Finally Back, Serious PC Questions (Off-Topic)
by Morpheus 
, High Charity, Tuesday, February 07, 2017, 17:59 (2634 days ago)
It's been two long arduous months and my computer has finally been returned to me. I suffered through the worst customer experience of my life, and I have to pull everything together once again. I had to take my computer back to this worthless technician five times, each with the same problem. The symptom was the same each visit, but the cause always seemed to be something off the top of his head; he certainly made a point to openly blame me every single step of the way, accusing me of everything from downloading pirated content to singlehandedly dismantling my own computer to break it intentionally just to get free service.
Long story short, he eventually 'discovered' the real reason for my 1962: He claims that one of the programs I downloaded/installed had a virus that "knocked the drive out" and caused it to crash. Now yes, I am aware I had a lot of programs installed, but most of them(i.e. Steam Games, Microsoft Store, software websites) were direct, from trusted sites and not from 3rd-party mirrors. Anyway, he told me that the virus was embedded in one of my programs, and he didn't know which. He also told me that no virus scanner could find it, "being so deeply buried, even Microsoft wouldn't be able to find it".
I told him I have a copy of all my application setups on my external hard drive, and asked him why the virus wouldn't attack the external hard drives, and he said the virus would know the difference and would not activate until installed on an actual computer. He basically said the only way I could find out which program has a virus is after the virus attacks and destroys my computer again.
What he said seemed to make some sense, but then again this guy is a crook. What doesn't make sense is that out of all the programs I've installed over so many years and so many computers, I've never had a problem with any of them--I'm about 65% sure I didn't install any programs between November and December, when I first started getting these messages.
So is it true?
1) Can a virus differentiate between an external hard drive and an internal one and know when to strike?
2)Can nothing stop--or at least find--something like this??
3) Is it possible for a virus to have a "scheduled release"? Maybe something I installed a long time ago and only started attacking recently?
4) Can a virus really wipe out a whole operating system, and why?
5)Most importantly, is there really no other way to find out the identity/location of the virus than play Minesweeper with my applications and guarantee another two week billion dollar service by someone else?
Finally Back, Serious PC Questions
by slycrel 
, Tuesday, February 07, 2017, 18:24 (2634 days ago) @ Morpheus
It's been two long arduous months and my computer has finally been returned to me. I suffered through the worst customer experience of my life, and I have to pull everything together once again. I had to take my computer back to this worthless technician five times, each with the same problem. The symptom was the same each visit, but the cause always seemed to be something off the top of his head; he certainly made a point to openly blame me every single step of the way, accusing me of everything from downloading pirated content to singlehandedly dismantling my own computer to break it intentionally just to get free service.
Long story short, he eventually 'discovered' the real reason for my 1962: He claims that one of the programs I downloaded/installed had a virus that "knocked the drive out" and caused it to crash. Now yes, I am aware I had a lot of programs installed, but most of them(i.e. Steam Games, Microsoft Store, software websites) were direct, from trusted sites and not from 3rd-party mirrors. Anyway, he told me that the virus was embedded in one of my programs, and he didn't know which. He also told me that no virus scanner could find it, "being so deeply buried, even Microsoft wouldn't be able to find it".
I told him I have a copy of all my application setups on my external hard drive, and asked him why the virus wouldn't attack the external hard drives, and he said the virus would know the difference and would not activate until installed on an actual computer. He basically said the only way I could find out which program has a virus is after the virus attacks and destroys my computer again.
What he said seemed to make some sense, but then again this guy is a crook. What doesn't make sense is that out of all the programs I've installed over so many years and so many computers, I've never had a problem with any of them--I'm about 65% sure I didn't install any programs between November and December, when I first started getting these messages.
So is it true?
1) Can a virus differentiate between an external hard drive and an internal one and know when to strike?
2)Can nothing stop--or at least find--something like this??
3) Is it possible for a virus to have a "scheduled release"? Maybe something I installed a long time ago and only started attacking recently?
4) Can a virus really wipe out a whole operating system, and why?
