Need help plz

Using TestDisk to repair the filesystem
Forum rules
When asking for technical support:
- Search for posts on the same topic before posting a new question.
- Give clear, specific information in the title of your post.
- Include as many details as you can, MOST POSTS WILL GET ONLY ONE OR TWO ANSWERS.
- Post a follow up with a "Thank you" or "This worked!"
- When you learn something, use that knowledge to HELP ANOTHER USER LATER.
Before posting, please read https://www.cgsecurity.org/testdisk.pdf
Locked
Message
Author
trebor1980
Posts: 1
Joined: 30 Jul 2014, 22:20

Need help plz

#1 Post by trebor1980 »

TestDisk 6.13, Data Recovery Utility, November 2011
Christophe GRENIER <grenier@cgsecurity.org>
http://www.cgsecurity.org

Disk /dev/sda - 320 GB / 298 GiB - CHS 38913 255 63
Analyse cylinder 17441/38912: 44%


check_FAT: Bad number of sectors per cluster
HFS 754 59 22 1276 101 55 8388610 [~?~?~?M-:D^A]
HFS 232 16 55 754 59 25 8388610 [~?~?~?M-:D^A]
HFS 774 237 35 162551 196 10 2598944898
HFS 995 161 27 999 202 40 66857 [M-6^G]
HFS 991 120 17 995 161 30 66857 [M-6^G]
Warning: Incorrect number of heads/cylinder 4 (FAT) != 255 (HD)
Warning: Incorrect number of sectors per track 17 (FAT) != 63 (HD)
FAT12 2249 81 3 2250 155 14 20739 [NO NAME]
check_FAT: Unusual, only one FAT
check_FAT: Bad number of entries in root dir
NTFS 2428 210 32 2441 146 18 204800
NTFS 2441 146 18 2454 82 4 204800
NTFS 2901 90 55 2914 26 41 204800
NTFS 2914 26 41 2926 217 27 204800


Took a snapshot at 44% done, it''ll be about 5 more hours till its done completly. My problem, other than the obvious, is that I have an infection that survives multiple DBAN nukes and clean install from factory discs. From researching this stuff and running many, many scans i can definatly say its a spyware designed to harvest credit card info. Its causing a minimum of 4 driver conflicts and uses peripheral hardware like usb, vga and sound. I doubt its in bios though it does seem to have midified by battery driver in order to boot alonside it. IDK I'm pretty lame at this stuff. There are also fonts that are a few hundred mb large. MBR.EXE says its mebroot/sinowal/TDL4, but from what i understand that particular infection doesnt change geometry like whats been done - I guess its changed geometry it sure seems like it. I ran Autopsy 3.0.1 on a fresh barebone win7 install and it found some virus's under installed programs an registered 4 partition 2 ntsf and 2 unallocated Anyway I need advice on how to erase the entire drive HPA DCO all of it. Please dont refer me to any forum for help because those forum, as good and usefull as they are, are no help. They rely on scanners that dont pick this up. Any comments will be helpfull whether i take it or not. Thnks.

Locked