Mailinglist Archive: opensuse (770 mails)

< Previous Next >
[Summary/Solved] Re: [opensuse] Partition Recovery? Is it even missing to begin with or just shifted?
Hello,

On Sat, 11 Aug 2012, David Haller wrote:
On Fri, 10 Aug 2012, David C. Rankin wrote:
[..]
What I think happened, is some corrupting information got written
to the first part of sda1

Actually, your drive was repartitionend and "dummy" entries in the MBR
added. As the first one points to a sector between the MBR (and
apparently after GRUB's stage 1.5), sda1 is still intact but as sda2.

Actually, it turns out that that "fishy" sector actually does contain
the first part of the Boot.Pihar Trojan/Backdoor, and I think some
more stuff is between each EPBR and the actual partition/filesystem.

https://www.virustotal.com/file/1cf12d246e9a2fbe1995034366f74aa5c892fc78a21de31cf6ba2a32ce74b6bc/analysis/

I think one could "fix" the partitioning itself by just deleting the
extra entry in the MBR-Partitiontable and move the real entries (now
sda2/3) to sda1/2 again. The partitions and filesystems seem ok.

As it is a virus/trojan/backdoor infection, I recommended dcr do
best zero the disk and reinstall.

-dnh

--
Es kursiert ja immer noch die Behauptung, dass sendmail geschrieben
wurde, weil sich jemand sein root-Passwort nicht merken konnte. -- A. Schreiber
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >