SATA/IDE error now all files are read only/hidden...

So i'm sitting here watching a movie on my windows 7 machine and I get a message that says there is a problem with an IDE/SATA hard drive installed then all of a sudden almost all my folders/libraries dissapear.

Machine is a windows 7 ultimate machine
1tb hard drive

I try to check event viewer to see if i'm getting disk errors but when I try to open up the management console I get an error saying it can't be found. I try to open up the administrative tools under control panel and get 0 results.

I boot into safe mode, same issue. Run a system restore to two days ago and now i'm able to get into the management console to check logs. There are ZERO disk errors.

I turn on show hidden folders and I find all my desktop files/libraries are either "read only" or a combination of "read only/hidden"

I'm so confused right now, hard drive not showing any disk errors (Going to run chkdsk in a min)... what in the world is making it apply read only/hidden attributes to my files?

I'm running a malwarebytes scan right now then a chkdsk after...have any of you seen this before? Is there a way to revert all my folders back to normal without going through them one by one?

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

undomiel

You'll need to go into the advanced security settings and force NTFS security down to all subfolders and files. It's malware but I don't know nof a cleaner finding it yet. We just reimaged the machine since that was faster.

phonetic.man

Dryst999 wrote: »

So i'm sitting here watching a movie on my windows 7 machine and I get a message that says there is a problem with an IDE/SATA hard drive installed then all of a sudden almost all my folders/libraries dissapear.

I'm running a malwarebytes scan right now then a chkdsk after...have any of you seen this before? Is there a way to revert all my folders back to normal without going through them one by one?

I had this happen about 3 weeks ago to one of the laptops in in my building. That computer is XP SP3. I remember MalwareBytes finding and cleaning a few files. I also remember that the infected items were only located in the user's profile (I backed up the data and deleted the profile from the computer just to be safe). My antivirus (Sophos) never picked this up.

undomiel wrote: »

You'll need to go into the advanced security settings and force NTFS security down to all subfolders and files.

Yes, this too.

undomiel wrote: »

We just reimaged the machine since that was faster.

I normally do this, but I spent a little time trying to find what my issue was. YMMV, but hopefully it isn't anything worse than what I saw. She got the malware from one of those fake AV popups (Windows AV if I remember correctly).

gosh1976

We've seen a few of these. Cleaned at least one of the machines without a reformat and it was a pain. Required multiple passes with Super-AntiSpyware, malware bytes, RemoveIT, also ran Tdsskiller and it did find a root kit, and combo fix found a number of files to delete.

The rouge anitvirus infections are getting nasty. Was very annoyed the other day when I booted into safe mode and the fake scan was still running on a machine.

Dryst999

Thanks for the replies guys... i'm happy to know it's not a hardware failure. Ran an up to date malwarebytes/search and destroy/MS Security Essentials and found 0 infections, not even a tracking cookie =(

Looks like I have the Windows fix disk virus Virus, Spyware, & Malware Removal Guides... funny thing is that after I got the "The system has detected a problem with one or more installed IDE / SATA hard disks. It is recommended that you restart the system" I never got a popup asking me to run any scans or install any software.

Guess formatting my partition is how i'll be spending my saturday afternoon. Oh well, i'm one of those weird people who like formatting every now and then to start fresh lol.

SilverGenius

Unhide.exe will usually restore all the hidden files. There are several different variations of this malware out there. I have seen some that actually start deleting files.