BUG? Virus? "MFT and MFT mirror are bad" But NOT TRUE,(maby? Topic is solved

How to use TestDisk to recover lost partition
Forum rules
When asking for technical support:
- Search for posts on the same topic before posting a new question.
- Give clear, specific information in the title of your post.
- Include as many details as you can, MOST POSTS WILL GET ONLY ONE OR TWO ANSWERS.
- Post a follow up with a "Thank you" or "This worked!"
- When you learn something, use that knowledge to HELP ANOTHER USER LATER.
Before posting, please read https://www.cgsecurity.org/testdisk.pdf
Locked
Message
Author
Menso111
Posts: 4
Joined: 30 Dec 2014, 02:30

BUG? Virus? "MFT and MFT mirror are bad" But NOT TRUE,(maby?

#1 Post by Menso111 »

In a number of different disks partition I get the message:."MFT and MFT mirror are bad. Failed to repair them."

Even "Erd commander", started from a cd rom, can not copy anything, nor directory or file, and comes up with a message saying "File system unknown"

But Windows explorer has full access to all of the volumes with supposed damaged MFT. It can copy, read, run, everything, I tried to extract several verry big zip files, also of 7 GB, who certainly are fragmented, and they have been extracted without any crc error ,
I only found a few errors that suggest a damaged MFT: some 2 gb iso file and a zip file
Few errors, but there are certainly!! but most of the data in the volumes is intact, even in very fragmented file.

My fear is that it is a virus that might damage a fraction of the MFT, but not all.

In recent days, the computer boot has slowed down a lot, and yesterday the disc ran a lot for no reason.

Has anyone experienced similar problems?

I backupped all partitions with supposed damaged mft to another didk, but I do not know if the problem is solved because I do not know what it depends on, and I can not even check on all the data, since it is approximately 1.5 TB.

thanks a lot
and a hello to all

Elvis

Menso111
Posts: 4
Joined: 30 Dec 2014, 02:30

Re: BUG? Virus? "MFT and MFT mirror are bad" But NOT TRUE,(m

#2 Post by Menso111 »

Please help, I am desperate

Testdisk says "MFT and MFT mirror are bad. Failed to repair them." in ALL 5 disks connected to my computer.

In these discs I have everything that I made to the computer since 1997, about 20 GB of visual basic source code, some C ++ source code, my html code, all my photos, all the documents I wrote, all setup of my programs, all my working documents. many, many things!

In the last two days I made backup of everything I have on the computer on a disc NOT RECENTLY connected to the computer, to find out at the end of the backup job that testdisk tells me "MFT and MFT mirror are bad. Failed to repair them." Also on the backup disk!

The strangest thing is that I can fully access to all data ALREADY memorized on my computer, but if I create NEW large files, these are written to disk already corrupted.
has been so for zip archives that I created to make backups,.
Not all new archives are saved to disk already corrupt, only those larger, and I think this is a symptom of a damaged MFT:
The larger the file is, more fragmented it is! and requires a healthy MFT.

So I had to make backup 2 times, since I had a lot of compressed folders. Only to discover at the end that the MFT of the backup disk was damaged to.

This behavior concerns for now all disks that are connected to my computer, but not all the partitions on these disks, and the distribution of the volumes with damaged MFT seems to be random.

Even if I format these partitions with damaged mft, Windows creates a new volume with mft already damaged, and this seems very strange.

Currently I can only think of two things:
1) A Testdisk bug (but this does not explain the new files created already corrupt)
2) Or a VIRUS.

Nod32 and Avast antivirus did not report anything!
But I'm almost convinced it is a virus, since I can not explain how can become damaged the MFT of four different disks, plus the backup drive connected via USB.

I think it is important to specify that I'm still using windows xp, and maybe now I understand what it means "End of support", but I would not lose ALL my data


If you have heard similar cases
Please help, any iedea is welcome

Many thanks

Menso111
Posts: 4
Joined: 30 Dec 2014, 02:30

Re: BUG? Virus? "MFT and MFT mirror are bad" But NOT TRUE,(m

#3 Post by Menso111 »

i solved to MY problem.

For anybody face this problem, i SOLVED it.
It IS A VIRUS, that affect dmadmin.exe or one of its driver.
If you have that virus and you are making new partition using "windows disk management" you will create a partition with BAD MFT from the beginning! Becarefully.

For avoid this problem use "partition guru" or "Seagate disk wizard" to create new partition, and that partition will be create with safely mft.

I know only that if in my sistem i try to use "windows disk management" to create new partition, that partition born with bad MFT and MFT mirror. But i can not identify the virus name.
Anyway Avast with euristical engine tell me thet dmadmin.exe is provabily infetted.

This for anybody faces similar problem.
Ciao

User avatar
Fiona
Posts: 2835
Joined: 18 Feb 2012, 17:19
Location: Ludwigsburg/Stuttgart - Germany

Re: BUG? Virus? "MFT and MFT mirror are bad" But NOT TRUE,(m

#4 Post by Fiona »

Thanks for your response!
Your info are highly appreciated!
Did Avast create a protocol providing more info?

Fiona

Menso111
Posts: 4
Joined: 30 Dec 2014, 02:30

Re: BUG? Virus? "MFT and MFT mirror are bad" But NOT TRUE,(m

#5 Post by Menso111 »

The situation is a bit 'complicated:

For many months when i loaded "disk managment" and even when I turned on the computer with the service "Logical Disk Management" in autostart, Avast"real time" protection reported dmadmin.exe as infected by a generic virus ,
Always, at every boot, Avast reported dmadmin.exe as infected and moved it to the virus's trash

But if I did a manual scan of the file dmadmin.exe Avast did not detect anything. Only when dmadmin.exe running Avast always reported a generic virus.

I also downloaded from the Internet different versions of dmadmin.exe, but the situation remained the same: No virus during the scan and generic virus reported during execution.

In my system I have 4 hard drives with user folders like desktop, documents etc. mounted on dedicated partition on separate drive, and for each folder I also have backup partition.
Obviously in this configuration i Need dmadmin.exe. So I always ignored the Avast's warning restoring dmadmin.exe on its original position.

Also I tested different antivirus and can say that some of them have found generic virus while running dmadmin.exe but still ONLY during the execution, if you did a manual scan of the file no antivirus detects anything, and never gave me a name for the virus.

I solved it by creating new partitions with "Partition Guru" and using disk management just to change from time to time the drive letter.

If you give to me a email address io will send you some dmadmin.exe I used, although I think that is not infected, but it becomes while running, possibly because of a driver.
Maby i send you also a cup of involved driver.

Many tahnk
Alvise

Locked