help: weird virus, veird symptoms

Long story short: I have 3 partitions on my hard drive, all NTFS, c: installed vista and AVG8.5, but yesterday d: and e: just dispeared - without a trace, when I go to disk manager, they are still there, but I can't assign a driver letter or format them. It's keeps saying that I need to refresh or reboot to load the correct disk data, and ofcouse, that didn't help.

I believe the virus didn't do too much to my computer, everything else is fine, AVG couldn't find anything suspecious, system restore didn't help either. But without vista being able to load these 2 drives, it seems that I don't have too much of a choice.

I really don't wanna re-partition the whole disk, what else can I do?

Thanks for any advice in advance, I've been tortured by this weirdo for a whole day.

 

Try disabling AVG just to see? A wild recommendation.

cheers ...

 

My advice is uninstall AVG and get another antivirus.
If your AVG is free edition, then just try and get Avira Antivir Personal(free) or Avast! Home Edition(free). These 2 AVs are 100% better.
If your AVG is paid edition. Then, I can STFU(LOL).

 

What OS are you running?

 

I'm running VISTA ultimate, and I disabled AVG, it didn't help, actually I was running AVG for a long time, so I think this shouldn't be the problem.

I loaded the DSL live cd, then I was able to mount the drives, my stuff is still there. So my plan B is: copy out everything, and re-partition disk, if there is no plan A.

I think the problem can be discribe as this: something is preventing vista to load drive D and E, and it's not recognized as virus by vista or AVG (also NOD32).

Probably it's new virus (like swine flu). This virus can hide itself to a partition which vista can't load, so that no one can detect and delete it. Very smart move.

 

Try first with a repair? This way your data is still around.

 

Tried running a round of chkdsk?

 

Yes, that's the first thing I tried, I believe the repair just verify stuff like MBR, and system partition to make sure the OS is usable, it didn't try to check other partitions or virus stuff.

 

I can only schedule a chkdsk for drive C, because vista can't see other partitions, how do I force a full disk check?

 

Pull the drive from the computer, stick it in an external USB enclosure, hook it up to a computer you know is not infected with malware, and then use that computer's A/V to do a thorough scan of the hard drive from the affected computer. By putting it into an external enclosure, it basically gets treated as just another passive data store, which means any malware on it won't get the chance to fire up and start messing with things.

 

Good point, but I worried that this virus might infect the new computer as well, since it was able to infect my computer with being detected in the first place.

 

That's a reasonable concern; however, I think that so long as nothing on the drive is executed, you should be ok. As a precaution, make sure that autoplay is simply turned off on the computer you're going to attach it to, and just before shutting down the affected computer for the last time before pulling the drive, see if you can unmark the partition as active (as I think about it, I don't know if that can be done, but it's worth a quick check in the disk manager, just in case).

 

I don't know how to unmark an active drive, but I did mark D as active, and I messed up, I can't get into VISTA any more, but I used fdisk set C as active again. Somehow Pqmagic7 did work, it doesn't recoginze vista partitions.

I also put my disk into an enclosure, but there is some weird noise come out, and the other computer cound install the new external hard drive. It also causes Pqmagic8 to crush.

 

What sort of "weird noise?" That's a very bad sign, and usually indicates that a drive is about to physically die.

 

So there is no virus at all, this make sense, that's the reason vista can't load D and E. But why DSL linux has no problem to read it? I guess to be safe, I'm going to copy out all my data, just in case.

 

How do you know it is a virus. Maybe loose connection?