Re: Hit by virus !? Help, please...
I had that before, but then it complains about lilo everytime it boots up. So I had to turn it off again... Arcady Genkin wrote: > debian <[EMAIL PROTECTED]> writes: > > > > It deletes your BIOS after writing over the disk ... not just the > > > partition table. > > Could someone give an opinion on turning on "Antivirus" feature in the > motherboard BIOS? I recall hearing once that it should be avoided, but > I can't remember the arguments. > > FWIW, I have an ABIT BX6 MB. > -- > Arcady Genkin > "I opened up my wallet, and it's full of blood..." - GsYDE > > -- > Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] < /dev/null -- Shao Zhang - Running Debian 2.1 ___ _ _ Department of Communications/ __| |_ __ _ ___ |_ / |_ __ _ _ _ __ _ University of New South Wales \__ \ ' \/ _` / _ \ / /| ' \/ _` | ' \/ _` | Sydney, Australia |___/_||_\__,_\___/ /___|_||_\__,_|_||_\__, | Email: [EMAIL PROTECTED] |___/ _
Re: Hit by virus !? Help, please..
>On Tue, Apr 27, 1999 at 01:08:44PM -0400, Jan >Muszynski wrote: >> So even if you do have a data backup your BIOS is >probably fried. >> >> For more information see: >> http://www.datafellows.com/v-descs/cih.htm > >It was only a matter of time before a virus came along >which could >flash >your BIOS. I'll tell you what scares me even more >though -- Western >Digital >have published firmware updates for IDE drives on >occasion, which leads >me to assume they have flash BIOS in there too. My >video card >(Diamond Viper V330+) is software upgradable too. Most >Rockwell modems >are software upgradable too. (AT** then Xmodem >upload.) >Lots of motherboards have socketed ROM chips, so you >can fix them with >a ROM programmer. Not so on video cards and hard >disks. Most motherboards (at least the ones I have seen) won't let you run the software to re-program the flash unless you first throw a hardware switch, or move a jumper block to enable the HW write on the bios chip. Compaq uses a password protection scheme. I would hope that both methods are enough to keep a virus from frying anything. I have a serial modem that can be upgraded. I think that the protocol it uses for that is propriety to the maker so a virus couldn't get in (unless someone who worked for them wrote the virus). === Amateur Radio, when all else fails! http://www.qsl.net/wa2mze Debian Gnu Linux, Live Free or . _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com
Re: Hit by virus !? Help, please...
On Tue, Apr 27, 1999 at 01:08:44PM -0400, Jan Muszynski wrote: > So even if you do have a data backup your BIOS is probably fried. > > For more information see: > http://www.datafellows.com/v-descs/cih.htm It was only a matter of time before a virus came along which could flash your BIOS. I'll tell you what scares me even more though -- Western Digital have published firmware updates for IDE drives on occasion, which leads me to assume they have flash BIOS in there too. My video card (Diamond Viper V330+) is software upgradable too. Most Rockwell modems are software upgradable too. (AT** then Xmodem upload.) Lots of motherboards have socketed ROM chips, so you can fix them with a ROM programmer. Not so on video cards and hard disks. Hamish -- Hamish Moffatt VK3TYD. CCs of replies from mailing lists are welcome.
Re: Hit by virus !? Help, please...
On Wed, 28 Apr 1999, Richard Harran wrote: > Wasn't there a 'how to make a machine really secure' thread on this list > a little while back (probably around the last time one of these data > viruses exploded)? > > If I remember correctly suggestions started with using 'tripwire' > software, progressed through not using any floppies at all, then > disconnecting from any network access, and ended up with a linux box > encased in concrete in a secret underground bunker with automatic > sentries, and switched off. Yeah... it was an enjoyable thread to read too.. :) Michael Beattie ([EMAIL PROTECTED]) PGP Key available, reply with "pgpkey" as subject. - If NT is the answer, you didn't understand the question. (NB: Stolen sig) - Debian GNU/Linux Ooohh You are missing out!
Re: Hit by virus !? Help, please...
> Could someone give an opinion on turning on "Antivirus" feature in the > motherboard BIOS? I recall hearing once that it should be avoided, but > I can't remember the arguments. > > FWIW, I have an ABIT BX6 MB. > -- > Arcady Genkin Hi Doesnt seem it will work. The virus destorys only Flash BIOS which could be prevented by setting jumpers in ur mboard. U can consult ur mboard manual for that. I feel the antivirus option in the BIOS is for warning against Boot sector modifications or some thing of that sort. Regards de Ajith Peter VU3EMX <[EMAIL PROTECTED]> >>> Keeping up the spirit of Amateur Radio and free computing <<<
Re: Hit by virus !? Help, please...
In a message dated 4/28/99 10:25:05 AM Central Daylight Time, [EMAIL PROTECTED] writes: > > > It deletes your BIOS after writing over the disk ... not just the > > > partition table. > > Could someone give an opinion on turning on "Antivirus" feature in the > motherboard BIOS? I recall hearing once that it should be avoided, but > I can't remember the arguments. > > On my latop, I have the same setting... and it controls whether or not I can overwrite the MBR on my HD. Assuming I don't plan on partioning my drive, I can set this switch to prevent anyone else from doing so. Unfortunately, it doesn't protect the BIOS itself. -Jay
Re: Hit by virus !? Help, please...
debian <[EMAIL PROTECTED]> writes: > > It deletes your BIOS after writing over the disk ... not just the > > partition table. Could someone give an opinion on turning on "Antivirus" feature in the motherboard BIOS? I recall hearing once that it should be avoided, but I can't remember the arguments. FWIW, I have an ABIT BX6 MB. -- Arcady Genkin "I opened up my wallet, and it's full of blood..." - GsYDE
Re: Hit by virus !? Help, please...
