cancel
Showing results for 
Search instead for 
Did you mean: 

Virus and HDD failure: Port 1: SMART detects drive bad, backup and replace.

Swampthing
Level 8
My G74SX which is just over 11 months old is now reporting HDD failures on both E: and F: drives. I figure I'll probably have replace the drive as I am getting a startup error SMART bad drive, replace, Port 1.

Not sure which drive is Port 1 when I open up the bottom, but am looking for recommendations to replace the 750GB drive that is currently there. I presume it has to be 2.5" but not sure if there are other limitations.

I have a strong suspicious that these errors are being caused by a malicious virus which Spybot RD found on my computer and will not eradicate, claiming I am not the Administator. But of course when you check the User Accounts, I am the Administrator.
Here's what SpyBot RD is reporting, and I would appreciate any assistance in getting it off my hard drive.

W3i.IQ5.fraud: [SBI $5ADC6E84] Program directory (Directory, nothing done)
C:\Windows\System32\AI_RecycleBin\
Asus Strix G733QSA-XS99-17.3-Inch Gaming Laptop
GeForce RTX 3080, AMD Ryzen 9 5900HX
360Hz 3ms 17.3” Full HD 1920x1080 IPS-Type Display
Razer Deathadder v2 Mouse
Verizon FiOS: Gigabit connection
20,819 Views
29 REPLIES 29

dstrakele
Level 14
Check out http://www.advancedinstaller.com/forums/viewtopic.php?f=2&t=20527. C:\Windows\System32\AI_RecycleBin\ appears to be a temporary directory created by Advanced Installer. This is a Windows Installer authoring tool, so it may have been used when you chose to install some 3rd Party program to your system, creating that directory durng the installation process.

I suspect you could delete this directory by uninstalling Advanced Installer if it currently exists on your system. If it was left behind as a remnant after uninstallation, you could right-click on the Command Prompt icon and choose "Run as administrator", then attempt to delete it.

Unfortunately, I believe you are experiencing a hardware problem with your HDD, rather than any malware. It can be replaced with any 2.5 inch 750 GB drive. Do check into Warranty replacement of your HDD.

If you remove one HDD and your laptop still boots up, you know you've got the problem drive.
G74SX-A1 - stock hardware - BIOS 202 - 2nd Monitor VISIO VF551XVT

cl-scott
Level 12
While I won't discount the possibility, SMART errors generally originate from monitoring software built into the drive's firmware. So the odds of it being some kind of malware related false-positive seem slim at best.

That's true - it's not a Windows error message.

cl-scott wrote:
SMART errors generally originate from monitoring software built into the drive's firmware.
G74SX-A1 - stock hardware - BIOS 202 - 2nd Monitor VISIO VF551XVT

Shawnnepc
Level 13
Sounds like the current flavor of zeroaccess going around.


Run this: http://www.bleepingcomputer.com/download/rkill/

Download the rkill.com and run it

followed by this:

http://www.bleepingcomputer.com/download/roguekiller/

Let me know if it says Zeroaccess detected

Then this:

http://www.bleepingcomputer.com/download/combofix/

and finally run a full scan of this:

http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/?1
USA ASUS Reseller
http://www.neteffectspc.com

Thanks for the tips! I ran everything as you said, but Rouge Killer stopped 3/4 of the way through and would never finish. I tried a couple times, but it looks like F: may be dead now and that stops it.

Never saw the ZeroAccess thing, but my hosts file did contain a number of entries which I don't think belong.

When I ran SpyBot SD again with "Run as Administrator" I was able to kill the virus and on a second, and third, runthrough, it did not reappear. MalWare never detected the presence of the virus when it was there, nor later... interesting.

But aren't there programs out there like Disk Doctor for Mac that try to repair a volume for you? How about Norton Utilities? Is there a change there is no physical problem with the disk, and that a software repair will work?
Asus Strix G733QSA-XS99-17.3-Inch Gaming Laptop
GeForce RTX 3080, AMD Ryzen 9 5900HX
360Hz 3ms 17.3” Full HD 1920x1080 IPS-Type Display
Razer Deathadder v2 Mouse
Verizon FiOS: Gigabit connection

dstrakele
Level 14
CHKDSK [drive letter] /F /R from the Command Prompt will check your file system for errors and your disk media for bad sectors. You may also need to elevate Command Prompt with "Run as administrator". However, I suspect it may fail on F: just like the Rogue Killer scan.

There is always a chance repair of the file system will resolve your issue, but the S.M.A.R.T. errors point more towards a disk hardware problem. I suspect there are a lot of disk errors reported in your System Event Log as a result of the scan failing to complete.

If it does turn out your HDD is defective, do check out the possibility of Warranty replacement.

As I posted earlier, I believe it is more likely the "AI_RecycleBin" directory was just a false positive from SpyBot SD and not an actual virus, so it is not surprising it would not be detected by MalwareBytes AntiMalware.
G74SX-A1 - stock hardware - BIOS 202 - 2nd Monitor VISIO VF551XVT

dstrakele wrote:
CHKDSK [drive letter] /F /R from the Command Prompt will check your file system for errors and your disk media for bad sectors. You may also need to elevate Command Prompt with "Run as administrator". However, I suspect it may fail on F: just like the Rogue Killer scan.

There is always a chance repair of the file system will resolve your issue, but the S.M.A.R.T. errors point more towards a disk hardware problem. I suspect there are a lot of disk errors reported in your System Event Log as a result of the scan failing to complete.

If it does turn out your HDD is defective, do check out the possibility of Warranty replacement.

As I posted earlier, I believe it is more likely the "AI_RecycleBin" directory was just a false positive from SpyBot SD and not an actual virus, so it is not surprising it would not be detected by MalwareBytes AntiMalware.


There's nothing in Windows that would give you the error he received.

It still sounds like ransomware
USA ASUS Reseller
http://www.neteffectspc.com

Shawnnepc wrote:
There's nothing in Windows that would give you the error he received.

It still sounds like ransomware


Maybe I misread things, but I took it as this error was coming up before Windows loads. In which case, it's a hardware issue and time to back the drive up ASAP and get it replaced. If the error is coming up AFTER Windows loads, then that is a distinct possibility, so getting some program that can check the SMART status of a drive might be in order.

cl-scott wrote:
Maybe I misread things, but I took it as this error was coming up before Windows loads. In which case, it's a hardware issue and time to back the drive up ASAP and get it replaced. If the error is coming up AFTER Windows loads, then that is a distinct possibility, so getting some program that can check the SMART status of a drive might be in order.


.IQ5.fraud is linked to Citadel which is a crimekit that uses Alureon and Zeroaccess.

Zeroaccess is a rootkit that may also trigger S.M.A.R.T errors due to it's installation in the bootsector.

It's strange that it's referencing E: and F: which as per ASUS's strange factory settings may be a partition of the boot drive OR a split partition of the second physical disk.

It's also troubling that RogueKiller didn't finish.

We need more information from the enduser
USA ASUS Reseller
http://www.neteffectspc.com