Fog Creek Software
g
Discussion Board

Recovering data after HD hosed by Magistr virus?

Hi

Although protected by McAfee (and ZoneAlarm), my mum's computer was hosed by the unfamous Magistr virus (all her Eudora mail files removed, most of her .DOC files removed with some of them remaning by with the YOUARESHIT string prepented.) More infos here: http://www.fabian.com.mt/VIRUSalerts/VIRUSALERT57.html

I did recover the drive using the open-source TestDisk applet, but obviously, the files are gone. Since the drive also had its MBR hosed, my mum could not longer boot... which is a blessing because most likely, the data are still there.

Anybody knows of a good utility that could try to recover the sectors? I heard of an app called Tiramisu, but never used it myself.

Thx a bunch

Damn them virii
Saturday, December 27, 2003

Merry Christmas,

From Microsoft

Damn the manufacturer
Saturday, December 27, 2003

;-)

Damn them virii
Saturday, December 27, 2003

Sorry, I can't stop myself: the plural of 'virus' is 'viruses'. 'virii' would be the plural of 'virius'.

google gave me this link about it:

http://www.perl.com/language/misc/virus.html

I use a hex editor called 'frhed'. It has a 'Open disk' option on its menu, with 'goto next sector' and so on. (I hope you'll forgive my not trying it on my PC!) frhed has a search capabitility, which I presume works with disks too. So, this may do what you want.

(If the files are fragmented, you are probably out of luck, but you never know.)

frhed is here: http://www.kibria.de/frhed.html

Good luck!

Insert half smiley here.
Saturday, December 27, 2003

Thanks, but you can imagine the amount of time and the difficulty it would take to rebuild files manually that spread over multiple sectors... which is just about any file since sectors are usually 512 bytes...

... provided the virus doesn't corrupt files before deleting them, which Magist does. I recovered a bunch of files using Ontrack EasyRecovery (previously Tiramisu)... only to find that their contents had been corrupted before deletion.

I hear AVG is a good antivirus ;-)

Thx anyway

Damn them virusES
Saturday, December 27, 2003

"I hear AVG is a good antivirus ;-)"

My mom has run this for 2 years without incident.

Mike
Sunday, December 28, 2003

I guess the McAfee antivirus that came with her HP Pavilion is a good program... but more so if its auto-update feature is enabled ;-)

I'll write some batch file with NcFTP to automate backing up her important files to her ISP.

Damn them virusES
Sunday, December 28, 2003

*  Recent Topics

*  Fog Creek Home