila you're back into the Windows you know and love, with all your programs intact as you left them. I think you'll find that the general lack of malware, viruses, and other nasty electronic creepy-crawlies might just be worth the price of admission (i.e. free. Hooray for open-source software!) If you take to it, this latest computer virus might just have been your last one!

JeanC said...

Posting this for Da Hubby as he is having problems:

I loves me da geeks squad. I make a fair chunk of change off fixing their work. they are wannabe's at best. if they had real skills they would not be working for Best Buy. they are there to sell you stuff, not fix the problem.

and I'll 3rd Lee. Ubuntu does the job well. I use Linux to fix a lot of windows problem.

I am much much more than willing to take a shot at the drive Lawdog, I've recovered quite a few "dead" drives over the last 30 years.

Foo Barr


So Lawdog, if you are interested, just drop me an email via my Blogger profile and I will pass it along to Da Hubby and you two can talk.

Jean C :)

HeroHog said...
This comment has been removed by the author.
HeroHog said...

Lawdog, I will be glad to salved your data no charge. I live in Shreveport, LA and am a retired (disabled)computer geek who's last job was as a Sr. Programmer and who has been a network admin and hardware tech to boot and I feel I can be of help to you in this case. I promise that, at the very worst, you will be no worse off than you were before in that I will do NOTHING that would destroy the drive or the data on it. Please let me know if I can be of service.

Speedy Mercer
Shreveport, LA
Three18 Four97 Four279

Posted the last before I spell checked it...

HeroHog said...

WHY CAN I NOT SPELL salvage?!?!?

Anonymous said...

a real professional outfit would

1 do a dump of the drive itself
2 run forensic scraping tool to recover the data (and run antivirus tools on same)
3 do a nuke and pave on the drive to get it up and running
4 copy back the files and such to the now clean drive


Anonymous said...

My sympathies, LD. My brother had his infected with this malware, and it took me the better part of a day to remove the bad stuff and save his HD from dataloss. Needless to say, I made certain his firewall was up & runnning, and that he had an up to date a/v program active.

BTW, I think your punishment of the @$$holes who write and imbed this type of code is much too lenient.

Kristophr said...


Geek Squad = idiots who only bring a screwdriver to the table.

Slave the drive to a non-windows machine, and scrape yer data off of it.

Even if these retards borked your MBR on the drive, Knoppix-STD or some other pure hacker OS can scrounge yer data off of it.

I agree with 10672---etc.

First thing you do is recover the data. Then you try to fix the damned thing. Don't ever take things to repair to Best Buy ... please.

Old NFO said...

Geek squad are a bunch of congenital idjits... Agree with John and Pat, if the drive spins, the data can 'probably' be recovered...

Groundhog said...

LD, you've had a few offers of trying to salvage your data. I suspect it can be saved. I live in the SA area and do computers for a living. Be happy also to try for free for you if you like. You can reach me via profile email also. I would absolutely not give Geek Squad the last word.

Anonymous said...

You need a smarter tech.

If the drive spins up and doesn't make a clicking sound, at least some data should be recoverable.

Chris M said...

I second the suggestion for using a Linux Live CD to recover the data from the hard drive but recommend Knoppix 6.2 rather than Ubuntu. I use and like Ubuntu installed on my computer alongside Windows but the speed of the Live CD can be measured against continental drift. Knoppix is much faster.

Go to and click on the download link. Agree to the EULA and continue. Pick a mirror site of your choice (preferably USA) and download the ADRIANE-KNOPPIX_V6.2.1CD-2010-01-31-EN.iso file. You'll have to burn that .iso image to CD.

Jumper your old drive as "slave," put it back in your computer, and boot from the Knoppix CD. You'll find it close enough to Windows that you should have no problem figuring out how to mount and access your old drive. Linux has no trouble reading Windows-formatted drives. Now, scrape the data you want from your old drive and burn it to a CD or DVD.

Unknown said...

Yo Dog

I'm a Linux Geek, and I live close enough to you in Frisco. I have a happy linux system already set up. I can slide your disk in, grab the data off, and recover every byte.

Some of my favorite software runs only on 'dows, else I would put it behind me like a bad dream. I am with the others recommending Ubuntu. I use it myself both personally and professionally.

I work nights, sleep days so our schedules should mesh. Drop me a line if you want to hook up.

Anonymous said...

Dead isn't "can't get your data." Dead is "my hard drive is playing Hernando's Hideaway." (click click click CLICK click, click click click CLICK click, ad infinitum). They opened the case and little bits fell out. Yup, that's a dead drive.

