While we've all laughed at this virus, there's been little comment
about how "widespread throughout the UT community" (to quote the Urgent
Message). Suppose, for a moment, that some virus really *did* become
"widespread". Although the University would probebly clean all the campus
machines fairly quickly, it could take months or even longer to get it out
of the dorms! Probebly even persistant reinfection! (Which I find even
funnier than the virus itself :)
> The Win 32/CIH virus was triggered in a test using a Windows 95 system.
> After the computer's date rolled over to 26 July, all disk partitioning
> information was lost, leaving the system unbootable and the data
> unrecoverable. No known tools are available to help save lost work, but
> analysts are searching.
Sure there are -- the virus only overwrites the partition table
and MBR? So put the drives in a linux system, scan the raw device in a hex
viewer looking for a begining FAT signature, and loopback mount the
partition at the correct offset! Hey, anybody see any money to be made
doing custom filesystem recovery?
-Alex
__________________ T
\ Alex Winbow \______________ Houston/Austin E
\ [EMAIL PROTECTED] \_________________ U.of X
\________ http://uts.cc.utexas.edu/~awinbow \ A
\_____________________________________\ S
---------------------------------------------------------------------------
Send administrative requests to [EMAIL PROTECTED]
