On 08/11/2012 09:00 AM, David Haller wrote:
PS@dcr: please run a antivirus check (total<something> online?) on that dcr-sda-0.img file[1]. There _is_ some code in sector 29 which looks fishy to me at a first glance. And as that partition is active and ISTR there are some "trojans"/"viruses" about that "kidnap" your disk by encrypting it, and a normal Winders MBR would just boot that fishy partition... "You" might've been *very* lucky to have Grub and not a normal DOS bootcode in your MBR ...
WOW, Not this is strange. Only 3 of 42 virus scanners identified the file as infected. The virus scanners that flagged the file as infected were: Antivirus Result Update DrWeb Trojan.Tdlphaze.1 20120811 Kaspersky Rootkit.Boot.Pihar.b 20120811 Microsoft Trojan:DOS/Alureon.J 20120811 You can see the full results at: https://www.virustotal.com/file/8565f52c05d538dbe288cd83b63ec2fad0a6f11197b2... The remaining major scanner engines flagged it as clean. I don't know if this means we are dealing with a new variant of some virus, or if the other engines just missed it, or if it is a false positive on those three? Thank you for the link, that is a fantastic virus scanning tool! -- David C. Rankin, J.D.,P.E. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org