Da Curly Wolf said...

Gotta concur on Geeksquad. you do know that they send their crap elsewhere to be fixed right? I had a monitor problem. it was still under the warranty I paid for[barely] so I took it in. They shipped it to an outfit in Dallas to be fixed. I was supposed to get it back in 2wks. I got it back in 3 and a half. They tell me the powerboard for the monitor got borked. so that got replace and it all got cleaned up, so it was nice and shiny. i got it home and heard a crack. guess what was borked again not EVEN 12hrs after I got it back. I mean it works but..if you move it it shuts off, or resets. My monitor was fixed..rriiiiiight.

Crucis said...

I cleaned that virus from a friends 'puter. Took an afternoon and she did lose some stuff. It difficult but not impossible. I had to do it personally. I couldn't talk her though it on the phone.

I've learned the hard way to store all my personal stuff on a flash drive. That solution is a bit too late for you, but going forward a $20 flashdrive can save those stories.

You may have to search a bit to find someone whose knowledge of 'puters came from somewhere other than the latest edition of "XXX for Dummies." It's be worth it when you do.

Pete S. said...

Hi Dog,

I too offer my services at attempting to recover data. Drop me an email.

Other useful things to consider:
- Microsoft Security Essentials is an excellent, free anti-virus program for Windows. Better than any commercial software I've dealt with.

- Acronis is a free disk-imaging program for Windows. useful for making full-disk images of your computer. When I ran Windows (though I now run Ubuntu Linux) I did a full system image every month. Exceedingly useful for recovering from major system issues, or for making a copy before trying out new stuff.

- Mozy is an online-backup service. 2GB are free, with unlimited storage for $4.95/month. Saved my bacon a few times.

- Dropbox is a useful service for keeping files synced between computers. It also stores files on their servers, which is handy for off-site backups. It also syncs files whenever they're saved, which is useful for stories -- whenever you save a story you're writing, it syncs a copy and stores it for 30 days (unless you pay for the service, which can store every change forever). 2GB free, more with referrals, with some paid options.

At the very least, keep regular backups locally -- backup your hard disk to an external disk or something. (Many Western Digital external hard disks have software to do this automatically.) Losing data becomes much more difficult in such a case.

Farm.Dad said...

If nothing else bring the drive to blogarado and ill see if we cant pull the data you need off while your here .

Revolver Rob said...


You can simply install Ubuntu on the old drive (from a flashdrive or CD, unplug your new HD first), pull the things you want into Ubuntu (chances are very small it will be affected by a Windows virus), and erase all traces your windows registry. Once it's all in linux, save in a new format, put it on the flashdrive, and then format the drive entirely.

Then you can setup your old HD as a secondary (slave) to your primary and use it for excess storage space. Make sure you format the windows install and clean the drive fully.

I had last year's version of the same virus. This year...I run Linux.


LMB said...

I'd love to see the SMART report off of that drive. Those GS douchebags probably tried their dumbass "universal boot cd" antivirus CD, found that it didn't work, and then blamed the drive when they couldn't figure out a way to remove that virus.

rkill.exe FTW! (Just google "Antivirus 2010 removal)

Chrystoph said...

'Dog, as a professional IT, my apologies for the Geek Squad. They are a little boys club, and most of them know just enough to follow instructions of an Alpha Geek.

Here is a site with both manual removal and an automated tool. I cannot speak to the automated tool, but the manual removal looks sound.

Chrystoph said...
This comment has been removed by the author.
ASM826 said...

Seems real unlikely that the drive is bad. But either way, the real lesson is that data stored in one place is data you don't care about. That's just the hard fact of it.

Drives fail, houses burn down, computers get stolen, viruses eat your data. If you care about your data, be it pictures, or the Great American Novel, you back it up. Get a portable hard drive and use the software to make this process automatically run once a week.

If you really care about the data, you take another drive and copy the data, then store it in another location.

Think of this process the same way you think about going on patrol, you carry a primary weapon, you have a long gun (or two) in the vehicle, a bug on your ankle, and you have a radio to call for more guys with guns if necessary. Why would you choose to go on patrol with only one gun when you don't have to?

Jake (formerly Riposte3) said...

Something else to consider with the Geek Squad - they may have people who really do know what they're doing, but they're working in a big corporate environment. That means they're very likely severely restricted to "approved" methods and software. If they do something outside the script, or use unapproved software to recover your data - even if it works when the approved stuff didn't - they'll probably lose their job.

