My laptop 'sploded. Need your help.

[Telemediocrity]

As best I can tell, this is the most appropriate forum to post this question in - I'm getting tech advice from others that I'm not sure is any good, and from what I can tell F13's collective wisdom on hardware is pretty good.

I'm using a Fujitsu Lifebook S6210 laptop, WinXP, 2.something gigahertz, standard stuff.  Hard drive is partitioned into C and D, C being about 30gigs, D being 10.

24 hours ago, I noticed that I could no longer access the D drive.  Clicking on it, it'd tell me that the drive needed to be formatted.  Of course, I hit 'No' to that.  As for properties, it all of a sudden showed 0 out of 0 bytes used, and said the D drive was RAW type instead of FAT32.

Other than that, my PC was working fine.  All the data on my C drive was perfectly accessible and in good, working order.  I tried running Chkdsk on the D drive partition to fix things, but it simply quit due to an 'unspecified error'.

Some hours later, I rebooted.  When I rebooted, my computer wouldn't start, period.  It would give me a partition error, and after enough fiddling I finally got an error message out of it that the boot sector's checksum was overflowing.  Essentially, the boot sector appears corrupted.

And now for "data which may or may not be relevant":

Within 24 hours of this happening to me, my friend with a different style of Fujitsu laptop had the exact same thing happen - corrupt boot sector, couldn't start.  She tried using the reinstall disk to reformat her drive, no such luck.

I'm on a University network.  I have a standard software firewall and antivirus software, but nothing major.  Our university servers (Georgetown) have been under significant hacker attack lately, to the extent that the secret service has been called to campus to investigate.

When talking to Fujitsu tech support, he speculated that I might have come under some kind of attack over the network - the tipoff for him being that my D drive went first.  He said that malicious attacks will target the D partition first because it generally compains the backup data for booting.  Normally I'd be skeptical that such a scenario is the case, but in light of the other two random circumstances above, I figure it's worth mentioning.

Questions:

1.  Is it possible to fix a corrupt boot sector?  Is there any way to fix this without formatting my PC?  Is it likely a recurrent problem that formatting my PC will not fix permanently?  My PC is still under warranty - but sending it away for a month to get it replaced is a rough option when you're in college and papers are coming due.

2.  Is the explanation that there was a malicious attack on my PC in any way plausible?  I haven't been running any weird programs or visiting strange / malwarelicious webpages with low security settings.  AFAIK, my IE was fully patched.

3.  My data's still there, right?  Everyone I talk to tells me my data is still there, but with the last two years of my life stored on that PC, I'm a bit nervous anyhow.  Is the only way for me to get the data off the HD to take it to a data recovery place?  Is there any sort of master/slave arrangement that would allow me to recover the data using someone else's PC?

4.  Is there anything I'm a dunce on that I need to be set straight on so I don't make some stupid mistake?  If there's one thing I know, it's that there's a lot I don't know - especially where hardware is concerned.


Thanks for any help you can offer.

[Trippy]

That doesn't sound so good but here are some things you can try:

• Remove the hard drive from the laptop. Get a 2.5" to 3.5" IDE hard drive adapter or get an external drive case for a 2.5" drive and install the drive on another machine that has AV software that you are willing to possibly sacrifice -- i.e. BACK IT UP FIRST. If the drive mounts, scan it for viruses and then see if you can read any of the data off that drive.

• If the drive mounts and you can read data off of it, then it's probably just the MBR/boot sectors that are bad. In that case reinstall the drive back in your laptop, find a Windows XP CD (presumably one came with your laptop) and boot off of it and go to "Repair" mode and bring up the Recovery Console. You can follow the directions on this page and use the fixboot and/or the fixmbr commands to replace your MBR:
  
  http://support.microsoft.com/?kbid=314058
  
  Make sure you've scanned your drive for boot sector viruses before doing so. If you can't find a Windows XP boot CD-ROM and your laptop has a floppy drive, find somebody in your school that still happens to be running Windows 95/98/Me. Make a DOS bootable floppy disc on that machine boot it on your laptop and run and the fdisk /mbr command (Google on it for details).

• If you can't mount the drive on the other machine you'll need to try and repair the partition tables using something like Norton SystemWorks. Try not to run the built in disc checker in Windows XP (aka "chkdsk") unless it's your absolutely last resort (see my message below).

• If you are getting all sorts of read errors on the disc it may have physically crashed or have accumulated too many damaged sectors. You can try something like Spinrite to try and recover some of that corrupted data if you can't afford to send it off to one of those data recovery services. Spinrite can be very very very slow but it can in many situations recovery data from damaged sectors. I've used it before to pull data off a dying drive.

