Caveat Emptor — Used CD-ROM drives

I have purchased a lot of things on eBay, and I have rarely had any problems. There was one time that I purchased a Motorola H700 Bluetooth headset that turned out to be a Chinese knock-off, but I just reported that to eBay as fraud and got my money back quickly.

Recently, though, I ran into a rather serious problem. Fortunately, it was not as serious as it could have been, but I want others reading this to know what to look for.

Recently, I posted about how I had gotten a couple of broken laptops from a co-worker and restored them to running order as gifts for my wife and stepson. One of the things I needed to do with my wife’s laptop was order a new CD-ROM drive, and I found one for a decent price on eBay. After waiting out the auction, I was the only bidder and got it for the starting bid price. The seller sent it quickly, and it arrived yesterday.

When I came home on my lunch hour, I opened it up, popped out the floppy drive, inserted the new CD-ROM drive, and powered it up. Unfortunately, the new drive worked perfectly.

I say “unfortunately” because it booted off a CD that was already in the drive when it arrived. In a matter of seconds, I saw a Norton Ghost 6.0 screen pop up, and the next thing I knew, I was faced with a Windows 98 startup screen and a C:\ prompt. I was confused. The first thought that went through my head was that there had actually been a CD in the drive and that it had wiped my wife’s hard drive. I quickly dismissed that as paranoia, but I knew that the Norton Ghost screen had to have come from somewhere. I opened the CD drive, and sure enough, an unlabeled CD-R was in the drive. I took it out, closed the drive, and rebooted, confident everything would be fine.

It wasn’t. I got a Windows 98 splash screen and a C:\ prompt again. I typed dir and found that all 6GB of the hard drive was free. The drive had been formatted to boot as if it were a Windows 98 boot diskette.

I put the unlabeled CD-R in my home computer (on which I have disabled auto-run for CDs) and explored the contents. It had six files total:

BOOTCAT.BIN
BOOTIMG.BIN
DOSBOOTF.GHO
GDISK.EXE
GHOST.EXE
START.BAT

Here are the contents of START.BAT:

gdisk 1 /mbr /wipe /sure
REM gdisk 1 /del /all /sure
ghost.exe -clone,mode=load,src=x:\dosbootf.gho,dst=1 -sure

For those who don’t speak DOS, this translates as follows:

Run Norton's GDISK program and erase the Master Boot Record without prompting
(The second line is ignored because of the REM (REMark) statement)
Run Norton's Ghost program and replace the contents of this drive with a DOS boot floppy image without prompting

The CD that arrived in my wife’s CD-ROM drive was specifically designed to completely wipe the operating system of any PC that boots from it in a matter of seconds. When I first figured this out, I assumed the victim mentality and thought that someone had intentionally planted the disc in the drive as a long-range hacking prank, but soon the System Administrator in me took over and realized that this was probably just an accident.

When organizations surplus old computer equipment, they generally take at least some steps to make sure that company data is scrubbed off the hard drive before it leaves the building. This disk is likely the result of one of these scrubbing sessions, where a technician simply booted all of the machines from this disc to quickly erase all of the data. Unfortunately, s/he forgot to take the disc out of the CD drive before it was sent to the liquidators, and this drive wound up in the hands of my eBay Platinum retailer.

At this point, it becomes a question of who takes responsibility for the disc’s presence. Since I purchased the used CD drive from the eBay retailer in good faith that it had been inspected prior to sale, I think the retailer is at least indirectly responsible for the loss of the data on my wife’s hard drive. Inaction does not absolve him of responsibility for the product he’s selling. By the same token, I could have used a paper clip to open up the drive prior to installing it in the laptop, but I think I was justified in assuming that the vendor had already done this.

The reality is that I paid a fair price for a working CR-ROM drive, and I received that. Unfortunately, along with it, I received a disc that destroyed the operating system on my wife’s computer, and that will cost me much more (in terms of time to restore) than I paid for the drive. If I go to the grocery store and purchase a product, then get home and open it to find mold in the product, I take it back with my receipt and the grocery store replaces it or gives me my money back immediately. It seems the same in this case to me. I purchased a product, the product works, but it had obviously not been inspected before shipment and damaged my wife’s computer. I would think that an eBay Platinum retailer would not think twice about simply refunding my money as part of good customer service.

I’m sure you’ve noticed that I have not mentioned the name of the retailer. I want to give him the opportunity to rectify the situation. I will probably follow up later with the results, whether favorable or unfavorable for the retailer.

So here’s where the Caveat Emptor (“Let the Buyer Beware”) clause comes in. Even though I think that the seller is partially responsible for selling me a product containing a disc that was a danger to my data, I could have avoided the situation by verifying that the drive was empty in the first place. By opening the drive with a paper clip, I could have found the disc before ever putting the drive in the computer and all would be safe. I probably would have still contacted the seller to let him know that he needs to inspect his merchandise before it leaves his door, but no data would have been lost.

Caveat Emptor.

Update 1/5/08 @ 2:13 PM: I received e-mail from the seller, saying he thought my request for a refund was reasonable, and that he would talk it over with the other owner. In exchange, he would like the disc back so he can try to figure out which vendor it came from. He even offered to pay return shipping for the disc. I think that’s completely fair, and shows that his company does believe in good customer service. Assuming things continue to progress as they are, I would buy from this seller again with no hesitation.

Update 1/9/08 @ 9:14 AM: The seller contacted me today to let me know that his business partner agrees that refunding my money is an appropriate action, considering the circumstances. He has also given me permission to reveal his company’s name and link to his eBay store, which I am happy to do, considering how responsive their customer service has been.

Synaptic-Systems eBay store

To all you mom-and-pop eBay shops: this is how to handle a customer service problem. Communicate with your buyers, and when they have a problem with a product, stand behind the product and do what it takes to make the buyer happy. Your reward will be word-of-mouth advertising, because you were willing to fix the problem.