Computer Help forum

General discussion

Squirrely new HD: "infant mortality" or something else?

by ninetywt / August 7, 2008 2:06 PM PDT

Two weeks ago I had to put a new HD in my Dell Dimension 8300. The WD Caviar 160 GB drives were on sale, and I bought 2 of them (can't pass up a bargain!). Although the computer is 4 years old, I had recently upgraded the BIOS to version A07, so installing and formatting the HD gave no problems as far as drive size. I only installed one.

Shortly after the installation, I got an infection of a trojan which defied cleaning. Eventually I was able to remove the thing manually. I mention this because I'm not sure if that trojan exacerbated the problems I'm having now. I had gotten BSOD with BAD POOL CALLER and IRQ NOT LESS OR EQUAL before I got it cleaned. (I tried Malwarebyte's Anti-Malware, Spy bot Search and Destroy, Rogue Remover Free and Ad-aware SE. None of them found/cleaned it.)

After removing the infection, I installed Windows XP SP2. I began to have problems with the computer freezing. The computer began to have problems recognizing the boot drive. However I checked the drive with SeaTools (was in a pinch) and it found no problems. Then I also installed SP3 , thinking that might fix some of the issues. It did not.

Ran chkdsk and it replaced 3 spots with bad clusters. Since that time I've had no issues whatsoever.

Being yet wary of the drive, I ran the WD diagnostic on it as well as the Disk Management in Windows. Disk Management says the drive is "healthy". However, in WD Diagnostics, it failed the "short test" and the "extended test" found bad sectors and repairs them. I have the log of that if it's helpful.

This machine is used for work as well as keeping personal and business finances. I run several civil engineering modeling programs on it such as HEC-RAS and DAMS-2. I also run AutoCAD Lt which is a real pain in the **** to reinstall. It takes about 6 hours to do a total reinstall of all of the software.

I *do* have backup,so that's not an issue. I have two Seagate 250 GB portable drives. I keep one connected to the home office computer, and one connected to my offsite office computer. I use Syncback to back up data directories each night. Once a month I swap these drives out. I also back up to CD about twice a year.

System data:

Dell Dimension 8300, socket 478 motherboard, 875P chipset, 3 GHz P4
NVidia GeForce FX5200 (latest driver)
no-name DVD R/W (compusa)
Sony CD-RW
Win XP Pro SP3 (version 5.1.2600)
WD Caviar SE 160 GB EIDE hard drive

There was a second hard drive in the machine, another WD Caviar 30 GB. I took it out because it showed bad on one partition after this saga began. It was manufactured in 2001 so I shrugged about that.

Is it just me, or is it odd that 3 drives have gone/are going out in the same two week period on this machine? BTW the Seagate which crashed (beginning of this novella) is still under warranty.

Here's my quandary: should I go ahead and put the second HD into service, or hang in there with this one until it goes out? Or could there be some other problem causing the HD to act up?

Thanks in advance, and I'm sorry this post was so long. Happy I hope I haven't left anything out.

~ 90

Discussion is locked
You are posting a reply to: Squirrely new HD: "infant mortality" or something else?
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Squirrely new HD: "infant mortality" or something else?
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Go ahead
by Willy / August 7, 2008 4:30 PM PDT

Since, this happened so quickly, it may just be a bad HD, use the warranty. You're lucky to have a 2nd HD to replace it with, so go ahead and do so. I would clean install the OS and pgms. etc., once done, check with the WD diags, etc.. If all OK, then load your data back from back-up, etc., if you like. I'm wary of your trojan or malware issues, they may return if your back-up included those as well, and you didn't know. That's why I suggested testing the HDs before reloading the data back as safety test. If the problems come back, then you have infected sources and/or the HD acts flaky again on 2nd new HD, you may have your cause. FYI- Having 2 HDs installed since you mentioned a 30gb'er may also harbor malware, so don't take it for granted. Malware will infect everything it can. On another note, sometime dual mounted HDs can cause a heat spot between them and become stressed overtime, so look into better cooling and this becomes important for higher GB drives as data is cramped in and become corrupt or soft errors.

tada -----Willy Happy

Collapse -
Some additional suggestions
by MarkFlax Forum moderator / August 7, 2008 8:29 PM PDT
In reply to: Go ahead

Whilst I don't know about technical matters like hard drive replacements, I noticed you said you got this trojan and then after removing it, you installed SP2. Since SP2 was a major security update/improvement, you may want to modify your sequence.

Before installing a new drive, obtain free anti-virus and anti-spyware utilities and copy/burn the installation/setup exe files to a CD. Download SP2 and burn that to CD as well. If you can do these on a clean machine then that is better.

Install the hard drive and install the OS. Make sure there is no internet connection. Turn on the Microsoft's Internet Connection Firewall, (the fore-runner to the Windows Firewall introduced in SP2). Install SP2, and make sure that the Windows Firewall is turned on. Then install the anti-virus, connect to the internet to download and install any virus definition updates. Install the anti-spyware utility and update it.

{If you have your own 3rd party firewall, eg ZoneAlarm, you could install that instead of using either of the Windows firewalls).

Scan your system with both the anti-virus and anti-spyware, one at a time, then connect your external drives and scan those immediately.

That should help prevent early infection when your new install is unprotected.

