Mailinglist Archive: opensuse (770 mails)

< Previous Next >
Re: [opensuse] Partition Recovery? Is it even missing to begin with or just shifted?
On 08/11/2012 09:00 AM, David Haller wrote:
PS@dcr: please run a antivirus check (total<something> online?) on
that dcr-sda-0.img file[1]. There _is_ some code in sector 29
which looks fishy to me at a first glance. And as that partition
is active and ISTR there are some "trojans"/"viruses" about that
"kidnap" your disk by encrypting it, and a normal Winders MBR
would just boot that fishy partition... "You" might've been *very*
lucky to have Grub and not a normal DOS bootcode in your MBR ...

WOW,

Not this is strange. Only 3 of 42 virus scanners identified the file as
infected. The virus scanners that flagged the file as infected were:

Antivirus Result Update

DrWeb Trojan.Tdlphaze.1 20120811
Kaspersky Rootkit.Boot.Pihar.b 20120811
Microsoft Trojan:DOS/Alureon.J 20120811

You can see the full results at:

https://www.virustotal.com/file/8565f52c05d538dbe288cd83b63ec2fad0a6f11197b2827f441efd1d6bca85b1/analysis/1344715763/

The remaining major scanner engines flagged it as clean. I don't know if this
means we are dealing with a new variant of some virus, or if the other engines
just missed it, or if it is a false positive on those three?

Thank you for the link, that is a fantastic virus scanning tool!

--
David C. Rankin, J.D.,P.E.
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >