Hi, I'd just blow away every partition along with the MBR and start completely fresh; chances are you won't be able to restore from the recovery partition without sighted help anyway and even if you did, drivers would be out of date, updates would need to be downloaded and all the usual software rubbish would have to be removed. Out of interest, how did you get to the files? Regards, Ben. On 4/21/12, David Mehler <dave.mehler@gmail.com> wrote:
Hi Everyone,
Thank you all for your suggestions and help. I have the data, the drive enclosure I have is going back tonight and data is going to be retrieved, I don't have a machine with sufficient memory to pull it off, the process crashes four times plus I'm overcopying because I don't know what they have.
Here's another question, that drive is going to get nuked, formatted and a fresh install. When I plug in the enclosure there's a partition called recovery, I'm assuming this is a hidden recovery partition, this is a dell machine, and that windows is in there. Question being, researching aulorion that's a nasty piece of work it replaces the mbr plus a disk driver, can it get in to the recovery partition and if a restore is done from that will it be effective, basically will I end up with a clean box?
Thanks again. Dave.
On 4/20/12, George Bell <george@techno-vision.co.uk> wrote:
Hi Jackie,
Yes that's correct, but I wasn't sure whether or not David's extended family system would allow this to be done.
-----Original Message----- From: blind-sysadmins-bounces@lists.hodgsonfamily.org [mailto:blind-sysadmins-bounces@lists.hodgsonfamily.org] On Behalf Of Jackie McBride Sent: 20 April 2012 15:58 To: Blind sysadmins list Subject: Re: [Blind-sysadmins] Malware and File Permissions and attributes
george, the way to clean system restore files is simply to turn it off. Then do a scan, & the antivirus software can disinfect the files contained therein. Don't forget to re-enable it again once that process is complete, of course.
On 4/20/12, George Bell <george@techno-vision.co.uk> wrote:
Hi David,
I'd hazard a guess that the System Restore files still contain this muck, but how you get rid of the System Restore in these circumstances is the $64,000 question. They normally cannot usually be cleaned by
anti-virus software.
I'm afraid I'd be an absolute so and so here, and simply reformat the drive. While getting rid of the problem, hopefully, it might just also serve as a sharp, short lesson to the user to be more careful.
George.
-----Original Message----- From: blind-sysadmins-bounces@lists.hodgsonfamily.org [mailto:blind-sysadmins-bounces@lists.hodgsonfamily.org] On Behalf Of David Mehler Sent: 19 April 2012 19:37 To: blind-sysadmins Subject: [Blind-sysadmins] Malware and File Permissions and attributes
Hello,
Has anyone dealt specifically with any of the following malware:
1. Exploit:Java/CVE-2012-0507.R 2. backdoor:Win32/Kelihos.F 3. Exploit:Java/CVE-2010-0840.QI 4. exploit:Java/CVE-2012-0507.R!ldr 5. TrojanDownloader:Win32/Waledac.C 6. trojan:Win32/Tibs.IT 7. Trojan:Win64/Alureon.gen!F 8. Trojan:Win64/Alureon.gen!J 9. trojan:Win32/Alureon.gen!AD 10. Trojan:Win32/Orsam!rts 11. trojan:Win32/Alureon.FK 12. Trojan:DOS/Alureon.I 13. trojan:Win32/Dynamer!dtc 14. Trojan:Win32/Dynamer!dtc
on a win7 64 bit machine?
This one is going to be convoluted. An individual who gives me more computer headaches than anyone else but he also happens to be extended family, called me about two weeks back claiming his box had a worm. I think he was running Norton 360. I do not know the name of the worm or if it was a worm. He didn't give me the box until four days ago when
problems had eskelated to a backdoor/rootkit, trojan, and a virus his words. His cleaning efforts did not take the box off the internet so I wouldn't be surprised. The thing that got the box finally to me was a black screen, my guess is a very corrupted windows given some of the
above malware I've googled as well as a report that his user profile, documents, background, pictures, etc was gone. The drive in question
is very full only having 20 GB left of space.
Here's the problem, I put that drive in an external enclosure hooked
it up to a test box and cleaned it, took two passes of Security Essentials and Malware bites to do it, found the above listing of stuff this is after his "cleaning efforts" I can only have nightmares about what this looked like before. Two problems, the black screen (corrupted windows or registry my guess), and file permission changes.
He reported to me that certain files were "hidden" I have since discovered that they are operating system protected, but his profile
is not accessible, it's showing up as a folder with no files or folders in it.
These reports are still from this drive being in the external enclosure, I have not rehooked it up to it's motherboard, I believe my next step is to blow it away, it sounds like it is really bad, but I've got to get the profiles, documents, pictures, etc. Suggestions welcome, none of my googling on the above indicated they did anything with regards changing file attributes to hidden or setting files "protected" by the operating system.
Thanks. Dave.
_______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org http://lists.hodgsonfamily.org/listinfo/blind-sysadmins
_______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org http://lists.hodgsonfamily.org/listinfo/blind-sysadmins
-- Blame the computer--why not? It can't defend itself & occasionally might even be the culprit Jackie McBride Ask Me Computer Questions at: www.pcinquirer.com Jaws Scripting training materials: www.screenreaderscripting.com homePage: www.abletec.serverheaven.net
_______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org http://lists.hodgsonfamily.org/listinfo/blind-sysadmins
_______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org http://lists.hodgsonfamily.org/listinfo/blind-sysadmins
_______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org http://lists.hodgsonfamily.org/listinfo/blind-sysadmins