MultiDrive – free backup, clone & wipe disk utility from Atola Technology

Main » Forums home » Conventional hard drives

All times are UTC - 5 hours [ DST ]



Post new topic Reply to topic  Page 1 of 1
  [ 6 posts ] 
  Previous topic | Next topic 
Author Message
DavisMcCarn
 Post subject: Trojan attacked ST9500325AS Firmware?
PostPosted: November 16th, 2012, 12:35 
Offline
User avatar

Joined: December 1st, 2008, 11:09
Posts: 20
Before it was brought to me, the owner reported that the laptop booted to a DOS-Like screen telling him he needed to run a hard disk diagnostic which is a new one for me and, after 35 years of this doesn't happen very often.
When placed on my PC, the drive didn't even report to the BIOS though it was spinning nicely and had not made any weird noises.
So, I hooked up my terminal cable to see what it was fussing about and got a real surprise.
It looks to me like a batch job was sent to the drive because without my typing anything, this appeared:

F3 T>
Table Recovery Faked and Completed

Send Status: COMRESET seen

F3 T>/

F3 T>m0,2,2,,,,,22

HighPowerMode
DiagError 0000500E Process Defect List Error
R/W Sense 00000002, R/W Error 841C0087, List Offset 00000000, List Index 00256D0
3, File Error 000000D0

F3 T>F

Failed to load overlay 00000004
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
Rst 0x20M
ASCII Diag mode

F3 T>
Table Recovery Faked and Completed

Send Status: COMRESET seen

F3 T>/1

F3 1>M

HighPowerMode
Failed to load overlay 00000004
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
Rst 0x20M
ASCII Diag mode

F3 T>
Table Recovery Faked and Completed

Send Status: COMRESET seen

F3 T>/1

F3 1>N1

HighPowerMode
Failed to load overlay 00000004
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B

ASCII Diag mode

F3 T>
Table Recovery Faked and Completed

Send Status: COMRESET seen

F3 T>V4

HighPowerMode
Failed to load overlay 00000004
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
Rst 0x20M
ASCII Diag mode

F3 T>V1

LED:000000CE FAddr:0029F05
Rst 0x20M
ASCII Diag mode

F3 T>
ASCII Diag mode

F3 T>V1

HighPowerMode
Failed to load overlay 00000004
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
Rst 0x20M
ASCII Diag mode

F3 T>F
Table Recovery Faked and Completed

Send Status: COMRESET seen

HighPowerMode
Failed to load overlay 00000004
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
Rst 0x20M
ASCII Diag mode

F3 T>F,,
Table Recovery Faked and Completed

Send Status: COMRESET seen22

ASCII Diag mode

F3 T>
F3 T>F,,22

HighPowerMode
Failed to load overlay 00000004
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B

ASCII Diag mode

F3 T>f,,00

HighPowerMode
Failed to load overlay 00000004
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
Rst 0x20M
ASCII Diag mode

F3 T>
Table Recovery Faked and Completed

Send Status: COMRESET seen

ATA St 50 Er 01 Op 00 0 000000000000, 0000 0001 0000
Ts(ms) dT(ms) xT(ms) Type Option Mode St EC Info
13371 0 10510 30 000000 000000 1 00000080 SPN_DN NORMAL
F3 T>
HighPowerMode
New Skews Pharaoh 0F with VTPI,RAP16,Common Code 4
Product FamilyId: 3F, MemberId: 03
HDA SN: 9VP1MBAC, RPM: 7201, Wedges: 120, Heads: 4, Lbas: 575466F0, PreampType:
71 21
PCBA SN: 0000C9460PBS, Controller: YETIST_3_0(649A)(3-12-3-2), Channel: AGERE_CO
PPERHEAD_LITE, PowerAsic: MCKINLEY DESKTOP LITE Rev 91, BufferBytes: 2000000
Package Version: PH0G7B.CCD4.CT092H., Package P/N: 100578642, Package Builder ID
: AT,
Package Build Date: 06/19/2009, Package Build Time: 14:44:25, Package CFW Versio
n: PH0G.CCD4.00175857.AT00,
Package SFW1 Version: B748, Package SFW2 Version: ----, Package SFW3 Version: --
--, Package SFW4 Version: ----
Controller FW Rev: 06191444, CustomerRel: CC44, Changelist: 00175857, ProdType:
PH0G.CCD4, Date: 06/19/2009, Time: 144425, UserId: 00236537
Servo FW Rev: B748
RAP FW Implementation Key: 10, Format Rev: 0001, Contents Rev: A2 07 03 03
Features:
- Quadradic Equation AFH enabled
- VBAR with adjustable zone boundaries enabled
- Volume Based Sparing enabled
- IOEDC enabled
- IOECC enabled
- DERP Read Retries enabled
- LTTC-UDR2 compiled off

F3 T>/1

F3 1>V0E

Failed to load overlay 00000004
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
Rst 0x20M
ASCII Diag mode

F3 T>
Table Recovery Faked and Completed

Send Status: COMRESET seen
ASCII Diag mode

F3 T>/

F3 T>F,,22

HighPowerMode
Failed to load overlay 00000004
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
Rst 0x20M
ASCII Diag mode

F3 T>

Rst 0x20M
ASCII Diag mode

F3 T>
Table Recovery Faked and Completed

No Phy: Staggered spin bypass
ASCII Diag mode

F3 T>'

