LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > General
User Name
Password
General This forum is for non-technical general discussion which can include both Linux and non-Linux topics. Have fun!

Notices


Reply
  Search this Thread
Old 07-28-2015, 04:31 PM   #1
ballsystemlord
Member
 
Registered: Aug 2014
Distribution: Devuan
Posts: 214

Rep: Reputation: Disabled
Hard drives arrives full of viruses


Hello,
I run linux and got my hard drive repaired by gateway warrenty because it broke. A new one arrived some time later with windows8 on it, and I figured that I'd better hang on to it because it might come in handy as there are windows apps that will not run under linux.
Well, I was helping a friend to fix her computer and I broke out the old windows install and it kept giving me the strangest problem. I could not as the admin access C but I could access some of the files under it and my account (you read that right).
I found out, eventually, that it contained three viruses and over 1000 PUAs.
Now, I've never had a problem like this before, and I'm not quite certain what to do, I mean I know that I should write them, but what to say, I want the system fixed/replaced, but I also understand that keeping windows free of viruses and the like is difficult. Chances are, that I'll have to turn in my drive and then I'll get another infetced copy back. I'm also assumming that this is not purposeful, something could be rotten in denmark.
 
Old 07-28-2015, 04:42 PM   #2
rokytnji
LQ Veteran
 
Registered: Mar 2008
Location: Waaaaay out West Texas
Distribution: antiX 23, MX 23
Posts: 7,064
Blog Entries: 21

Rep: Reputation: 3470Reputation: 3470Reputation: 3470Reputation: 3470Reputation: 3470Reputation: 3470Reputation: 3470Reputation: 3470Reputation: 3470Reputation: 3470Reputation: 3470
Well. I'd break out my external usb hard drive connector and either try to clean it with ClamAV or boot a live cd and clean it installed in a laptop or desktop. If not wanting to send it back.

Piece of mind though is dding mbr and whole drive and trashing the windows 8 install. It is not my drive. So up to you.

http://www.linuxquestions.org/linux/...ything_With_DD

No telling what rootkit or other nasties may be on the mbr. So either send it back with a letter of viruses found or lose windows or cross fingers with clamav or some other live virus cd iso like http://www.eset.com/int/support/sysrescue/.
 
Old 07-28-2015, 04:50 PM   #3
cynwulf
Senior Member
 
Registered: Apr 2005
Posts: 2,727

Rep: Reputation: 2367Reputation: 2367Reputation: 2367Reputation: 2367Reputation: 2367Reputation: 2367Reputation: 2367Reputation: 2367Reputation: 2367Reputation: 2367Reputation: 2367
Quote:
Originally Posted by rokytnji View Post
Piece of mind though is dding mbr and whole drive and trashing the windows 8 install. It is not my drive. So up to you.
+1

Unless it contains vital data, don't bother trying to salvage that wreck.
 
Old 07-28-2015, 09:26 PM   #4
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 10,610
Blog Entries: 4

Rep: Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905
One of the things that you absolutely have to buy, IMHO, is a "retail, non-OEM" version of whatever Windows operating system you intend to run ... on DVD-ROM.

When you buy a new computer, wipe the sucker clean ... low-level format the drive ... and install from the DVD.

When you buy a new drive, no matter what is on it, wipe the sucker clean. Low-level format the drive.
 
Old 07-29-2015, 09:29 AM   #5
Habitual
LQ Veteran
 
Registered: Jan 2011
Location: Abingdon, VA
Distribution: Catalina
Posts: 9,374
Blog Entries: 37

Rep: Reputation: Disabled
Nuke it to orbit.
 
Old 07-30-2015, 07:20 AM   #6
rtmistler
Moderator
 
Registered: Mar 2011
Location: USA
Distribution: MINT Debian, Angstrom, SUSE, Ubuntu, Debian
Posts: 9,877
Blog Entries: 13

Rep: Reputation: 4930Reputation: 4930Reputation: 4930Reputation: 4930Reputation: 4930Reputation: 4930Reputation: 4930Reputation: 4930Reputation: 4930Reputation: 4930Reputation: 4930
I'd half assume that since the drive was taken out of the system by you, the warranty may no longer be valid.

The other half might assume that since the drive was "operated" by you, the manufacturer will say that they gave you zero viruses and whatever is on there is the result of your actions.

