Windows stopped detecting files on samba drive. Help?!

I just set up a 128Gb USB flash drive on my Netgear R7800 last week. It was all working fine, my Windows 10 machines were all connected and could read/write. But over the weekend I powered off the router and unplugged the USB drive (it's bright blue status light was distracting). I then powered the router back on and used it for the last 2 days. Now today I powered it off again to plug the drive back in, and now while my Windows PCs still see the network drive, when I open it there's nothing there. Just an empty 128Gb folder.

Can anyone explain why this happened and how to fix it so my files are accessible again?
I'm a little panicked atm, as I saved a couple important purchased files for work to it last week, and foolishly hadn't back them up yet.

Can you read the flash drive if it's plugged in to another device?

If I plug it into my PC I get a message saying the drive needs to be formatted before it can be used. I am able to see the files if I scan the drive with recovery software, and if I have to buy a software license to actually save those files so be it, but I'm still very curious why this happened.

Depends on how the USB drive was removed.

In order to avoid corruption.,..

On Windows, use Safely Remove Hardware and Eject Media before removing.

On Linux, use unmount.

I have seen similar issues when no drive letter is assigned.

1 Like
  • How did you power off the router?
    • If you didn't power it off via LuCI => Perform Reboot or SSH: reboot, and then removed power from the router, it's likely a dirty unmount occurred
      • This can be fixed with fsck on the router [or any Linux OS] or via Paragon's Linux FS software for Windows [it allows windows to R/W to ext2/ext3/ext4 file systems.

  • What filesystem was on the drive?
    • If it's a Linux file system, fsck likely needs to be ran
    • If it's an NTFS:
      chkdsk /x /r /offlinescanandfix <DriveLetter>:
    • If it's FAT32/exFAT:
      chkdsk /x /r /v /offlinescanandfix <DriveLetter>:

If after fsck / chkdsk the drive still shows no content, utilize TestDisk to try and recover the partition table, else use it, or it's PhotoRec counterpart, to recover the files

  • Except for the abve, DO NOT do anything else to the drive, and above all, do not save anything to the drive.
    • Recovery files will need to be saved to a separate storage medium

I just powered off with the switch on the back.

It's formatted to f2fs per one of the USB storage user guides. I guess I need to run fsck?
I'll go try that now. Thank you!

Ok so I see that I have packages installed for fsck and f2fsck. I'm guessing I should run f2fsck ...from a Putty terminal? However, when I try "f2fsck /dev/sda1" it spits back "-ash: f2fsck: not found". Sorry, I'm a Linux noob, and far from a functional understanding of the command line interface or what is and isn't a valid command within LEDE.

To remove the USB drive, all you need to do issue is: umount /usb/mount/point

  • Same goes for Windows with "Safely Remove Hardware and Eject Media"... Windows users often don't do this, however not doing so will create a dirty unmount, and, when crossing between Windows and Linux, it's a recipe for file system problems.

For f2fsck: fsck.f2fs -af /dev/<USBdrive>

  • For help, just issue: fsck.f2fs
1 Like

Thank you for all your help. Unfortunately fsck didn't find any errors:

Info: No error was reported

I'm just going to run a file recovery. Glad to know about the unmount command for future reference. I've always "safely ejected" external storage, but someone a long time ago told me that the reason for it was something like Windows could be reading/writing/updating the drive without you're having issued any command, so ejecting makes sure that isn't happening when you go to remove. And based on that I always assumed if a device was powered off, then it was safe to remove storage.

Anyways, thanks again. At least I can avoid this happening again.

It depends how a device is shutdown... simply turning off the power is a dirty shutdown, both on BSD/Linux, as well as Windows (specific to Windows, if a dirty shutdown occurs, the user should reboot the PC, and once at the login screen, prior to logging in, reboot the PC via the power menu)

  • Part of the shutdown process is to unmount all mounted drives, and when this doesn't occur, a dirty unmount also occurs.

I'm not sure what recovery solution you'll be using, but TestDisk is easily one of the best around (it's opensource and free). TestDisk can do a multitude of things, where as it's counterpart PhotoRec is specific to file recovery (of all types, not just photos).

1 Like

Are either programs able to restore folders and folder hierarchies?

At this point, does it matter?

I would also suggest backing up your drives on a regular basis, and keeping one copy offline.

If you happen to get infected with ransomware, all drives on your network will be encrypted.

I do back up important folders pretty consistently as well as keep offline copies. My wife got some ransomware on her laptop last fall, it was relatively mild -it definitely didn't affect my whole network, though it did take a solid week of probing at it to get the laptop back to life & decrypted.

By the way, does such a thing commonly exist as a ransomware that can spread across vlans, say from a guest wifi network with no zone forwarding to lan?

So I'm not out of the woods yet. I have recovered the files (though locating the two files I actually needed will be searching for a needle in a stack of needles or .pdf's, as it were). But more to the point, the drive, while mountable and visible to the windows machines, is essentially inaccessible.

I can see the drive (113 GB free of 115GB) from my Windows home folder. And I can open it, but if I try to copy a file, or create a new one, it says I need permission. I checked the configuration and the allowed users, password, create and directory masks are all the same as last week. And again, fsck didn't find any errors, so I'm not sure what's the problem.

You were lucky.

Ransomware is constantly evolving (spend some time on BleepingComputer). Once it breaches your security, anything is possible.

Hopefully, you closed the hole that caused the last infection.

Try using Take Ownership...

1 Like

Sorry, I forgot that I had to manually change permissions after the drive was mounted the first time. For whatever reason setting it in the config file didn't have an effect. In any case, it's working now. Thanks for all the assistance!

I don't think my wife would appreciate you calling her that... But yes she has since learned to cross reference google classifieds results with "Ad" indicated next to them. :expressionless:

I think you know what I meant...don't give up your day job to be a comedian.

You might consider using uBlock Origin, which is like a firewall in a browser.