Doing it the right way rather than the corporate way isn't worth it from an individual "geek's" perspective, and if the customer gets screwed, that's just the way it is. And if they can sell some hardware in the process of their failure, that's just a bonus for the company that creates that environment.

Anonymous said...

Use a company called Data Recovery Systems. Send them hard drive, make sure to advise of virus. Down side - may cost about 1250 bucks, however thay have been very successful recovering test dat from our "toasted" hard drives

Erik said...

I've had a similar virus once. It's difficult to get rid of, but it's possible. The main problem with that type of viruses is that they tend to hide from removal, so even if you remove it with normal tools, it is still hidden and will return at next boot.
I did a quick google and found this removal tool:

If you're not comfortable doing this kind of job, I'd recommend what's allready recommended to you. Attach the drive with a USB connection and copy all the information. If that doesn't work, let someone with experience look at it. Even if the harddrive is bad, you should still be able to salvage a lot from it. Last time my harddrive crashed, I only lost a few files from it, the rest was salvageble.

Dont take the word of someone in a store, I've had them mess up more than once. I only leave things to the store if i know the guy doing the work is really good, and not just someone that works there.

Anonymous said...

'Dog, I'm sorry to hear you went to Geek Squad, for a couple reasons. Primarily, GS is not known for their stunning competance. they probably did not know how to remove your virus, and just claimed the HDD was toasted. Then, I'm assuming they put a new one in for the low, low price of one arm and one leg, which is actually my second reason I'm sorry for you; They MASSIVELY overcharge (to pay for their MASSIVE overad, I assume...)

I'm an IT pro, and while my employer pays for my certs, I still do a side business fixig 'puters for people I know. I'm at least thrice as qualified as any Geek Squader, and I charge about $25 an hour of bench time. If you look around, you'll find people like me all over, even in Bugscuffle (or parts near abouts...)

Pete above mentioned MS Security Essentials. I cannot reccomend this enough, to the point of saying to remove anything you currently have (including Malwarebytes) even if you've paid for it. MS ES is free, and one of the best rated security packages available.

Lergnom said...
This comment has been removed by the author.
Lergnom said...

Not to be a threadjacker, but how 'bout an Orb disk that won't mount?

Jonas said...

A) Don't trust geek squad, find a local mom and pop outfit.
B) Get someone to try mounting the drive in READ ONLY mode with linux.
C) If the drive makes funny noises and they can't read anything off of it, then disconnect it immediately. You probably have a hardware failure and attempting to read from it is just going to make things worse.

In the case of hardware failure, then you have to decide how much your data is worth unless you have backups. My wife's hard drive crashed recently and we decided that it was worth it to spend the money for professionals to fix it. Ended up costing about $1000, but they recovered essentially everything. We used Ontrack Data Recovery, but there are others out there.

Good luck.

Anonymous said...

Chalk up another vote for 'Geek Squad are idiots." I call 'em the "Goof Squad" for a reason; they screwed up my dad's computer a few years ago, charged an arm and a leg for the privilege, and refused to return the 'fixed' computer until he paid for all the 'new' hardware they installed, and it still didn't work. Dad spent the better part of a few months teaching himself how to fix everything they'd goofed up.

I had the Fake AV a while back; got rid of it by "brute-forcing" the virus; it kept closing any program I tried to open, so I just overloaded it by holding down Ctrl-Shift-Esc for about a minute, opening fifty bajillion iterations of the Task Manager. While the virus was busily closing them down in the order they opened, I went to the most recent iteration and started killing processes until I hit the infected virus. Then, a simple internet search for "Fake AV removal" gave me this site:

Follow the instructions, do a search for the involved files, and look for the indicated infected registry errors. I don't know what version of the virus you've got, but my infection didn't actually -infect- any files; it created its own, all pointing towards and protecting each other. I had to kill the virus process first, because it prevents the deletion of any related files or registry entries; however, once the process was no longer running, it was simple, if tedious. Afterwards, I installed the free-ware version of Spyware Doctor, which found a few entries in the registry which I'd missed. Deleted those, and my comp was clean.

The Goof Squad could have found the site I used immediately. Unless your harddrive is clattering and clanking, they were either incompetent or willfully fraudulent in their diagnosis.

Phillip said...