Edit: reformatted, fixed a few typos

[Trippy]

2.  Is the explanation that there was a malicious attack on my PC in any way plausible?  I haven't been running any weird programs or visiting strange / malwarelicious webpages with low security settings.  AFAIK, my IE was fully patched.

Yes it is. I'm fighting a never ending battle on my father's machine at the university he teaches at which is constantly under attack from other infected machines on the campus network. In situations like that, where everybody's machines can see everybody else's the attack vectors are typically through email and various network services rather than through IE -- e.g. machines that don't have logins, unsecured shares, etc.

4.  Is there anything I'm a dunce on that I need to be set straight on so I don't make some stupid mistake?  If there's one thing I know, it's that there's a lot I don't know - especially where hardware is concerned.

Try not to run the built in disc checker in Windows XP (aka "chkdsk") again unless it's your absolutely last resort. That tool is very crude and can cause more damage than it can fix in situations like these.

[Murgos]

Trippy's advice above was very good.  If you are very careful there are a few more things beyond even what he said that you can do but he hit 95% of what any 'professional' will do for you.

1.  Is it possible to fix a corrupt boot sector?  Is there any way to fix this without formatting my PC?  Is it likely a recurrent problem that formatting my PC will not fix permanently?  My PC is still under warranty - but sending it away for a month to get it replaced is a rough option when you're in college and papers are coming due.

Yes.  Yes, but depending on the cause of the error it may be unrecoverable at all.  Again depending on the cause of the error it could happen again.  My suggestion would be to get your data off the drive if possible and send it in under warranty.  There are many different things that can cause a bad boot sector from the power supply to the motherboard to the hard disk itself and unless the problem WAS caused by a malicious attack you will almost certainly need to replace parts and if you want to avoid catastrophic failure where you cannot recover your data you should plan on getting it serviced sooner rather than later.

2.  Is the explanation that there was a malicious attack on my PC in any way plausible?  I haven't been running any weird programs or visiting strange / malwarelicious webpages with low security settings.  AFAIK, my IE was fully patched.

It's possible, most virus writers don't want to destroy your PC they want to use it without you knowing for thier own purposes.  Then again on a college campus your chances of the problem being the result of some inept attacker just experimenting with what he can do are probably much higher than most.

[Lantyssa]

University networks are horrible for viruses.  Until a few years ago we had a flat network with no subnets.  This was half of a class B network.  Even when we started subnettting we could have up to 500 machines in one network.  It does not take long for such an enviroment to become full of automated viruses, hacked machines, and other problems.  Add in residence halls where students live and IT has no control over the machines and things get even worse...

One of our subnets is so bad that if I plug in a machine that is not fully password protected, firewalled, and running anti-virus it will be infected within 10 seconds.  Without exageration.  We have been a lot more thorough in our department, but with the use of laptops increasing I know things are sneaking through.

[raydeen]

If you are able to slave the drive to another computer I reccomend GetDataBack from Runtime.

http://www.runtime.org/

This proggie pulled my stones out of the fire when I accidentally deleted the partition on a friends 160 GB external drive. I was able to get all his data back (took a while) and he didn't kill me. I recommended it to a friend who's iPod got wiped and it worked for him as well. It comes in two flavors, one for FAT and one for NTFS.

[Strazos]

One of our subnets is so bad that if I plug in a machine that is not fully password protected, firewalled, and running anti-virus it will be infected within 10 seconds.  Without exageration.  We have been a lot more thorough in our department, but with the use of laptops increasing I know things are sneaking through.

Wow. I know, at least at my school, that all of the student lab PCs are "reset" with a network image like, every other week.

People will do some stupid shit on public workstations.

Also....this makes me scared to live on a college campus come this fall (if I go into a graduate). I run a pretty sophisticated software firewall at home (blocks tons of shit, stealth mode, etc), but hearing this makes me fear for my PCs life if I have to plug it into a University network. The closest I have come is FTPing into my network partition from home. 

[Lantyssa]

The subnet I am thinking about is a full college, with many departments.  There are machines used for research, office work, students, and a whole host of uses.  Because they are all either individually owned or belong to specific groups, it is very difficult to do such wipes.  The local IT department is not too keen on going through grumpy professors to make sure they are up to date either.  They have enough work already and from personal experience it is not a pleasant task going through an entire department at once to disinfect, patch, install protections, and turn on auto-updates.  (Groups are fairly autonomous here.  At some universities the IT departments exert a lot more control.)

As long as you patch, use a firewall (even XP's helps), and have current anti-virus you are fairly safe even in a lousy enviroment.  If you will be in residence then get a router, avoid setting your machine as the DMZ, stay patched and you should be just fine.