AdSense

Search Meh!

Amz 2

Sunday, September 29, 2013

I/O Device Error, Raxco's PerfectDisk's Optiwrite, Microsoft's Windows Task Scheduler Not Running with Disk Defragmenter and BitCoin Miner

The problem is when I wanted to copy 'specific' and I mean 'specific' files, I encounter I/O device error. For some reason, a majority of the files (like 99%) of them are image files. The only one that wasn't an image file was a Warcraft III replay - DotA replay to be exact. Luckily I have backups for them except for album covers so I had no choice but to delete them :( . The weird thing about these corrupted files (let's call them that shall we) is that they are still there but can't be opened (for the images at least). Trying to will cause Windows Photo Viewer to hang. Even previewing the images in thumbnail causes COM surrogate(a Windows only program used to...) to crash. What's even weirder and a pain in the *** is that the album covers that I had to delete were, to put it simply, time-consuming. I just used Windows default errr trash manager to remove them but each attempt to delete the corrupted images took waaaaaaaaaaaayy longer than usual. One of them even caused the 'trash manager' to encounter an error:


And yes, there are plenty of these files. Wondering how I found them? Through TeraCopy of course! The first few images were more time-consuming since I have to repeatedly attempt copy of these files. When TeraCopy stops abruptly then I got my answer. Luckily only that Warcraft III replay was unique among the corrupted. The easiest to find was the albu covers. After finding 2-3 image files named 'cover' to be corrupted(which made the correlation that most, if not all, of the corrupted are named so), I simply search my music collection to find the rest. And luckily it worked:








As for what caused this in the first place? I suspect Raxco's PerfectDisk 12.5's OptiWrite. According to their statement, OptiWrite prevents fragmentation of files from happening in the background during - I/O - operations. This is JUST a suspicion but to play safe I avoided it.



The next problem solved was regarding Task Scheduler and its interconnected service, Disk Defragmenter (Windows). Since my previous defragmenter was a likely cause of the aforementioned problem, just using Windows's default one should be enough. But at last, another issue pops up; when I tried to run Disk Defragmenter, it gave me an error stating Task Scheduler wasn't active. Going to Administrative Tools -> Services and trying to turn on Task Scheduler was a nono too. The option to turn it on was greyed out. The solution was HERE . I had to go to HKEY_LOCAL_MACHINE\SYSTEM]CurrentControlSet\services\Schedule and modify the REG_DWORD type registry named 'Start'. If it was already correct, the data in the registry should be 0x00000002 (2) but mine was 0x00000004 (2). Some sort of malmare or program I used messed with it(further details on next issue). Changing it to 2 allowed me to manually change Task Scheduler's properties and so I made it turn on automatically on startup. A restart was necessary to make the changes take effect - just turning on Task Scheduler alone doesn't make Disk Defragmenter usable.




Last and most troublesome of all is the so-called BitCoinMiner. As the name implies, this little nasty program uses your computers processing power to calculate cryptographic hash functions of Bitcoin transactions in order to earn BitCoins - a new online currency. The file itself looks like this:






The program also caused this error:


Googling the malware came up with many gibberish names but the process still says the same. At first I had no idea it was already in my computer. I only found out when I went into my system drive to clear out orphaned files and folders. Trying to delete it with the normal method fails as it says you need administrator privileges to modify the file. The other victims that asked for help online also mentioned the malware created a fake program under the name Adobe Update or something like that which can be looked up in Task Manager but for some weird reason I couldn't find it myself. I only found it under startup programs in CCleaner's list. I found the solution to the removing the malware HERE. But it wasn't smooth-sailing. I followed the methods (almost) down to each letter - using ComboFix by Swearware and RogueKiller by RogueKiller(TM). It wasn't easy cause I had to reuse ComboFix several times - while only using RogueKiller once. This issue is actually the first among the 3 and also the oldest(about 2 months) so the EXACT order of actions taken is quite fuzzy but I absolutely used the programs stated in the source. The last bit of detail I remembered is after several uses of ComboFix, the malware easily deletable as in just highlight it, and then press the 'Delete' key easy. The startup program in CCleaner was also gone.

So 3 issues tackled and won. Hope this helps you.