5)Most importantly, is there really no other way to find out the identity/location of the virus than play Minesweeper with my applications and guarantee another two week billion dollar service by someone else?
Short answer is yes, pretty much all of those are true. :(
#1 -- yes, because your computer's OS can. a virus doesn't have to write this functionality (though it can), it can piggyback on existing functionality to do this.
#2 is the most controversial one in your list. There are various ways viruses hide, and the only real way for a virus checking program to be sure is to find pre-existing patterns. There are always new ways to hide and new vectors of attack, so for a time at least, viruses can go undetected. So the more common (and more destructive) the virus, the more likely it can be caught and quarantined.
#3 is definitely a thing. Think of the "malware" that threatens to encrypt your HDD unless you pay someone off. That's essentially a timed virus. A virus is just like any other computer program -- it can be written to do all sorts of things, including check the time and date. Either via the internet or, more likely, your system clock.
#4 is an absolutely yes. It can go even further, and make hardware unusable. Your operating system is jsut a framework of programs that give better "context" and functionality to other programs. So, for the same reason that a text editor can load and save files on a HDD, a virus can use the same kinds of system calls to get that job done. But back to your question, if the data or files that the operating system needs in order to run properly get mangled, erased, or otherwise corrupted by a virus then you can potentially not run your OS properly. Your HDD, motherboard and other components often also have their own mini-harddrive like storage that they use to run themselves off of. A virus can hide in those or corrupt them as well, potentially making them expensive paperweights.
#5 gets kind of back to #2 -- it dpeends on the virus and what it does. The worst kind inject themselves into other kinds of files (or even spread across multiple files) and can lay dormant until those files are accessed and the virus gets activated. I've heard of some viruses using "bad sectors" on the HDD to hide information in as well. So if you know what virus you're looking for and what it does then yes, you can go after it. But some of the worst adapt themselves to your system so there is no easy way to say "look here, here and here for the virus". You can keep paying someone to keep digging, but it becomes a matter of diminishing returns at that point.
It's a little like identity theft -- the system is built to assume trust, and once it's broken it's hard to get everything back to "trusted" status again.
Sounds painful, I hope you got everything you need back...!
Note that even if it's plausible...
by slycrel , Wednesday, February 08, 2017, 07:25 (2633 days ago) @ slycrel
...the guy could be using his tech knowledge to lie to you. I'm not saying he's right, just that those aren't made up BS excuses... under the right conditions and circumstances. :/
Finally Back, Serious PC Questions
by Ragashingo , Official DBO Cryptarch, Tuesday, February 07, 2017, 18:32 (2634 days ago) @ Morpheus
So is it true?
1) Can a virus differentiate between an external hard drive and an internal one and know when to strike?
Sure. I've had legitimate programs tell me that they don't want to or can't run on an external drive. If a program on the up and up can detect that sort of thing surely a virus can.
2)Can nothing stop--or at least find--something like this??
Depends on what virus you have. Maybe you have Stuxnet, for instance. That one is pretty tricky to stop...
3) Is it possible for a virus to have a "scheduled release"? Maybe something I installed a long time ago and only started attacking recently?
Absolutely. Sometimes viruses hide for a while so big company backup systems will back them up. That way when they do activate, restoring from a backup is useless because all the backups for the past three months are infected too.
4) Can a virus really wipe out a whole operating system, and why?
Yes. Operating systems are just files. Viruses can delete and damage files. Some viruses will delete the part of your file system that tells the computer where all your files are. Other viruses might just encrypt your files then make you pay a ton of money to get the key that unlocks them.
5)Most importantly, is there really no other way to find out the identity/location of the virus than play Minesweeper with my applications and guarantee another two week billion dollar service by someone else?
Try Geek Squad.
Finally Back, Serious PC Questions
by EffortlessFury , Tuesday, February 07, 2017, 20:01 (2634 days ago) @ Ragashingo
Try Geek Squad.
I used to work at Geek Squad and as far as quality goes, it's hit or miss by store location, but at least in my experience we do want to help the customer as best as possible.
