Unknown MBR Code on External Seagate

I'm not sure i'm in the correct forum, but i have had a similar problem a while back that was addressed in this specific forum. If i'm not in the right room then can someone please direct me to the correct forum?

The problem
I've recently purchased a 3TB external Seagate HDD. I use the drive to store back up images and documents. When trying to delete a text file yesterday afternoon i saw an error message saying the file "was corrupted or unreadable and could not be deleted". i was able to remove everything i wanted to save from the external HDD and proceeded to reformat but was unable to do so and received a message saying "windows was unable to do so".

I decided to give MBRcheck.exe a chance as i recall using the scan a few months back to determine if the MBR was correct and the results showed that there was an unknown MBR code for this drive. i went ahead and ran TDSSkiller as well, just to be safe and it resulted in one medium risk file that was locked. i proceed to send to quarantine.

Is this a virus/malware issue or a hardware problem? If malware then i will follow through with the instructions and house cleaning, but i wanted to make sure i was in the right forum before i asked for guidance.

Thanks

 

If you suspect malware, you're in the correct area to get help

The first thing to try to rule out is hardware, if it's faulty then you'll have problems accessing the drive to check for malware. Try another USB, SATA or Firewire cable (whichever yours uses) and try the drive connected to a different port at the rear of the PC or to a different PC that is clean and fully secured with updated Antivirus.

I'm sure the experts here will be along later to give you further instructions on checking for malware.

 

i guess it's better to be safe and rule out malware.

i have tried plugging the drive in 4 different USB ports on my PC, but am still left with the problem.

 

This sounds like a hardware problem to me too.

As satrow suggested:

I would also recommend doing this first.

Also be careful on what you are quarantining with TDSSKiller, usually these locked or unsigned files are not malware problems but rather drivers that are not digitally signed by Microsoft that are used for other software you may have installed on system.

 

should i use MBRcheck.exe on a 2nd pc with problematic hard drive attached?

 

1. i ran mbrcheck.exe with external hdd in different port on this pc and had the same unknown mbr code.

2. i ran mbrcheck.exe on a different pc and had the same result.

both logs are attached below.

 

I thought you said the external device was not recognizable via USB?

Are you still unable to format the external device?

 

1. when i tried to delete a text document saved on this external drive it said the file was "corrupted and unreadable."

2. i then tried to reformat the drive and it said "windows could not perform the task."

3. i ran mrbcheck.exe and found that this drive had an "unknown mbr code."

4. i followed the directions and connected the external drive into a different usb port on my computer and ran tried to delete the same corrupted text document and incurred the same error. i then ran mbrcheck.exe a second time and resulted with the same unknown mbr code.

5. i connected the external to a 2nd pc and tried to delete the corrupted text document and i received the same error as stated in #1.

6. i ran MBRcheck.exe on 2nd pc and still got an unknown mbr code.

Both MBR logs from #4 and 6 were posted and the drive has always been recognizable via usb.

7. I connected the external drive back to the original pc and was able to reformat the drive and it erased the corrupted text document, but I'm still stuck with an unknown MBR code.

What does the unknown MBR code refer to and is it a problem?

 

In your case, it is not a problem. In most cases, if the MBR was actually infected, you wouldn't even have been able to run a tool like TDSSKiller which scans for an infected MBR.

Unknown MBR does not necessarily mean infected. These tools are designed mostly to determine whether internal drives are infected -- not external drives. Many external drives will get flagged with an "Unknown MBR" as has been the case many times, even when the user is not experiencing any malware problems at all.

The symptoms you have described sounds like data corruption on the external drive. This is probably due to you or whoever uses this external device not properly ejecting it after each use.

Are you following proper procedures when ejecting your USB devices?

If not, I would recommend reading: When Should You Properly “Eject” Your Thumb Drive?

 

i will make sure to eject correctly and see if this problem continues. thank you for the link.

 

You're welcome