Re: NT Partitions

How was the data retrieved from the 'infected' disk? Since you were out, I'm guessing they either were doing backups, as they should, or they sent the disk somewhere for data recovery. The fact that data was recovered precludes a disk-encrypting virus. Under the circumstances, I would suspect a number of other things before even considering a virus. Do you have the disk in your possession? Have you done anything yet to discern for yourself what happened?

Honestly, you're in quite the unenviable position right now. It's going to take a lot of time to investigate this thoroughly and come to any sort of conclusion. Feel free to email me directly if you like, or perhaps the Focus MS or Forensics list would be a better resource.

Dave A

> In-Reply-To: <007101c31a32$b972c7a0$cc01a8c0@dave>
>
> The system was NT4 servers 1 x PDC (the one that crashed) 2 x BDC and 1
x
> Multimedia - Workstaions Win98 - Educational Establishment. The Head of
Workstations.
> Data was retreaved from the 'infected' disk and YES I did have virus

> >Dave,
was
> >a virus unless they ID'd it.
> >
> >Is there anything left to do any analysis on, or did someone reinstall
or
> >restore everything onto the supposedly infected disk?
> >
> >What sort of a system was this? Workstation, server...? Was anyone
> using
any
> >interaction? Was it running anything that has been exploited recently?
> >Was it exposed the the internet?
> >
> >Dave A

• Wireless LAN Policies for Security & Management - NEW White Paper *** Just like wired networks, wireless LANs require network security policies that are enforced to protect WLANs from known vulnerabilities and threats. Learn to design, implement and enforce WLAN security policies to lockdown enterprise WLANs.

To get your FREE white paper visit us at: http://www.securityfocus.com/AirDefense-focus-virus