If you do want Geek Squad to help out, I recommend the Tech Support package. It covers up to 3 computers (any origin, even self built) for up to a year and includes a paid anti-virus of your choice (of the few they offer). It allows you most of their services, including virus scanning and hardware diagnostics (both run from outside your OS environment) as well dusting service and remote support both telephone and remote controlled. </SalesPitch>
I tell you all this now because you might trust someone from a common internet space who no longer benefits from your business there. It's usually worth it, just try to suss out the quality of the techs working at your location from a gut instinct level first. If they seem entirely incompetent it might not be worth it. Overall, the cost of having them do a full sweep and diag on one PC is near the cost of the full year of unlimited use of their covered services for 3 computers.
Finally Back, Serious PC Questions
by Blackt1g3r , Login is from an untrusted domain in MN, Tuesday, February 07, 2017, 19:32 (2634 days ago) @ Morpheus
While all of that is certainly possible, it sounds to me like the guy is making stuff up.
Finally Back, Serious PC Questions
This. Is it possible you've been attacked by an unknown virus no anti-virus program can detect, and erases everything as ransom ware but forgot to ask for ransom ... yeah. Is it probable? Nope. I mean why would I do that to you ? You're not a high value target or gateway to delicious corporate espionage (are you?) or government secrets (right?) so you're really only going to be facing the same kinds of problems as everyone else. That anti-virus programs are pretty solid at finding.
Undetectable means very expensive or very new. Odds pretty long against you running into either.
Can't find original post, what messages were you getting?
by Pyromancy , discovering fire every week, Wednesday, February 08, 2017, 05:18 (2634 days ago) @ Morpheus
- No text -
Can't find original post, what messages were you getting?
by Morpheus , High Charity, Wednesday, February 08, 2017, 18:08 (2633 days ago) @ Pyromancy
If you mean error messages, I first got the 1962 error(no OS found) maybe a couple times in November. However, pressing C+A+D always fixed it, so I figured it was just a startup glitch or dust in the computer or something. Then in December, I got an actual light blue screen with Unmountable Boot Volume and it didn't work at all. That's when I took it in. Took him two weeks, he "fixed it", then three days later the same thing. He said I backed up too much data, and asked me to delete it. I removed everything non-essential(still got the UBV) and sent it again. He claimed I deleted one of the files needed for the OS, which was a lie of course. On the final visit, I got another error message, but it came and went so fast I couldn't read it; but it had the word Kernal in the message somewhere.
So far, I've only installed iTunes, Firefox, WinRAR, Flash and MP3Direct. No virus yet, thank god--but I still have to install at least an editing program for my work.
Any chance it's a HD fault?
by ZackDark , Not behind you. NO! Don't look., Wednesday, February 08, 2017, 18:34 (2633 days ago) @ Morpheus
I don't really remember if you considered that in the other thread, but it all sounds like your HD is dying, though admittedly slower than I'm used to.
Any chance it's a HD fault?
by Morpheus , High Charity, Thursday, February 09, 2017, 01:34 (2633 days ago) @ ZackDark
That actually is a possibility, the computer's almost 10 years old...hopefully that would be the actual case, and not a virus that I can't stop!
I have a new drive regardless, but that does make me breathe a little easier.
Any chance it's a HD fault?
by Pyromancy , discovering fire every week, Thursday, February 09, 2017, 14:58 (2632 days ago) @ Morpheus
That actually is a possibility, the computer's almost 10 years old...hopefully that would be the actual case, and not a virus that I can't stop!
I have a new drive regardless, but that does make me breathe a little easier.
Yeah, it sounds like a HDD issue. Do you still have the old drive, or did it go to the big scrap pile in the sky? If you still have it you could experiment with it. Run it with a repair disk, try to restore registry files, try to fix the Master Boot Record, etc.
Side note; A few years back I ran across an awesome Malware remover and also a separate registry file restorer that you can run pre-start up on a bootable USB drive. These are amazingly useful for bypassing and fixing a low level issue that won't allow the computer or OS to start up.