If they agree that this is a warranty, they'd simply replace the drive. I'm unsure that they'd consider what they might view as you getting viruses on the drive as a warranty issue.

If you truly have a warranty and/or purchase of this system, you can ask for a system restore DVD, which they may require that you purchase because they'll say that the recovery and restore information is included within their hard drives on the systems.

You want a completely clean drive, clean it using dd, fdisk, and mkfs; under Linux.

You want the copy of Windows which you purchased, that last option of purchasing a recover/restore DVD is the best option.
 
Old 07-30-2015, 04:16 PM   #7
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 10,610
Blog Entries: 4

Rep: Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905
I think that you should definitely (and, without delay ...) inform the vendor that the drive arrived in this condition. They might not have been aware of it, and they will undoubtedly want to pursue the matter.
 
Old 07-31-2015, 02:59 PM   #8
ballsystemlord
Member
 
Registered: Aug 2014
Distribution: Devuan
Posts: 214

Original Poster
Rep: Reputation: Disabled
I've already nuked the drive, its dead! I compressed the windowz install, tar.xz and later decompressed it, only to discover that it was infected.
I don't think that this is a warrenty issue, I think that this is an atrocious example of very bad security practises and managment. Let's face it, how did the computer become infected if I never, and I mean the phisically impossible type of never, installed anything, touched the internet, or transfered any files to the host?
Gateway should be held accountable, no matter what I did to the drive after removing windowz from it. If it is not then guess what poor user will be next to recieve an infected drive? Even considering that they may deserve to be taught a lesson about why not to use windowz, its still cruel; and that's ultimaty what this post is about, finding a good process to convincing Gateway to better secure thier systems and thier users.
I'll start with an email, and if that works or not I'll post back to you and I'll move from there.
 
Old 08-02-2015, 10:00 PM   #9
maples
Member
 
Registered: Oct 2013
Location: IN, USA
Distribution: Arch, Debian Jessie
Posts: 814

Rep: Reputation: 265Reputation: 265Reputation: 265
Quote:
Originally Posted by ballsystemlord View Post
I compressed the windowz install, tar.xz and later decompressed it, only to discover that it was infected.
Out of curiosity, how do you go about compressing and saving a whole hard drive?
 
Old 08-21-2015, 02:12 PM   #10
ballsystemlord
Member
 
Registered: Aug 2014
Distribution: Devuan
Posts: 214

Original Poster
Rep: Reputation: Disabled
Depends on how well you want to do it. Off the top of my head:
Code:
tar -c --acls --atime-preserve --checkpoint 10 --preserve --no-auto-compress /mnt/windows | xz -9e -C sha256 -c > windows08.tar.xz
Should do the trick, followed by:
Code:
xz -dc windows08.tar.xz | tar -xsf -
Of course, you may want to place the swapfile and hibernate file else where because they will compress very well by themseleves because they are mostely zeros (think about it, use strings(1)). You will also need to save the partition data:
Code:
parted /dev/sdb p > windows08-partinfo.txt
and the boot loader and any other partitions containing info (but you can figure the rest it out).
OR, the best method, which create several very big files:
Code:
ddrescue /dev/sdbX; xz -e9 -C sha256 windows08-partX
parted /dev/sdb p > windows08-partinfo.txt
And then to restore:
Code:
xz -dc windows08-partX | dd of /dev/sdbX
You will need to fix the parttions of course, and this is only POC code. I don't have a perfect memory!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
tape drives vs hard drives(long term data retention) wstewart90 Linux - Enterprise 12 05-26-2015 03:48 PM
Confusion re: new Ubuntu server built with several (full) hard drives Donny Bahama Linux - Newbie 6 01-10-2014 10:29 PM
Where can trojans/viruses hide on a hard drive? papercut36 General 9 02-13-2013 09:28 PM
LXer: Use Linux to Scan Unusable Windows Drives for Viruses LXer Syndicated Linux News 0 03-14-2010 07:50 AM
2 hard drives, XP on my main sata drives, 10.2 on my IDE LILO doesnt show on boot up Dachy Slackware 14 01-03-2008 07:01 AM

LinuxQuestions.org > Forums > Non-*NIX Forums > General

All times are GMT -5. The time now is 04:02 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration