Page 1 of 2 12 LastLast
Results 1 to 15 of 21
  1. #1
    Star Lounger
    Join Date
    Aug 2013
    Location
    New Zealand
    Posts
    60
    Thanks
    1
    Thanked 10 Times in 8 Posts

    Active@ Killdisk Issue

    About four days ago I began to see this message on my boot-screen, running Windows 10 build 1511.29. This was the day after my PC was updated to that build.

    433212527.jpg

    Please note the date of the message - July 85th 2015. I have NEVER installed Killdisk, NEVER seen the ascii menu appear ever, and have NEVER used the program. Or to my knowledge, NEVER booted from a hdd/cdrom/usb that had this software installed. On July 28th 2015 ... NOTHING HAPPENED!

    The message appears after the BIOS verifies its data and the "Boot From CDROM:" message appears onscreen, but before the PC shows any "boot" activity - that is, before the blue windows flag appears on the screen.

    PC details below.

    REPETITION FOR EMPHASIS: Killdisk has never been installed on any of my hdds, nor on any USB stick I use; in fact I didn't know it existed until that day. I have not had any other USB stick inserted into this machine except my own which have known software installed.

    I have taken the following steps to diagnose the problem.

    1. Reset Bios to Defaults and rebooted - no change.
    2. Reset Bios to Optimised Defaults and rebooted, no change.
    3. Shorted BIOS according to m/b instructions - turned pc off, disconnected PSU cable, pushed power on button 4 times. No change.
    4. Used Autoruns from SysInternals - no software suggesting Killdisk activity or presence.
    5. Used Process Explorer - nothing suggestive.
    6. Used MSINFO - nothing suggestive.
    7. Tried to find the object ID of the unit reported in the message - 9QFBF565 - not on my PC.
    8. Full scan using Alvira Free - one never knows.
    9. Full scan using Windows Defender - Yes, its "academic-virus-test" test results are poor, but its "real-world" detection rates are very good. Please don't go off-topic about Defender.
    10. Scanned using AntiMalwareBytes Premium Trial. Nothing found.
    11. Manually searched registry for "Active@ Killbits" and "LSoft Technologies" and variants - just in case. Nothing found.
    12. Manually searched every folder under "Program Files" - just to be sure. Nothing found.
    13. Asked the question on a local technical forum - and got the suggestions I've already mentioned.
    14. Manually searched User profiles Roaming and Local App Data folders - nothing.
    15. Emptied Recycle Bin.
    16. Scanned using CCleaner and Glary Utilities - no change.

    Note: I didn't expect to find anything using steps 5, 6, 8, 11 12, 15 and 16, but they're part of the problem solving procedure.

    So I'm almost stuck ...


    My PC Specifications:


    MB: Gigabyte G31M-ES2L (Socket 775) Rev 2
    CPU: Intel Pentium E5300 @ 2.60GHz Core2Due (57 °C) Wolfdale 45nm
    RAM: 4.00GB Dual-Channel DDR2 (5-5-5-15)
    Graphics: 1023MB NVIDIA GeForce GT 610 (EVGA)
    Monitors: SyncMaster (1280x1024@60Hz), SyncMaster (1280x1024@60Hz)
    Optical: PHILIPS SPD2412T ATA Device
    BIOS: Award FC July 2009 - no further updates available from Gigabyte site
    Network: Qualcomm Atheros AR8131 PCI-E Gigabit Ethernet Controller (NDIS 6.30)
    Storage: ST3160815A ATA Device
    ST3320820SCE ATA Device
    ST380013AS ATA Device
    ST3320310CS ATA Device
    WDC WD2500JS-22NCB1 ATA Device
    Audio: NVIDIA High Definition Audio
    AnvSoft Virtual Sound Device
    DrmRAudio
    High Definition Audio Device

    Any help would be gratefully appreciated.

  2. #2
    jwoods
    Guest
    Active@ Killdisk is a disk eraser program that will wipe your hard drive with no possibility of recovery.

