Wednesday night, 6:35 PM: I was in my South St. Louis County apartment, getting ready for church, when my phone rang. I’d had at least one telemarketing call that night already, but I picked up the phone anyway.
“Hello?” I said, maybe slightly agitated.
“Dave?” a female voice asked. So much for a telemarketer. I recognized the voice but didn’t place it immediately. And obviously she knew me.
“Yes?”
“It’s Wendy.” Ah, Wendy from church. OK.
“What’s up?” I asked. She doesn’t routinely call me–she doesn’t routinely call anyone, I don’t think–so I figured she probably needed something. That’s OK. I take care of my friends.
“What’s it mean when your computer says, ‘Bad or missing command interpreter. Enter path of a valid command interpreter, e.g. c:windowscommand.com’?”
“Oh. That means one of the files your computer needs to get started is blitzed,” I said. “What happens if you type it?”
“You’re gonna hate me,” she said as she typed the filename. “You deal with this stuff all day and now I call you wanting computer advice.”
I could never hate her. She’s too nice. Besides, guys like fixing things, especially for people they like. I probably should have told her that.
“It just repeats the same thing again,” she said.
“I see.” I had her try a couple of other locations–Microsoft OSs have always installed command.com in too many places. But no go.
“Are my other files OK?”
“Hopefully,” I said. “My computer used to do this to me once a year.”
“My whole life is on this computer, Dave,” she said, sounding a little distressed. My heart melted. I hate it when bad things happen to good people. I especially hate it when bad things happen to good people and one of Bill Gates’ or Steve Jobs’ toy operating systems is involved. But sometimes it’s just a minor inconvenience. I hoped this was one of those instances.
“I just need to boot your computer off a floppy, type a command or two, and it’ll probably come right back to life,” I said.
“Do you have time to do this? I mean, really have time to do this?” She didn’t want to inconvenience me.
“Yeah, I’m on my way to church, and you’re on the way, and it should only take me a couple of minutes,” I said as I formatted a disk and copied sys.com to it.
After assuring her again that I was sure, I told her I’d be there in about 10 minutes. I hopped in my car, disk in hand, ready to go be a hero and still make it to church on time. I rang her bell, heard her dog scream bloody murder, and she opened the door. As soon as she let me in, her Labrador warmed up to me. She led me to the computer room, where I sat down and popped in a disk. She yanked on her Lab’s leash, trying to keep her away from me. She wasn’t having much luck.
“That’s OK,” I said to Wendy. “I like dogs.” Then I turned to the dog and started scratching behind her ears. “I’ll bet the most dangerous part of you is your tail. You just like people so much you thump ’em to death, don’t you?” I turned to the computer and booted off the floppy. It didn’t work. So I restarted, and when it asked for a command interpreter, I typed “a:command.com” and got a command prompt. Meanwhile, her dog grabbed onto my hand with her paw so I wouldn’t go anywhere. Shadow, the Cocker Spaniel/Irish Setter mix I had growing up, used to do that.
I ran sys.com and rebooted, expecting to be a hero. Instead, I got the dreaded invalid media type reading drive C error.
I told Wendy I’d need the heavy artillery to fix this problem. I kicked myself for not bringing any more sophisticated tools like MBRWORK. It looked like a blitzed partition table to me.
I rebooted a couple more times to try to get symptoms. The Windows logo splashed up ever so briefly. The drive didn’t make any weird noises. That was good. That meant the boot record was intact, and that some data was intact–obviously, because it was reading the Windows logo. It looked just like the time my Pentium-75 crashed and forced me to cycle power, then didn’t come back up. I didn’t know how to fix a blitzed partition table then. But that was a long time ago.
By now, it was 7:20. “I can go get some more tools,” I offered.
“Go to church,” she said. “I’d feel really bad if you miss church. Tell Pastor John it’s my fault.”
I did my best to reassure her that I could get her data back. I told her the odds looked like about 50/50. In reality I was more confident than that, but unless I’m about 99% certain, I won’t say the chances are any better than 50/50. There’s nothing I hate more than disappointing people.
I went to church mad at myself that I hadn’t gotten her data back. I came home from church, got ready to gather up my tools, and checked my messages. It was Wendy. She said she’d gone to school to work on a paper, that we’d worry about the computer tomorrow but it wasn’t a big deal.
Maybe it wasn’t to her. But it was to me. I hate losing, especially to a computer. I have since I was in first grade and played Atari at my neighbors’ house. True, back then I got mad when I lost at Donkey Kong, but in my mind there’s no difference. Even though it’s a different game today and I lost a lot then and I rarely lose now, it doesn’t make me hate losing any less. Especially when I’m playing with other people’s stuff. Her words echoed in my mind: “My whole life is on this computer, Dave.”
I wasn’t going to let her down. I wasn’t going to let myself down by letting her down. I was going to get that data back, and I didn’t care what I had to do to get it.
I called her back, expecting her not to be there. Her mom, Debby, answered the phone. She gave me a few more clues, told me she didn’t expect Wendy home until late, said one or the other of them would be home about 3:30 the next day. I’d been at work until close to six on Wednesday and saw the possibility of having to stay that late on Thursday. I didn’t make any hard and fast promises about when I’d be there, but I started plotting how I would escape work by 4:15.
On Thursday, I loaded up floppies containing all the standard Microsoft disk tools, plus Norton Disk Doctor, plus Spinrite, plus MBRWORK and a few other partition recovery tools, along with a Windows 98 CD, and took the whole wodge of stuff to work. At 4:20, I called. Debby answered. I told her I was leaving work and I’d probably get there in about 20 minutes.