Based on everything you've shared it sounds like it was very likely NOT a virus.
If you see this return and happen again on the new drive, try replacing the SATA cable. If it is a cheaply made cable and has a right angle connector, those tend to begin to fail right at the base of the connector.
Any chance it's a HD fault?
by dogcow , Hiding from Bob, in the vent core., Thursday, February 09, 2017, 15:03 (2632 days ago) @ Pyromancy
That actually is a possibility, the computer's almost 10 years old...hopefully that would be the actual case, and not a virus that I can't stop!
I have a new drive regardless, but that does make me breathe a little easier.
Yeah, it sounds like a HDD issue. Do you still have the old drive, or did it go to the big scrap pile in the sky? If you still have it you could experiment with it. Run it with a repair disk, try to restore registry files, try to fix the Master Boot Record, etc.Based on everything you've shared it sounds like it was very likely NOT a virus.
If you see this return and happen again on the new drive, try replacing the SATA cable. If it is a cheaply made cable and has a right angle connector, those tend to begin to fail right at the base of the connector.
This. I've heard stories of bad SATA cables causing 1962 errors. I wouldn't be surprised if it ended up being some intermittent failure of a piece of hardware. SATA cable, HDD, or even a bad/failing solder job on a connector.
Any chance it's a HD fault?
by Morpheus , High Charity, Thursday, February 09, 2017, 15:56 (2632 days ago) @ Pyromancy
Yeah, it sounds like a HDD issue. Do you still have the old drive, or did it go to the big scrap pile in the sky? If you still have it you could experiment with it. Run it with a repair disk, try to restore registry files, try to fix the Master Boot Record, etc.
I have it, but it was removed from the computer. I'm pretty sure the guy held everything back from throwing it at me. I have it in a little box to keep it from dusting. I plan on doing...something with it, I don't know. Maybe I can get it fixed. Eh...
Any chance it's a HD fault?
by stabbim , Des Moines, IA, USA, Thursday, February 09, 2017, 17:16 (2632 days ago) @ Morpheus
TBH, after reading your post above Zack's, I think his theory is the most likely scenario. A "No OS found" message typically comes from the motherboard itself, and indicates that it couldn't find a hard disk with a bootable partition. If you press Ctrl+Alt+Del and it starts up OK without you doing anything else, then that would indicate the hard drive failed to become available on the first attempt, but succeeded on the second. That screams "failing drive" to me.
There is some slim chance of it being the motherboard or power supply as well, but the hard drive is the most likely culprit.
All the stuff in my initial replay is still true, and, I think, makes for highly entertaining reading! :P
By the way, if your PC really is 10 years old, you might want to stop paying people to work on it. You can get PCs for $200-$500 right now that would blow anything from 10 years ago (even a high-end machine) out of the water, and I'm betting your expenses from this incident are already into that range.
Finally Back, Serious PC Questions
if most of your purchases are on steam/microsoft store, then just re-download them. If any of your software came on a disc, reinstall from the disc then download updates for them.
Finally Back, Serious PC Questions
by Morpheus , High Charity, Wednesday, February 08, 2017, 18:11 (2633 days ago) @ Schedonnardus
if most of your purchases are on steam/microsoft store, then just re-download them. If any of your software came on a disc, reinstall from the disc then download updates for them.
Yeah, I'm in the process of doing that, but the technician claims the virus likely came from one of the games, and I need to contact Steam/Microsoft support to see if that's possible first. It doesn't make any sense, but then again none of this does.
Finally Back, Serious PC Questions
by stabbim , Des Moines, IA, USA, Thursday, February 09, 2017, 17:05 (2632 days ago) @ Morpheus
So is it true?
1) Can a virus differentiate between an external hard drive and an internal one and know when to strike?
TBH, this is probably the wrong question. I think that either the technician explained it badly, or you mangled his explanation. I believe what he was trying to get at (assuming he isn't just plain crazy) was that those stored copies of programs on your external drive are not actually RUNNING. The thing to understand is that files on a drive are JUST files, until they are executed. If you are not actually browsing to the external drive and running the programs from that location, then those files are most likely not doing anything.
