3 hdd's MBR's Gone in one day

Within one day, I have had three hard drives mbr's destroyed. I've searched known A/V sites and the internet for information, scanned the drives with a/v and spyware applications--nothing found. I have tried "fixmbr ", "fdisk/mbr" through xp's repair console--mbr not found to be fixed. Partition shown in fdisk to be ok, therefore I'm lead to believe that the data is still there....?....though I do not know for sure. Cannot trust too many tools to download anymore, has anyone experienced this?

 

Is this three disks on three separate computers or all on the same computer. If the latter, I'd be looking at a hard disk controller problem.

 

3 separate hdd's

Two on one pc, and one on a separate pc. Two were system drives and one was slave. Controller's are ok. Diag's reported disk0 on each pc.

 

Coincidence? Possible but highly unlikely. At first blush, it sounds more like you've been bitten - but how and by what? I think I might want to try reading one of these drives in another machine with the full understanding that it too stands an outside shot of a similar fate. Safe bet would be a fresh image of the host machine before trying any forensics.

 

3rd hdd...

Rockster2u--I've already performed the "separate" machine idea...;( That is how my "test" pc's mbr (the 3rd hdd) has gotten destroyed.

I've performed a data recovery which, only a handful of folders were retrieved, onto a fourth empty hdd. That 4th hdd is fine. It does not contain an operating system but only the retrieved/recovered data, (an image of the good data).

What I have done so far:
1. removed the original pc's slave hdd.
2. boot from original o/s hdd=gone mbr.
3. boot into console mode, (original hdd) "fixboot "=did not work.
4. boot into console mode again, (original hdd) "fixmbr "=did not work.
5. removed both hdd's-slaved original hdd with o/s onto test pc.
6. perform data recovery w/test pc onto a 4th empty hdd.
7. reboot test pc=mbr gone.

I still have the original hdd w/whatever the problem is, on it, and am rebuilding the two pc's.

Still needs to be cleaned and missing data recovered.

 

Ouch. Now for the bold pronouncement - This is not good. OK, you already know that. Now what?

If it were me, at the very least I would FDISK each drive's MBR followed by an FDISK of each drive to clear all partitions and build one single partition. Then I would take the first problem child and put it in a machine as a standalone and try an installation, but once again, I'd delete the partition I just made and create a new one, format and try an installation.

Another alternative you have is to boot to a Bart PE Disc or Ultimate Boot Disc with utilities and scan any of the problem drives. Although I have had success in locating rootkits this way, I have not always been able to clean them which (if not successful) sends me back to the FDISK approach described above.

If you have picked up a boot virus, you may need to flash your BIOS or replace the chip with one that is properly programmed. It should be noted that it can be difficult to boot at all with a boot virus. I will not take you through hot flashing as this can be a most difficult procedure.

I will follow this thread with interest and only wish I could help you more. My best guess is that you have been severely bitten and I would be concerned about any other machines on the same network.