Mark

Collapse -
some additional suggestions
by ninetywt / August 7, 2008 11:20 PM PDT

Good point about the sequence of install events. I have an install CD which I made sometime during this escapade which is slipstreamed with the SP2 on it. (original CD was SP1). So, I could go with that and get the Windows Firewall turned on as you suggest. Or I could make one with SP3 on it and be all up-to-date at once.

I will need to bring the other external back here to scan it, but I think that's also a good idea.

Thanks !

Collapse -
go ahead
by ninetywt / August 7, 2008 11:15 PM PDT
In reply to: Go ahead

Ah, test the drive upon installation, good point. I know full well that brand new drives fail, I just have a hard time convincing myself of that sometimes.

RE: the trojan - I wonder if this bit of devilment *came* from the old 30 GB drive in the first place. Could it have been held at bay by my anti-virus programs and then deployed in that short window of time when they were not present? I wonder that because it was an older file that it kept writing (on every drive in the system)... syswin32.exe ... dated October of 2006. Since that is supposed to come from MIRC, I would have thought that ZoneAlarm would have caught it when it tried to download to the computer.

RE: the heat - I'm a bit concerned about this as well. Is this old fan going to keep up with the heat generated by a larger drive? This is stock Dell MX-0P0676. Googling gives me Gx260 - I'm not sure what that designates.

I won't need to be running two drives now with the size of this large one.

Thanks for the tips! Happy

Collapse -
Added points
by Willy / August 7, 2008 11:27 PM PDT
In reply to: go ahead

No AV on watch and old 30gb HD can harbor malware to launch when defenses are down. You didn't offer what trojan/malware was at work, but visit the Norton or McAfee support websites for any online scans and/or description of known problems.

As for cooling, if you're still stock, then if possible increase it. There are slot fans and/or better fans for those installed as either bigger or faster, you get the idea. Look at http://www.frozencpu.com for ideas and others. Its important, more than you think.

tada ----Willy Happy

Collapse -
added points
by ninetywt / August 7, 2008 11:38 PM PDT
In reply to: Added points

I believe it's called sdbot. It is a backdoor trojan.
I updated all of the antivirus software which I used - I dunno why it couldn't be caught. Spybot *did* play an important part in removal, as it warned me each time sdbot tried to put an executable back in the registry. I denied it each time and was able to remove it.

A new fan sounds like real cheap insurance. I'm off to your link to check them out. I have no doubt as to the importance of cooling. I just hope I'm competent enough to install one without blowing up everything. Heh. Wink

Collapse -
That trojan.
by MarkFlax Forum moderator / August 8, 2008 2:53 AM PDT
In reply to: added points

If you mean ZoneAlarm's anti-virus, then in 2006 Zonelabs were just starting out on their AV enterprise. ZoneAlarm's AV is not considered one of the best in the industry, and so it may well have missed the trojan. However, if you mean ZA as just a firewall, then it would not have blocked the download of a trojan infected file. ZoneAlarm's main task is to prevent unauthorised attempts to access your system in real-time by hackers, (robot or human), so it stops things like ping requests to your network ports. It doesn't scan files.

The link below from Symantec shows how to remove this Sdbot trojan.
http://www.symantec.com/security_response/writeup.jsp?docid=2002-051312-3628-99&tabid=3

You notice how it suggests to disable System Restore. This may be how the trojan kept re-appearing in your system if it was hiding in system restore backup files.

Mark

Collapse -
that trojan
by ninetywt / August 8, 2008 4:11 AM PDT
In reply to: That trojan.

I meant ZoneAlarm as a firewall. Thanks for the info about it not catching a downloading trojan, that's good to know. It certainly does work well re: the outside pings - I think that the trojan was trying to 'open the backdoor' so to speak, because throughout the time I was attempting to disinfect, ZoneAlarm was regularly telling me that it had blocked an intrusion.

I believe I read that article on Symantec's site, and used their advice, including disabling the System Restore while I was scanning. I did not use a Symantec product, though. I tried several free-ware programs (listed in the OP).

The software which was a big help is Autoruns. This showed the 3 or 4 files which the trojan kept putting in the startup (IIRC this showed up under the "logon" tab, I checked under all tabs to be certain). I was able to identify these files, even though one was disguised as a normal system file (ctfmon.exe), because they all had the same icon... and it was the old Windows logo (4 color panes). That really stuck out amongst the modern-looking ones.

Perhaps I should have used a Symantec product and things would have been easier. Happy

Collapse -
Noooo, not Nortons!
by MarkFlax Forum moderator / August 8, 2008 5:15 AM PDT
In reply to: that trojan
Happy

Whilst many have no problems with Symantec's Norton products they are not any I would recommend. There are many good free utilities available and they don't take up resources the way Norton tends to do.

That Symantec web site is good, however, for describing viruses and other malware, and how to remove them. Did you notice the registry edits that the article listed? Not relevant now of course with you deciding to use a new hard disk and install, but Symantec are good at hunting down what malware does and how to remove it.

Good luck with your install.

Mark
Collapse -
not northon
by ninetywt / August 8, 2008 6:11 AM PDT
In reply to: Noooo, not Nortons!

Ah, inadvertently then I've done the right thing.

Yes, I looked into doing the registry edits as the article recommended. However none of those entries were in my registry. I think because this was an old virus and that article was up-to-date with what the thing uses now.

I am still running the previously-infected disk until I have a big block of time to do the new install. Unless, of course, it crashes for good before then.

Thanks for all the help!

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

CNET FORUMS TOP DISCUSSION

Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?