Primary Partition randomly AWOL

Having had a hard drive failure, I backed up data to DVDs and a second smaller HDD; Got a new drive, partitioned to hda1, hda5 logical within extended, installed Windows XP from a system restore CD, installed drivers; Then I began copying the backed-up files to the new drive's D: from the smaller drive..., and

In the middle of this massive copy operation, the computer simply clicked off and rebooted to BIOS without so much as a blue screen, then halted at "Error loading operating system. Checking with a Knoppix boot disc, the primary partition has vanished, extended partition w/ logical partition was still there but seemed unmountable.

This also happened when I was initially backing up files to this smaller HDD, but I don't know of any virus or malware that can execute simply by having the operating system copy a batch of folders. I suppose it could be a very, very well-written boot sector virus, but I haven't seen any real virii for at least 10 years - just worms and adware. AVG Free Edition has found nothing.

Having replaced nearly every piece of hardware on this computer lately, and because Linux is able to work with everything without ever having a problem, it seems like a software issue.

The family computer has been down for over a month now, and it's really hindering things like tax preparation, etc.

Halp?

 

Download UBCD, burn to cd, boot from it.
Now run the appropriate HD Diagnostic program for your brand of hard drive.
You can try to recover your partitions with Active@ Partition Recovery (on the cd)
Feel free to run any other diagnostic tools on the cd. Antivirus is also included.

It is possible a nasty virus is causing this. All it has to do is detect when you connect a new drive, copy itself on it and infect the MBR / partition table of that drive. And we all now windows crashing is a logical consequence of such actions.

UBCD Homepage with links to tool manuals

 

It's a brand new hard drive, just arrived today. I'll try the utilities, but I won't expect to see anything come up. I'll post what I find, if anything.
I
Restoring the partition is treating the symptoms instead of the disease itself. Anybody know what might cause this? I wouldn't put it past Microsoft to be a rare bug in Windows itself!

 

Viruses Can Infect the Master Boot Record
AV software has no 100% guarantee of cleaning all viruses.

Try running more than one anti-virus app. It is higly possible your backups are infected, which obviously isn't good.

 

Something similar happened to me once. Do any of your backed up files have any Windows components in them?

I was trying to copy a backed up drive to a new one with the OS already installed and Windows shut me down thinking I was trying to install two OS on the same product key.

 

I think I already mentioned the possibility of boot sector/MBA virii. No scanners have found anything yet. Is there an MBR-specific scanner that is likely to have a more comprehensive boot virus definition list than traditional all-in-one AV's?

Ran UBCD as you suggested, as I suspected Seagate's own tools found nothing that I didn't already know - just a corrupt/altered partition table and some random file errors probably due to Window crashing occasionally.

Shouldn't be any windows components in the backups except the setup programs that you have to download anyway. I think if it was WIndows it would show a message; and even if not, I think Windows wouldn't try to erase its own resident partition.

 

Windows did show an "Error loading operating system" message as you said in your first post. I agree it probably wouldn't try to erase its own resident partition though.

What's going on now?

 

I didn't expect anything to show up on the HD diagnosis too, but it's best to check the most obvious things first.
Very strange... It's either a very nasty virus or an ugly corruption somewhere in your backups, causing your complete system to crash. One way or the other, your backups are probably what's causing this. (You always encounter the error when transferring these files). You should try restoring your backups one by one or in small groups and try to determine the bad file. Then afterwards, don't use that specific backup anymore.

I recommend following this procedure: Install windows, use MBRtool on UBCD to backup MBR, install drivers, restore backups.
If your system crashes again, use MBRtool to restore the MBR. Try to boot windows and get to the event viewer (start > run > eventvwr.msc). Look in the system section for errors with source 'System error' and report the full error (right click the error, properties, click the copy button and paste here).

 

Looks like it's working so far....

Trying to use the Windows XP console to repair the MBR and/or boot sectors of the partitions can cause all partitions to disappear under certain conditions, so I did the following (under Linux boot disc wherever possible to avoid MBR loading):

• Assumed both drives were infected by a particularly bad MBR virus
• Move all backups to small drive
• Competely wipe new drive to get cleam MBR, boot sectors, partition table
• Re-create partitions, etc.
• Copy backups to new drive
• Disconnect old drive to isolate them from re-infection by each other
• FIXMBR from WinXP disc on new drive, FIXBOOT on each partition
• Repeat the above a few times, verifying that partitions didn't disappear
• Drive looked good w/ data intact, so I repeated the process with the small temp drive

I was expecting the partitions of the temp drive to disappear due to a partition table damaged by the MBR virus, but apparently it had not damaged the table so badly that a properly executed FIXMBR and FIXBOOT would wipe it out.

I'll drag this thread up again if the problem persists, but I don't expect it to.

Edit: The only errors are a DHCP not assigned properly (ethernet to the TiVo is unplugged at the moment) and an optical drive reading a bad block, probably just a poor quality burn.