Lawdog, it looks like you have some very capable IT type professionals among your readers. I can't add a whole lot here that hasn't been covered already, but here goes:

Any "computer company" that you go to may not be safe to trust with your drive. I've worked for both large and small companies and found that actually recovering data was something very few people could do with any hope of success. I once had to teach a couple of 10+ year IT veterans how to clone a drive to move the data onto a larger drive. Also a LARGE number of companies have the "Oh you have a virus? Let's just go ahead and wipe the drive to clean it" policy nowadays. Frankly, with some viruses I've found that the easier thing to do.

Never trust Geek Squad or a major brand warranty place to save your data. Frequently it's against their policy, or just too much work for the kid just starting out.

I've read your blog for quite a while, and you were one of the first blogs of any type that I came on, so you get a LOT of the credit for getting me interested in them. I regret to say I haven't used your tip jar due to financial straits of my own. I had just started my own computer services business in 2007 when I made a trip up to WV to see my parents and fell off a 40 foot cliff, which put me unable to work for quite a while.

I would love the chance to partially pay for the entertainment you've given me and other friends I've shown your blog by evaluating and attempting recovery of your data and hard drive. If you're interested, please give me a call at three five two-989-zero six six 9, or e-mail me at phillipc AT I live in Central FL, so you'd need to Fed-Ups it to me. :-) Although they can't provide much in referral about my technical skills, I've met JayG and Robb Allen when Jay was down at Disney and convened a bloggers meetup. I was sitting across from Robb with my wife, and I'm the one that has scars on my face if you need to jar their memories.

However you choose to handle this, please accept my sincere wishes that you have a successful recovery of the HDD's data.

PPPP said...

Not discounting anything anyone else has said or offered. And I too doubt the hard drive is truly fried.

However, if it really is "dead", it might be recoverable. I've never used it personally, but I've read good things about SpinRite, from Gibson Research ( I've used some of their other stuff, and it worked as advertised.

Rob said...

McAfee. It is the best I have found. Trend is a joke. Malwarebytes is nice but underpowered.

I have been infected twice on my work laptop by searching for images at Google Image (that won't happen again!!). Trend - the company standard would see it but do nothing about it.

I pulled the drive out, hung it on another system (via an nifty USB dongle thingy) which has McAfee Enterprise and cleaned it up - both times. Found and cleaned/deleted SEVEN infections.

Sometimes the tool used does matter.

Geek Squad is probably using Malwarebytes or Spybot - something they don't have to PAY for.

Anonymous said...

I got infected with a fake antivirus awhile back, too. What saved me was having another admin account on the computer. Somehow I was able to log off the infected account, log in to the other one, and Google for a solution.

What I ended up doing was bringing up Task Manager before the infected account had finished booting. By doing that, I was able to kill the virus process before it really got started. Then I had to change my Internet settings back to normal - one of the things this bastage did was to set up a proxy so you only ever got to the one website.

Once back on the 'net, I downloaded Spyware Doctor, ran it twice, and haven't had a problem since.

Retired Spook said...


I can't offer to help with the computer stuff, I'm still at the "monkey hit button with stick send email" but I was a field spook for a few years, and if you can find the motherless son of a ************** that wrote the code, I'll help with the torch, or provide an alibi, whichever you need. (You lie, and I'll swear to it)


Jon said...

The drive enclosure is about 50 bucks U.S., and runs your drive like a seperate storage drive. You can find one at your local hometown computer repair shop, or on the internet. It comes in IDE and SATA and hooks via a USB port.

The main thing is that the data is probably there. While the drive may not boot, most viruses are after the system files, so the data is not the immediate prey. Usually the system crashes before the data is corrupted.

Even if you're getting some problems with the disk, there are programs available that can find any data that's not corrupted.

If nothing else, the experience of using hardware and software to fix a probalem is good for the soul. After you get what you want, you can format the old drive and have a handy external backup drive.

One caveat. If you do this, do not install the drive until the host computer is up and running, with virus software running. Scan the drive before you do anything else.

Anonymous said...


As others have suggested, get an external interface for that old drive, then clean it.

I have one of these:

It will connect just about any drive via USB.

Some tools everyone should have:

Superantispyware –

Malwarebytes’ Anti-Malware –

Spybot Search & Destroy –

Trojan Remover – 30 day free fully functional scanner

Combofix. Be sure to follow the instructions carefully:

Trend Micro HijackThis:

Over the years I've found this site to be extremely valuable when removing infections:

In Bleepingcomputer's forums you can also get help interpreting HijackThis logs.

Someone mentioned Steve Gibson's Spinrite for bad drives--excellent software. Steve also has his own news server at:
Configuration instructions can be found here:

Check out the spyware group for software recommendations and help.

