Strange Issues with Seagate HDD, Boot Sector Virus?

[KurtHansen1988]

So I picked up a pretty much brand new Asus Eee Box B206 at a yard sale for $7 which was an awesome deal. Booted it up and no operating system found, whatever. I have an Easy2Boot USB drive with tons of operating systems on it and decided to boot into Linux Mint 17.3 and checked the S.M.A.R.T status of the drive. Everything was good. Total power on time was 157 hours. Tried to install to HDD and installation hangs. Tried Windows 7/8 and same issue but I got an error code "0x80042405" couldn't find any info about this. Rebooted and I got this screen on post.



I decided to hook up the drive to my main computer and did a low level format and partitioned the drive as primary NTFS and Windows 8 was able to see the drive & read/write just fine. Hooked the drive back up and also updated to the latest bios. Tried to boot Linux Mint again. This time.



I rebooted and decided to give Windows 8 installation a try again, but this time upon booting instead of loading the Easy2Boot UEFI I got a blank screen after post that simply says "Virus!" I rebooted again and this time it loaded E2B no problem. Rebooted 10+ more times and I haven't scene the "Virus!" screen since. I haven't found anything on google about my issue other than it could possibly be a boot sector virus.

Here is the info using Seatools.

Model# ST9160310AS


I notice that security mode says "Supported, frozen" not sure what that means though. Any one else run into similar problems or know a fix (other than using a different hard drive?

 

[Roberty]

Do a low level format on the drive just to be safe - Not the quick format option during the Windows install.

 

[CVNet1]

I know you said you did a low level format, but if you haven't written 0's to the entire drive (usually takes more than an hour to complete), then you didn't do a true low level format.

If a true low level format does not destroy whatever virus is on your drive, then there are a couple other possibilities.
1) If the drive after low level format does not display any unusual activity or behavior when it is plugged into a known clean system, but does display the activity on the new system you are trying to get running again, then there is a possibility that the bios in your new system may have somehow been infected in the bios or some other semi-permanent storage besides your drive.

2) If the drive after low level format still displays unusual activity or behavior, then the drives firmware might be infected and the virus code could reside on the HPA or DCO areas of the drive which are not readily accessible to standard formatting tools and have recently been found to be vulnerable to infection from what has generally been state sponsored hacking tools. It may be that a virus writer becoming familiar with this vulnerability may have written a targeted virus for the HPA and DCO on your particular drive. This is all speculation on my part regarding what is wrong with your drive because details seem rather slim right now.

I did find a strange case in a google search where a particular version of Seatools would cause the drive security mode to flip to "Supported, Frozen" which I understand is a security lock on the drive writing at the firmware level. Apparently a system bios or an windows operating system or the Seatools program can set this for the drive's firmware and the drive will remain that way until it is rebooted. Of course if whatever that is going on puts the drive back into a "supported, frozen" state prior to you being able to access it, then you are back to square one with a locked drive again. This could also be a reason your drive won't boot windows anymore or accept installations.

edit:
Just on the off chance a weird connectivity issue is involved, have you swapped out the sata cable with a different one or checked for loose connections?

 

[KurtHansen1988]

I used EASEUS Partition Master to erase the drive twice. Took about 1-2 hours. Used SeaTools v1.4.0.4 and the hard drive in this machine also says supported frozen. Here is the update.

I did some extensive research and found a very in depth manual for this hard drive. http://www.seagate.com/staticfiles/support/disc/manuals/notebook/momentus/5400.5/100468844b.pdf
And also methods to unlocking Seagate Hard Drives with default passwords using ATAPWD and MHDD, but this didn't work.
I also found a python script that is supposed to output ata security lock passwords, but I kept getting some error code #25 permission denied. More information about that script can be found here ATA security lock removal for seagate [Solved] ;) and downloaded from here GitHub - BlackLotus/seaget: Wget like tool to dump seagate memory and buffer

What finally worked was using hdparm and unplugging the drive and plugging it back it which removed the supported, frozen status and I was able to do use
hdparm --user-master u --security-erase 1234 /dev/sda which did remove the security lock. ATA Secure Erase - ata Wiki

With that I am able to boot into linux live again, and also was able to install windows 8 using this machine. However on the Eee Box I am still unable to Install any OS though it is detecting it properly now. Currently trying to install Linux Mint and it's been stuck at "ext4 file system for / in partition #1 of SCSI1 (0,0,0)(sda)..." for about 30 minutes now.

Got a ioctl is inappropriate error. Checked again and drive is not frozen.

I give up. Tried reformatting it for linux on a seperate pc and then tried to install from the Eee Box and just gets I/O errors.