Hello, On Sat, 11 Aug 2012, David Haller wrote:
On Fri, 10 Aug 2012, David C. Rankin wrote: [..]
What I think happened, is some corrupting information got written to the first part of sda1
Actually, your drive was repartitionend and "dummy" entries in the MBR added. As the first one points to a sector between the MBR (and apparently after GRUB's stage 1.5), sda1 is still intact but as sda2.
Actually, it turns out that that "fishy" sector actually does contain the first part of the Boot.Pihar Trojan/Backdoor, and I think some more stuff is between each EPBR and the actual partition/filesystem. https://www.virustotal.com/file/1cf12d246e9a2fbe1995034366f74aa5c892fc78a21d... I think one could "fix" the partitioning itself by just deleting the extra entry in the MBR-Partitiontable and move the real entries (now sda2/3) to sda1/2 again. The partitions and filesystems seem ok. As it is a virus/trojan/backdoor infection, I recommended dcr do best zero the disk and reinstall. -dnh -- Es kursiert ja immer noch die Behauptung, dass sendmail geschrieben wurde, weil sich jemand sein root-Passwort nicht merken konnte. -- A. Schreiber -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org