It's not a question of the virus actively thinking "am I on an internal or external drive" and then making a decision about whether to execute an attack. It's simply a matter of whether it ever runs in the first place.
2)Can nothing stop--or at least find--something like this??
Others have sort of already covered it, but the answer is along the lines of "maybe" or "eventually." There is no magic identifier to say whether content is good or bad. Antivirus programs identify things based on known patterns, and if something hasn't been seen before and identified as a malicious actor, then no, they probably won't identify it. There is a concept known as "heuristics" where they will try to identify software that behaves in a suspicious matter, but that's still just pattern matching. Based on behavior rather than specific content, but still kind of relying on known quantities.
3) Is it possible for a virus to have a "scheduled release"? Maybe something I installed a long time ago and only started attacking recently?
Of course it's possible. I mean, your computer does know the current date, doesn't it? That being said, it's not usually how things work. It's more likely that you simply didn't execute a given file until recently.
An alternative explanation is that it wasn't actually from any pirated software. You may have gotten infected through some other vector such as an email attachment or a compromised website (compromised ads are a thing, too), and the technician simply saw some illegitimate software and ASSUMED that was the source, because it's a common vector.
4) Can a virus really wipe out a whole operating system, and why?
Yes, of course. The "can" part is kind of a silly question, no offense. I mean, anything that can write data to the hard disk can potentially damage files. The more significant question is "why," and the answer there is that it's usually not intentional. The thing from 80's movies where a big skull comes up on the screen and your computer dies doesn't really happen, mostly. Most malicious software is designed to either steal information (passwords, account numbers, etc.) or to take over the affected PC in such a way that it can be given instructions remotely - these are the "botnets" you hear about, comprised of many infected machines, which are collectively used to DDoS various services (among many other tasks, that's just a well-known example). So, as you can imagine, the people making these things do NOT want your PC to stop running. The ideal scenario for them is that the PC continues to run, continues to be connected to the internet, and (in the case of keylogging/information siphoning) even continues to be used. Typically when a virus causes a PC to stop working, it was an accident. The software was probably trying to modify the system, either to hide itself or simply to accomplish whatever purpose it has, and the author simply failed to account for some particular condition present on that machine. Odd as this may sound, virus authors aren't as concerned about damaging PCs as legit software companies, and as a result, their quality control sometimes isn't as good. :P
The partial exception here is a relatively new breed known as "ransomware." These things encrypt your files. If you're not familiar with encryption, it basically means they're scrambled in such a way that they can't be opened without decryption software and a specific key. They then demand a ransom payment in exchange for the decryption instructions (and key). I say that this is a partial exception because they aren't intended to actually stop the PC from running. They still want the OS to generally run, so that you can get to a point where you SEE that your files won't open, and can read their ransom demands (which are typically placed in the same folder as encrypted files). For this reason, ransomware typically only targets certain file extensions which are commonly used for information people might find important (or of sentimental value - think family photos), but are NOT critical for the system to operate - .JPG, .DOCX, .PDF, etc.
5)Most importantly, is there really no other way to find out the identity/location of the virus than play Minesweeper with my applications and guarantee another two week billion dollar service by someone else?
What is the current status of your PC? Is it running? If so, I would simply let it run for a few weeks without installing anything that isn't a KNOWN OK program straight from the manufacturer, and don't execute any programs stored on the external drives. I know it might be hard to do without some things, but just go with it. Periodically scan your external drives with Malwarebytes. If there is something new out in the wild, that will probably eventually be updated to find it. Of course, not having inspected your PC myself, I can't verify whether there actually WAS a virus. Also, make a backup of your PC in its CURRENT state. I don't mean manually copy files to an external drive, I mean a proper system image backup, that stores the EXACT drive contents. Keep that backup disconnected when not in use. The intention here is that if something does go wrong later, you could put the PC back to a working state with relatively little effort.