chkdsk problems

Radoman · #33 12-31-2007, 02:07 AM

Hi all,
New to the forum. Found you guys by this problem. I am a fairly experienced tech and I have dug very deeply into this problem. I would love to hear if anyone knows anything new about this one.

This appears to be some type of virus or rootkit to me. I lean towards rootkit because the machine that was affected had significant antivirus running and was updated. Subsequent virus scans have shown nothing.

Bios was set to stay off after power failure, came back and the machine sat at the logon screen like it had reset. It never ran the same after that. This leads me to suspect some type of malware/rootkit as that kind of thing often resets the machine after it's done.

The symptoms: You run CHKDSK on your system drive from Dos, and it reports errors. You run it at next boot with the /f parameter set and it completes OK, but when you run it from dos again, you still get errors. Ad infineum.

This is NOT a hardware issue. I have imaged the system to a completely different hard drive, and it still exhibits the same behavior. Hook the drive up as slave, zero CHKDSK errors. Hook the drive up as master, and permanent Dos CHKDSK errors.

Specifically the malware seems to target disc operations of just about any kind. Nero in particular is suddenly buggy, but even floppy access seems affected with read/write errors. File copys are also hampered. They will "complete", but the timer never stops, and will freeze at ten seconds remaining, even though I can see the file has completed.

Multiple scans with hard drive manufacturers software shows no physical defects, but errors continue. Alternate disk utilities also show no defects, but CHKDSK errors continue. As I've said, I have even copied the drive to another and STILL get the same errors, so this is a Windows problem, not a hardware issue.

It must hide itself well within the system volume information, or some place equally inaccessible/undeleteable. No antivirus software that I have tried can see any problem.

The only other possible solution I can think of is that Acronis may have screwed something up somehow, but I only saw one other person in the thread mention that program. Anybody else having this problem use Acronis stuff too? I mean it is suspect, as it's a disk utility that has access to alot of this stuff. However everybody uses it so it's not necessarily such a big coincidence for two of us in the thread to use it. If you use it too and are having these type of problems, please say so.

Any feedback is greatly appreciated.

The solution? Unknown so far......