Disk Arrays
cancel
Showing results for 
Search instead for 
Did you mean: 

Virus attack - computer won't boot

Zolt
Occasional Advisor

Virus attack - computer won't boot

Hi,
I have a DL360 G2 with 2 300GB drives in raid 1 that has been badly hit by something (I believe a virus). It runs Windows server 2003.
The drive has 2 partitions - partition one has OS, and partition two has data. I want the data back, and I don't care about reinstalling the OS.
I tried Windows Repair through setup when booting the CD, but it just hangs.

I also have an older DL360, with 2 36.4 HD. I broke the mirror on that one (migrate array).

I would like to know if it is possible to take the second 300Gb drive from the dead machine, and put it in the second bay on the other one and read data from it. Will the Array controller let me do it?

What are my options to recuperate the data on the second partition of the 300GB drive?

Thanks for your help! I am desperate!

Zolt
7 REPLIES
TTr
Honored Contributor

Re: Virus attack - computer won't boot

Take a look at

http://forums11.itrc.hp.com/service/forums/questionanswer.do?threadId=1224406

Unfortunaly there is no final resolution on this thread but you have options to get your data back.

Did you try installing a new OS in partition 1?
Zolt
Occasional Advisor

Re: Virus attack - computer won't boot

Thanks TTR for the information.
First, I tried to boot up with the setup CD, but at the point where it is done loading the drivers, when it says "starting windows" it just sits there and waits.

This is why I tried to do something with my other machine.
Here is the exact situation I am at now:
I have a dead machine with mirrored drives (2 300GB drives) I can't access.
I have another machine, a bit older, on which I have broken the mirror.

The broken machine is a domain controler, and file server. OS is on first partition, data on the second. The second machine is a regular server, part of the domain. It has 2 34.6GB drives that were in Raid 1, of which I manage to break the mirror by migrating it to raid 0.

I would like to find a way to have one of the 300GB drives recognized as the second HD by the second computer.

Tonight I will try what is suggested in the post you gave and I will see if something goes from there...I cross my fingers!!

Thanks,
Zolt.

Zolt
Occasional Advisor

Re: Virus attack - computer won't boot

TTR.

I tried what was suggested in your post, and other things too, but with no luck.

I have been able to boot with an Ontrack EasyRecovery Pro CD, and was able to browse the content of the hard drive, but I did not have any place to restore the files to....except the floppy! Imagine retrieving 50 GB of data with the use of a floppy :D

So, I am trying something new tonight.
I downloaded an ISO of a LINUX ON A CD disk. It is an implementation of Kaella distribution which runs off the CD. Since Linux can understant SCSI, I should not have any problems seeing my files. I also will hopefully be able to connect through TCP/IP to another machine where I will be able to copy files to.

I will keep you posted on my results...it might be a good alternatives for dead Windows!!!
TTr
Honored Contributor

Re: Virus attack - computer won't boot

> Since Linux can understant SCSI, I should not have any problems seeing my files

But your files came from a windows 2003 right? Does Linux understand NTFS filesystems? You probably will not be able to see the files.

> I have been able to boot with an Ontrack EasyRecovery Pro CD, and was able to browse the content of the hard drive

Cna't you add another drive in this setup? Or a USB drive or flash card?
Zolt
Occasional Advisor

Re: Virus attack - computer won't boot

Thanks for the suggestion.
I will try to see if it can see NTFS. I presume yes because the hint I got is that someone used it to debug his non-working XP machine, which uses NTFS by default!

I tried for about 6 hours to get my USB thumb drive to be recognized. I don't have a full blown USB external drive, so this was my only hope. Unfortunately, I could not get it to be recognized....would have been too simple :D

I can't add another drive either - I tried. That machine is a slim rackable one, so only 2 drives allowed. I have a mirror with the 2 300GB.
If I only could put an IDE drive, it would be so simpler!!!

I will keep you posted about my findings tonight.

Thanks for the follow up and suggestion!

Zolt
Zolt
Occasional Advisor

Re: Virus attack - computer won't boot

Well, I still haven't figured out what hit me so hard.

The good news is that I have been able to recuperate my files on my other server....to get infected again.
I still managed to get my files back, but this time, I was smart enough and copied them to a linux computer I have, and haven't got infected...so far :D

So, the essential thing to know is how I recuperated my files back, and why it was soo hard.
The why is because my computer DL360 G2 is using a smart array controller with SCSI disks. Since the raid information is saved on the disk, I could not just add the disk with the virus on another machine and access the drive information - it would not recognize it as a drive with data on it, as it would with a regular IDE hard drive based computer.
So, I got my hands on a BART-PE boot disk (based on PE Builder, by Bart Lagerweij).
This disk allowed me to boot up, have access to my drives, set up a network connection to another machine and copy files over.

This BART-PE really saved me.

Thanks for helping me.

Zolt
Zolt
Occasional Advisor

Re: Virus attack - computer won't boot

Please see my last post.

Again, thanks to all that gave comments, ideas, ...
It is great to see people willing to help you out, even though you don't know them.

You guys rock!

Zolt