Along the way, I listened to a bunch of punk rock, really loud, and got myself pumped up. Whether it’s stepping up to the plate in the bottom of the seventh with runners on second and third and two out, or just a tricky computer problem, I get myself into the same mental place. The world fades away and I see nothing but the challenge. By the time I got to their house, I was in the zone. I was so in the zone that I walked up to the front door of the wrong house. Wendy’s Lab was in the front yard giving me the “I know you! What are you doing over there? Get over here and pet me!” look. I didn’t notice. The neighbor pointed next door. Feeling stupid, I walked over. The dog congratulated me on getting smart, Debby greeted me, and I went another round with her computer, running MBRWORK. It recovered the partition successfully, it said. I got excited. I rebooted and the computer asked me for a command interpreter again.
Cantankerous computer 2, Dave 0.
I went home, fixed myself a little something to eat, pondered the situation, and wrote my Bible study for Friday night on my company laptop. That calmed me down enough to let me think rationally again. I packed up everything I could possibly need: Norton AntiVirus, Ghost, an extra hard drive, two laptops, a couple of Linux CDs, both versions of Windows 98, utilities disks…
I booted off my disks and tried a few things. Nothing. I booted my company laptop up with the disks–that laptop doesn’t have DOS installed–and added a couple more toys. They didn’t help. Wendy got home and asked if it was a bad sign I was there. I muttered something and probably came off as rude. I was in the zone, after all. I asked her if she had any floppies she wanted me to scan for viruses. She handed me one, and I tried to boot my laptop into Windows. It showed the very same symptoms as her computer.
I’ve said it before and I’ll say it again. Virus writers, PLEASE get a life. Get interested in girls or something. Anything!
Wendy didn’t like the look on my face. I told her what happened. She said a phrase I won’t repeat here, then apologized. There was no need. I felt like saying it too. Or something worse.
For grins, I tried booting the laptop into Linux. It booted up like it was cool. Hmm. Boot sector viruses that kill Windows dead don’t even make Linux flinch. I owe Linus Torvalds a beer.
I tried mounting my main Windows partition. Linux reported NTFS errors. Visions of virus writers getting beaten to a bloody pulp danced in my mind.
Since I was now convinced we were dealing with a boot sector virus, I replaced the MBR. No joy. I booted off a Linux CD, switched over to a console, ran cfdisk, and viewed the partition table. One 4-gig partition, FAT32. No problems. Odd.
Wendy started fretting. “You’ve spent all this time and you’ve lost your laptop. I’m about to start to cry.”
I stopped what I was doing, turned to her, and looked her straight in the eye. “I take care of my friends.”
She looked back at me like she thought that was kind of cool.
“I don’t care about the laptop. I can fix that later. I can rewrite the Bible study that was on it. It took me 20 minutes to write, so it’ll take me 15 minutes to rewrite. I’m going to get your data back.”
The Bible study I lost indeed took me about 15 minutes to rewrite, and the second version was a lot better. But I didn’t get her data back that night. Eventually I gave up, pulled her drive, installed a new drive, and installed Windows and Office on it so they’d have a computer that was useful for something. Debby walked in as I was switching drives, noticed the dust inside the case, and gave it a disgusted look. She came back with a rag and Wendy started laughing at her.
“She can’t stand dust anywhere. I guess not even inside electronics,” Wendy said.
Debby lit up when she walked in the room and saw the Windows 98 screen on her computer. Later when Wendy walked back in, she let out a whoop and told her mom she was missing beautiful things in the computer room. I was pretty happy about it too. Windows 98 didn’t install easily–the intial reboot failed and installation didn’t continue until I booted it in safe mode, then rebooted. I gave the computer a lecture as I booted it, reminding it that I have enough spare parts at home to build a computer like it and would have no qualms about destroying it and replacing it with something else. I know it didn’t hear or understand a word I said, but I felt better afterward.
I felt bad about not getting the data back that night. Wendy and I talked for about 45 minutes about other things. I felt better afterward. I forgot to thank her. Around midnight, I packed up the stuff and drove home.
Wendy and I talked the next day over e-mail. I’d taken my disks to work and scanned them on a non-networked PC nobody cared about and found the Form virus. Wendy had taken some disks to school and had them scanned. They contained both Form and antiCMOS. Since antiCMOS resides in the MBR and Form resides on the primary partition, the two viruses can coexist. Form was relatively harmless on FAT16 drives, and although antiCMOS was potentially destructive in 1991, it’s much less so now that PCs autodetect hard drives at boot rather than relying on parameters stored in CMOS. My work the night before would have eliminated antiCMOS, which explained why it wasn’t present on my disks. I did a Dejanews search on Form and FAT32, to see if that would explain the apparent partition corruption. I found that the symptoms were exactly what Wendy was showing. And I found recovery methods that had a high success rate.
I haven’t put Wendy’s drive in one of my PCs yet to recover it. But I’m pretty confident I’ll get her data back. That’s a good thing. I’ve met nicer people than Wendy and Debby. But only once or twice. People like them don’t come around very often, so I’d like to do something nice for them.
Bringing their data back from oblivion would do.
David Farquhar is a computer security professional, entrepreneur, and author. He started his career as a part-time computer technician in 1994, worked his way up to system administrator by 1997, and has specialized in vulnerability management since 2013. He invests in real estate on the side and his hobbies include O gauge trains, baseball cards, and retro computers and video games. A University of Missouri graduate, he holds CISSP and Security+ certifications. He lives in St. Louis with his family.