    You should be able to uninstall it by going to Control Panel > Programs and Features.

    If that doesn't work, you can try using the free version of GeekUninstaller...

    http://www.geekuninstaller.com/downl...rsion=1.3.4.52
    Last edited by jwoods; 2015-12-15 at 17:24.

  3. #3
    Star Lounger
    Join Date
    Aug 2013
    Location
    New Zealand
    Posts
    60
    Thanks
    1
    Thanked 10 Times in 8 Posts
    Quote Originally Posted by jwoods View Post
    Active@ Killdisk is a disk eraser program that will wipe your hard drive with no possibility of recovery.

    You should be able to uninstall it by going to Control Panel > Programs and Features.

    If that doesn't work, you can try using the free version of GeekUninstaller...

    http://www.geekuninstaller.com/downl...rsion=1.3.4.52

    Thanks for your reply, but it's never been installed, so not in the list of installed programs.

  4. #4
    WS Lounge VIP Coochin's Avatar
    Join Date
    Jun 2014
    Location
    Queensland, Australia
    Posts
    2,154
    Thanks
    31
    Thanked 306 Times in 266 Posts
    Quote Originally Posted by irjc View Post
    Thanks for your reply, but it's never been installed, so not in the list of installed programs.
    Have you checked there isn't a disk in the CD/DVD drive or a bootable USB drive connected?
    Computer Consultant/Technician since 1998 (first PC was Atari 1040STE in 1988).
    Most common computing error is EBKAC: Error Between Keyboard And Chairback
    AMD FX8120 (8-core @ 3.1GHz) CPU, Gigabyte GA-990FXA-D3 motherboard, 8GB (2x4GB) DDR3 1866MHz RAM, ATI-AMD Radeon HD6770 PCI-E VGA, 480GB Kingston SSD, 2TB Seagate SATA3.0 HDD, ASUS DVD/RW.

  5. #5
    Super Moderator satrow's Avatar
    Join Date
    Dec 2009
    Location
    Cardiff, UK
    Posts
    4,486
    Thanks
    284
    Thanked 574 Times in 478 Posts
    It looks like the fingerprint, only available with the Pro version of Killdisk, page# 46 of the manual:

    Write Fingerprint
    If fingerprint has been written to the disk’s first sector, next time you boot
    from this disk, you can see disk erase status,...
    Do you know the complete history of all the drives?

  6. #6
    Star Lounger
    Join Date
    Aug 2013
    Location
    New Zealand
    Posts
    60
    Thanks
    1
    Thanked 10 Times in 8 Posts
    Quote Originally Posted by Coochin View Post
    Have you checked there isn't a disk in the CD/DVD drive or a bootable USB drive connected?
    Yes, nothing lurking there.

  7. #7
    Star Lounger
    Join Date
    Aug 2013
    Location
    New Zealand
    Posts
    60
    Thanks
    1
    Thanked 10 Times in 8 Posts
    Quote Originally Posted by satrow View Post
    It looks like the fingerprint, only available with the Pro version of Killdisk, page# 46 of the manual:

    Do you know the complete history of all the drives?
    Yes, I've had two since new, the other three were purchased used May 2015, but were formatted using Windows Disk Management console before use.

  8. #8
    Star Lounger
    Join Date
    Aug 2013
    Location
    New Zealand
    Posts
    60
    Thanks
    1
    Thanked 10 Times in 8 Posts
    I made a disk image using Macrium Reflect Pro on Nov 11th 2015, which I have just restored to the same hdd.

    Sadly there's no difference to boot. Message still appears.

  9. #9
    Super Moderator satrow's Avatar
    Join Date
    Dec 2009
    Location
    Cardiff, UK
    Posts
    4,486
    Thanks
    284
    Thanked 574 Times in 478 Posts
    Perhaps one of the used drives had killdisk run on it from a machine that had incorrect time/date set.