HighPowerMode
Failed to load overlay 00000004
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
Rst 0x20M
ASCII Diag mode

F3 T>
Table Recovery Faked and Completed

No Phy: Staggered spin bypass
ASCII Diag mode

F3 T>D

HighPowerMode
Failed to load overlay 00000004
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
Rst 0x20M
ASCII Diag mode

F3 T>
Table Recovery Faked and Completed

No Phy: Staggered spin bypass
ASCII Diag mode

F3 T>H,,22

HighPowerMode
Failed to load overlay 00000004
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
Rst 0x20M
ASCII Diag mode

F3 T>|
Table Recovery Faked and Completed

No Phy: Staggered spin bypass

ASCII Diag mode

F3 T>
F3 T>|

HighPowerMode
Failed to load overlay 00000004
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
Rst 0x20M
ASCII Diag mode

F3 T>
Table Recovery Faked and Completed

No Phy: Staggered spin bypass
ASCII Diag mode

F3 T>/c

F3 C>Q

HighPowerMode
Failed to load overlay 00000004
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
Rst 0x20M
ASCII Diag mode

F3 T>
Table Recovery Faked and Completed

No Phy: Staggered spin bypass
ASCII Diag mode

F3 T>/2

F3 2>s444,0,22

HighPowerMode
Failed to load overlay 00000004
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
Rst 0x20M
ASCII Diag mode

F3 T>
Table Recovery Faked and Completed

No Phy: Staggered spin bypass
ASCII Diag mode

F3 T>T4

HighPowerMode
Failed to load overlay 00000004
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B
LED:000000CC FAddr:0028555B

Rst 0x08M
RW cmd 0002 req = 89 3E 00 00 17 02 00 00 00 00 00 00 08 8C 08 00 87 97 09 00 08
8C 08 00
opts = 00001121

RW Err = C3160084

RW cmd 0002 req = 89 3E 00 00 01 00 00 00 00 00 00 00 08 8C 08 00 87 97 09 00 08
8C 08 00
opts = 00001121

RW Err = 43110081

RW cmd 0002 req = 75 5F 02 00 17 02 00 00 00 00 00 00 08 8C 08 00 87 97 09 00 08
8C 08 00
opts = 00001121

RW Err = C3160084

RW cmd 0002 req = 75 5F 02 00 01 00 00 00 00 00 00 00 08 8C 08 00 87 97 09 00 08
8C 08 00
opts = 00001121

RW Err = 43110081

As I said, I didn't type anything in the terminal window. Does anybody know about this and do we have something really nasty to worry about?

_________________
Computer Dinosaur, servicing PC's since 1976 http://www.Computer-Help.Net
Top
 Profile  
 
Vulcan
 Post subject: Re: Trojan attacked ST9500325AS Firmware?
PostPosted: November 16th, 2012, 13:27 
Offline

Joined: May 6th, 2008, 22:53
Posts: 2138
Location: England
Some of the terminal commands that were run, were not destructive. If this behaviour was actually caused by malicious software designed to damage drives, it could have been much more efficient! For this and other reasons, that theory does not seem likely to me. Although I've got a couple of guesses about possible causes, it all depends on the software installed on your PC (where the drive was attached via its serial port)...
Top
 Profile  
 
DavisMcCarn
 Post subject: Re: Trojan attacked ST9500325AS Firmware?
PostPosted: November 16th, 2012, 16:09 
Offline
User avatar

Joined: December 1st, 2008, 11:09
Posts: 20
I am using Hyperterminal and there is no software which could possibly have scripted commands to it!
What we don't know is the commands issued before I connected to the terminal port. The user has been a client for over 10 years now and has never abused his hardware so, with this laptop being less than 8 months old, I believe something went directly after the drive on Wednesday. He called yesterday morning and it was off until he brought it to me, today.

_________________
Computer Dinosaur, servicing PC's since 1976 http://www.Computer-Help.Net
Top
 Profile  
 
Vulcan
 Post subject: Re: Trojan attacked ST9500325AS Firmware?
PostPosted: November 16th, 2012, 16:49 
Offline

Joined: May 6th, 2008, 22:53
Posts: 2138
Location: England
I have different suspicions (and unfortunately I don't fully understand some of your comments), but I'll see what other members suggest to you. I don't think it'll be productive for me to make further comments without being in front of that PC.
Top
 Profile  
 
drc
 Post subject: Re: Trojan attacked ST9500325AS Firmware?
PostPosted: November 16th, 2012, 17:05 
Offline

Joined: August 12th, 2008, 13:11
Posts: 3235
Location: USA
I think you are seeing leftover screen output from the last thing you did in Hyperterminal

_________________
You don't have to backup all of your files, just the ones you want to keep.
Top
 Profile  
 
BlackST
 Post subject: Re: Trojan attacked ST9500325AS Firmware?
PostPosted: November 16th, 2012, 17:38 
Offline

Joined: July 18th, 2006, 3:05
Posts: 7476
Location: ITALY
To me math doesn't add up.
Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  Page 1 of 1
  [ 6 posts ] 

Main » Forums home » Conventional hard drives

All times are UTC - 5 hours [ DST ]

Who is online

Users browsing this forum: Google [Bot] and 31 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Switch to mobile style
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group