Now, having said all that, I have to echo all the above commenters -- NEVER take a computer to a big box store to have them fix it.


Anonymous said...

Geek squad has been caught ripping off its customers more than once.

allen said...

Don't know if you've got one local, but up here in Denver there's a store called MicroCenter that is noodles and wagglers above BestBuy/Geek Squad. Much more competent service and their hardware prices are betterer too.
They offer classes as well. This fall I'm planning on taking their 'Build a Box' class which walks you thru every step of putting together your own compy, from power source, to motherboard selection, processor, RAM etc. and then the next class they'll help you put it all together and make it vroomvroom. I'm wanting to put together a screaming fast Ubuntu box with a couple terabytes of storage. XP has gotten too popular with hackers so I keep ending up with bugs and I'm done playing those reindeer games.

Rabbit said...

Email sent to Herself just now. I fix stuff worse than this for a living, y'know.


HeroHog said...

Please post a follow-up on this for us, OK?


Anonymous said...

As a tech in a retail 'mom and pop shop':

"Also a LARGE number of companies have the "Oh you have a virus? Let's just go ahead and wipe the drive to clean it" policy nowadays. Frankly, with some viruses I've found that the easier thing to do."

This is true. Even with the smaller volume we do, I have roughly a half an hour to determine whether or not the system can be cleaned or if cleaning it is going to leave a borked operating system anyway.

If I end up determining that it can be cleaned, go through the clean and end up with a borked system that needs to be reloaded, I've spent that labor time cleaning it only to end up reloading it anyhow. The result is wasted labor time on my side, wasted customer time to get the system back, an overall loss for everyone.

OR I clean a system, the customer catches it again a month later, claiming we didn't clean it out in the first place. I clean it again, they catch it again, claim we didn't clean it out the first two times, etc. etc.

(This happens more often than you think. You can only educate people so much, and customers are always convinced that the louder they yell, the more reality will warp around their wishes and somehow make them "right.")

A wipe and reload takes both of those problems out of the way and just gets the system back to the customer in the most reliable manner.

It wouldn't surprise me that businesses with a larger service load and lesser trained (paid) people would resort to more reloads and less cleanings.


I have found several systems with bad hard drives that people didn't realize they had. "Oh the system has always been slow, we've just been dealing with it." "It just takes a few tries to start the system up."

My choice is to clean as originally instructed, and end up having them come back in 2 months when the drive gets worse only to complain that "we caused it." OR Let them know about it in the first place, backed up with drive diagnostics results.

Moral of the story: Keep regular backups. Don't lose your *(#$&'n recovery media!!


BryanP said...

You have to jump through the right hoops, but I have used Malwarebytes to remove that POS several times.

I'd offer to assist in recovering the data on the drive for you, but it looks like you have plenty of volunteers for that already. Good luck.

Will said...

Popular Mechanics did an article on the subject of file recoveries:

bogie said...

Dawg, I'm guessing that the complete and total blithering idiot who was wearing a tacky white shirt and cheap black tie as a uniform couldn't figure out how to kill the gnarsty, so they ended up killing your windows installation.

Then when Windoze didn't boot, they decided that the HD was toast.

Probably not. Get over to Tiger Direct, Newegg, or even Ebay, if you haven't already, and get yourself a cheap USB drive enclosure. Put it in there, plug it into a USB port, and see if it recognizes it... If that doesn't work, or if it sees it, but won't let you into large chunks of folders and files (quite likely...), download a copy of Ubuntu that you can boot from CD (it's easy...). That'll load up, and then let you mount that hard drive and do all sorts of things to it that Windows won't let you do.

Copy all your crap... er... vitally important data to a fresh folder on your hard drive (DO NOT TRY TO COPY WINDOWS OR PROGRAMS), boot Windows to see if it worked, and then you can erase the old drive and USE IT FOR A FREAKIN' BACKUP!!!! WHAT WERE YOU THINKING!!!

Anonymous said...

Puppy Linux runs completely in ram and is perfect for those who need to get stuff off of a corrupted but still mechanically sound hard drive. Keep a copy for when you need it.

Geek squad is more of the biting heads off of chickens than fixing computers variety.

Anonymous said...

Oh, also remember to update your malwarebytes program on a regular basis--before you need it. Part of the updates is also a hardening of the program against newer versions of the fake antivirus program. I got infected through drudge last month--because I had updated the Mbam.exe it caught the program. After that I ran the Microsoft "fix-its" I had on an external drive to restore IE and Firefox.