Hacked...i Think..

…well there goes the entire music drive…

it has all the symptoms of someone penetrating my laughable defences and maliciously targetting only the important stuff…

long story short, does anyone know of anything to recover f***ed partitions?

I have a backup from two weeks ago, but alot can happen in two weeks…basically the drive was split in three, 1st partition for OS, 2nd for games and general data, 3rd for ALL my music shit…the PC died in the ass (looked very virus induced from all the little ways in which it died, also considering it is a brand new PC…)so I formatted the OS partition, and somewhere in the process of doing this my music partition was dubbed unreadable…and even stranger it reads as “healthy” in the partition information screen with all the correct attributes, but in normal windows properties it is a 0kb capacity drive and innaccessible… Is there any utilities that might be able to help? I dont care if I have to spend money on this one…

dont write anything to the drive whatsoever!

i had problem with xp not recognizing my partitions once, try an get knoppix, http://www.knoppix.org/ boot in to it, it will autoconfigure itself an your drives will be listed on the desktop. you should be able to automount the drives by just double clicking on them.
if not right click an mount them that way.

(this way you dont have to mess with the console, yet)

you should see your partition and its contents if everything works well.

after that you have a few options. you can either copy the contents to another drive, ftp or use samba to copy them over a local network, or burn them.

this is a mswindowless way of doing things, im no good with ms way of doing things!

hope it helps.

been there, done that.

sort of. on the one hand you can recreate the partition table using linux fdisk using knoppix as mentioned above. on the other hand there are some commercial recovery tools which will recover your files by doing a track by track scan of the harddisik.

The first method requires you to exactly know the partition metrics, since this is very unlikely i will try one of those recovery tools. I had good expericence with onTrack Easy Recovery (formerly tiramisu). The demo version can scan your HD and tell you if it can restore the data.


You can also try the free TestDisk tool which should be capable of restoring your partition table, even if its empty. BUT! before you do that backup your physical data first. to do that boot linux get a fresh hd, create a fat32 or any other linux write supported partition on that one and dd your old harddisk into a file-image:

dd if=/dev/hdX of=/mnt/backupDisk/hd_image.bin

if you want to see the progress of this action, you can use mbuffer (if installed) and pipe the data through it, something like that:

dd if=/dev/hdX | mbuffer -PARAMS > /mnt/backupDisk/hd_image.bin

TestDisk (among some other tools) is available here:


This will take a while.

I hope i could help


Excellent post pulsar! I’ve used Testdisk some time ago, to successfully restore lost partitions from a friends harddisk. You mentioned the commandline for making a backup, what’s the command for restoring?


dd if=/mnt/backups/hd_image.bin of=/dev/hdX


edit: using compression for this step might save a lot of hd-space btw, it should work like this:

backup: dd if=/dev/hdX | gzip -c > /mnt/backup/…
restore: cat /mnt/backup/… | gzip -cd > /dev/hdX

Thanks! :)

Linux is just mystery for me, haven’t used it much. Btw: The Testdisk program is also on the Knoppix CD, but i was unable to use it from there, cause it complained about not being able to access the harddisk, not sure what the solutution is.

I havent had any net access for a few days so I missed that excellent post before I acted on things…but nonetheless got it working. Friend from work lent a hand and got me a copy of norton utilities, and this recognised it and re-mounted. To prevent anything like this happening again, I’ve gone overkill. Bought an extra hard drive and set up two of them in RAID-1, all my music stuff resides therein now. I feel a bit safer :)