  10. #10
    Star Lounger
    Join Date
    Aug 2013
    Location
    New Zealand
    Posts
    60
    Thanks
    1
    Thanked 10 Times in 8 Posts
    A different subject, but prior to reinstalling the image mentioned above, my Win10 1511.29 asked to be rebooted after installing updates. I complied, and now my version is 1511.11.

    However, since the message still appears, perhaps the fingerprint was saved to the hidden windows partition?

    I can almost rule out this KillDisk message being present when the image was compiled, as I hadn't seen it before this week. Interesting.

  11. #11
    Super Moderator satrow's Avatar
    Join Date
    Dec 2009
    Location
    Cardiff, UK
    Posts
    4,486
    Thanks
    284
    Thanked 574 Times in 478 Posts
    Perhaps you weren't seeing it, a matter of timing - it looks like it displays sometime after the disk detection routine - something, perhaps the disk order, is different now, the Killdisk disk is booting earlier?

  12. #12
    Star Lounger
    Join Date
    Aug 2013
    Location
    New Zealand
    Posts
    60
    Thanks
    1
    Thanked 10 Times in 8 Posts
    Quote Originally Posted by satrow View Post
    Perhaps one of the used drives had killdisk run on it from a machine that had incorrect time/date set.
    I know it's possible, but both were purchased from a reputable shop with a statement about being formatted and zeroed prior to sale. I can't imagine how the ID in the message came about, because I can't find it anywhere, and presumably KillDisk uses the disk's ID as opposed to one that it makes up on use.

    What surprises me is the message hasn't appeared until this week, and yet apparently is a notification of activity in July. And I haven't "played" with my hdds since they were installed. Just partitioned, formatted them, then used them.

    I know it's like a duck - looks like, smells like, walks like, flys like, eats like .... so I guess it's a duck. But I haven't installed it, haven't had any strange messages like the program's ascii menu - it's really obvious - and I haven't used any other usb drives except my own. And those don't get loaned out.

    However, this is the duck bit; software doesn't run by itself, so even knowing my own usage and being convinced I haven't introduced it; I'm at a loss to explain how it got there.

    I've has some "malware" warnings from Defender, which have been quarantined, but since I didn't investigate the type I can't suggest that's how this message got onto my hard disk. Think I'll pass that one.

    So now the problem becomes, how to get rid of the thing?

  13. #13
    Star Lounger
    Join Date
    Aug 2013
    Location
    New Zealand
    Posts
    60
    Thanks
    1
    Thanked 10 Times in 8 Posts
    I've only got one disk that has an active boot sector, and that's C: I've tested booting to other drives, but get the error message No OS Installed.

  14. #14
    Super Moderator satrow's Avatar
    Join Date
    Dec 2009
    Location
    Cardiff, UK
    Posts
    4,486
    Thanks
    284
    Thanked 574 Times in 478 Posts
    The active bootsector/bootable drive issue is irrelevant here. Killdisk will plant this fingerprint on any drive that it's been set to. The Killdisk software isn't installed or running, the fingerprint displays only after the disk has been detected by the BIOS routine - note how it replaces the BIOS data.

    Contact the vendor of the drives, it's almost certainly something they've done, probably from a machine built from recovered parts that they use for basic testing that they hadn't set the date/time correctly on.

    It's probably triggered by something in the MBR, or in the next sector that the MBR points to.

    Try using TestDisk (download link ~5 lines down) to view the MBR, compare it with the non-bootable new drive.

  15. #15
    5 Star Lounger
    Join Date
    Oct 2013
    Location
    Phoenix, AZ
    Posts
    926
    Thanks
    554
    Thanked 137 Times in 128 Posts
    Remove all but the boot drive. Still there?

    If no, add one drive back at a time until you identify which drive it is on.

    Kill ALL partitions and then repartition and quick reformat the drive. I'm assuming these are used drives cleaned up since new ones don't come partitioned and "formatted." The vendor probably used killdisk to clean up the drive and didn't realize a piece of the app remained.
    Last edited by Fascist Nation; 2015-12-16 at 15:24.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •