At 2 o'clock this afternoon A client rang to say they could no longer access exchange or there shared data.
Logging into the machine EVERY drive on the server NOT the main disk was empty. Not just not showing up but there, labelled correctly and showing correct TOTAL space but not a single piece of info on them.
C: -Windows - Standalone SSD- Running fine
D:- Exchange- External DAS running off a SIL3121 SATA Raid is empty
E: WSUS- Empty- As above
F: Archive-Empty as above
G: - Storage Craft Backup - Internal Intel Raid - Empty
F: DATA- secondary External DAS totally separate to the 1st one (2 separate boxes)
One could look at the SIL raid card but the fact that a totally separate intel internal raid has done the same and the disks are showing up says to me it is not that
I cannot find a single reason in the event log for anything to have happened. No windows updates or driver updates have been run.
The only suspicious thing was that someone had logged on locally to the machine yesterday (it is not used and sits in a cupboard) as a generic user and there was a Russian Google Chrome installed. On the desktop was a program folder called Clearlogs.V1 with an exe file under Clearlogs. This seemed to have been download 2 years ago but the folder it sits in shows it was edited at the same time everything seems to have stopped today.
Does anyone have any ideas at all because I am totally lost and with no backups available the company of 30 users is screwed!