Hosting Provided By

Re: Win32 Port of TAR

From: Bruce P. Burrell <bpb(at)umich.edu>
Date: Mon Nov 11 2002 - 02:20:33 EST

On Fri, 8 Nov 2002 at 13:18 -0600, Kevin.M-CTR.Shannon@faa.gov wrote:

> This sounds like virus activity.

Doesn't to me, though it might be a Trojan Horse.

> Did you consider the possibility that a virus may have wiped the files

Again, that would be a Trojan: no replication in sight here.

> If the file system was FAT/FAT32, you can check out ECFS (Enforcement of

[Thanks for that; wasn't aware of it. If others look, though, it's listed as "ECSF".]

> I do have a question though; you stated that "4,096 Bytes in Bad Sectors."

Do you need help?

Bad sectors aren't in files. They're marked as bad in the FAT at format time.

> Can a virus mark sectors as bad? Anyone?

Sure.

As a matter of fact, the very first PC virus did exactly this, 16+ years ago.

-BPB University of Michigan AntiVirus Team Leader University of Michigan Data Recovery Team Leader PGP 2.6.2 key fingerprint: 0D A5 98 3C 91 DA E0 DD 9C 6D FA 8F 4D 34 95 ED

This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com Received on Mon Nov 11 13:39:16 2002

This message: [ Message body ]
Next message: Paul Timmins: "Re: 2 data recovery questions"
Previous message: Brian C. Lane: "Re: 2 data recovery questions"
In reply to Kevin.M-CTR.Shannon(at)faa.gov: "Re: Win32 Port of TAR"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:41 EDT