Hosting Provided By

Re: NT Partitions

From: <mIbrahim(at)ma.panasonic.com.sg>
Date: Tue May 13 2003 - 20:42:24 EDT

Hello David,

Sometimes, we have to take the qualification of the person who claims "a virus attack is responsible"
into consideration as to what had really happen. Usually claiming a virus attack is an easy way to
escape responsibility - especially if someone had actually done the "Format C" itself and didn't
want to be responsible.

If you already had put in sufficient safe guards such as Virus Protection, you would probably need
to put in sometime to investigate the cause. Steps that help to determine what might includes analysing
the System Logs, knowing who have access to that system, and who was supposed to be responsible
for that system when you are away.

Best Regards,

Ibrahim

                                                                                                                   
                    De Velopment                                                                                   
                                                      
                    arker.org>           cc:     focus-virus@securityfocus.com                                     
                                         Subject:     Re: NT Partitions                                            
                    13/05/2003                                                                                     
                    11:25 PM

Hello Dave,

There are a number of Viruses, Trojans and Worms that, as one of their eventual payloads, attempts to do a "Format C:". If it is successful, the NT partition is definitely wiped out. One question: Is it readable, but blank, or inaccessible? Because another behavior of malware is to encrypt the hard drive so that it's accessible only if the virus, worm, or trojan, itself is running. If you clean it, you no longer have access to the decryption routines and, therefore, can't access the hard drive.

Do you need help?

Good luck and best regards,

Ken Parker

On 12 May 2003, David Brown wrote:

> Is there a virus that wipes out NT partitions ?? I have been off work

Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the world's premier event for IT and network security experts. The two-day Training features 6 hand-on courses on May 12-13 taught by professionals. The two-day Briefings on May 14-15 features 24 top speakers with no vendor sales pitches. Deadline for the best rates is April 25. Register today to

ensure your place. http://www.securityfocus.com/BlackHat-focus-virus

Wireless LAN Policies for Security & Management - NEW White Paper *** Just like wired networks, wireless LANs require network security policies that are enforced to protect WLANs from known vulnerabilities and threats. Learn to design, implement and enforce WLAN security policies to lockdown enterprise WLANs.

To get your FREE white paper visit us at: http://www.securityfocus.com/AirDefense-focus-virus

Received on Wed May 14 11:12:02 2003

This message: [ Message body ]
Next message: Security News: "RE: NT Partitions"
Previous message: De Velopment: "Re: NT Partitions"
In reply to David Brown: "NT Partitions"
Next in thread: Dave: "Re: NT Partitions"
Reply: Dave: "Re: NT Partitions"
Reply: Security News: "RE: NT Partitions"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:39 EDT