Richard E. Hawkins Esq. wrote: > > raymond rote, > [snip] > > 2. If you're going to run Windows, get at least decent freeware > > antivirus software. > > This is what pentiums are for. Safe computing dictates that you should > draw one around your computer before loading windows or otherwise > trafficcing in demons :) > Isn't that "pentagrams"? The Pentium is what's inside... ;-)
Re: Hit by virus !? Help, please...
On Wed, 28 Apr 1999, Richard Harran wrote: *snip* > Having said all that, I'm absolutely useless at keeping backups, so I'm > probably heading for a complete loss of data. Rich I'm that way as well, and I'm sorry you are. I quite sympathize! I have a W95 OS on my disk, the warranty requires it. --David David Teague, [EMAIL PROTECTED] Debian GNU/Linux Because software support is free, timely, useful, technically accurate, and friendly. (Thanks guys!)
Re: Hit by virus !? Help, please...
On Tue, 27 Apr 1999, Helge Hafting wrote: > > > I'm curious about virii and Linux... > > > > Am I wrong to assume that Linux is not immune to virii [...] [...] > If you want a real safe machine, make it linux only. No dos > partition, no dos emulator. And set it up so it won't try booting > from the floppy drive. (You can always change that back if you ever > need to boot a floppy.) Such a machine will be immune until a > linux virus is written. And a linux virus wouldn't be able > to do much damage other than destroying the user's personal files. There have been two known Linux viruses. The first was called "Staog", and the second was called "Bliss". They haven't really made it far in the wild, but they have been written. I don't know much about Staog, but apparently it does try to subvert root. Unless it's been updated the vulnerabilities probably have been patched (it appeared in the fall of 1996). More info on Staog at "http://infosec.navy.mil/TEXT/virus.html"; and "http://www.datafellows.com/v-descs/staog.htm";. Bliss is a less malicious virus that doesn't try to subvert root. It even has a disinfect option; if you invoke an infected file with "--bliss-disinfect-files-please", it will try to disinfect itself. More information on Bliss is at "http://www.datafellows.com/v-descs/bliss.htm";, "http://www.njh.com/latest/9702/970204-06.html";, and "http://www.tbtf.com/resource/bliss.html";. Information on these viruses and Unix viruses in general is at "http://www.csn.net/~bediger/virefs.html";. Sincerely, Ray Ingles (248) 377-7735 [EMAIL PROTECTED] "Something can be comprehensible, even comprehended, and still be marvelous, wonderful, and valuable." - Me
Re: Hit by virus !? Help, please...
On Tue, 27 Apr 1999, George Bonser wrote: > On Wed, 28 Apr 1999, debian wrote: > > > In actual fact this virus deletes your FLASH BIOS rendering motherboard > > useless unless of course your got a bios chip around. > > It deletes your BIOS after writing over the disk ... not just the > partition table. Actually, only some chipsets are vulnerable to getting their BIOS trashed. If your disks are toasted, that's small consolation, but at least the thing will boot tomsrtbt and you can try fixing things. Sincerely, Ray Ingles (248) 377-7735 [EMAIL PROTECTED] "Reality is that which, when you stop believing in it, doesn't go away." -- Philip K. Dick
Re: Hit by virus !? Help, please...
On Wed, 28 Apr 1999, George Bonser wrote: > Actually, Emacs is a very good vehicle for viruii I have the following in my .emacs file to prevent such things: ;;; For security reasons, to prevent odd little inclusion in files from ;;; causing harm... (setq enable-local-eval nil) (setq enable-local-variables nil) I *think* recent versions of emacs have these off by default. When set, you can embed Lisp code in documents that is executed when you open it up. Considering that Emacs is practically an operating system unto itself, there isn't much you can't do with an Emacs macro. Unless you actually use this feature, it's much better to turn it off. Sincerely, Ray Ingles(248) 377-7735[EMAIL PROTECTED] "Is knowledge knowable? If not, how do we know this?" -- Woody Allen
Re: Hit by virus !? Help, please...
Wasn't there a 'how to make a machine really secure' thread on this list a little while back (probably around the last time one of these data viruses exploded)? If I remember correctly suggestions started with using 'tripwire' software, progressed through not using any floppies at all, then disconnecting from any network access, and ended up with a linux box encased in concrete in a secret underground bunker with automatic sentries, and switched off. The point is that it is impossible to completely protect your computer from some sort of 'foreign' interference without rendering it useless. Thus the sensible thing to do is to make regular back-ups, and also to have some way of detecting when your integrity has been compromised (excuse the lapse into pseudo-military jargon, I've been watching too many war movies on the news), so that you don't back up corrupted data over older but intact data if you use incremental back-up. Having said all that, I'm absolutely useless at keeping backups, so I'm probably heading for a complete loss of data. Rich Helge Hafting wrote: > > > I'm curious about virii and Linux... > > > > Am I wrong to assume that Linux is not immune to virii (I don't even know if > > virii is a word - but it just sounds cool :) ? Obviously the security > > features of Linux can prevent some virii from affecting certain files on > > your > > system... but what about the boot sector? And what if you happen to be su'd > > or logged in as root when you get (and heaven forbid) execute an infected > > program? > > Viruses activate when infected files or bootsectors are executed. Some > dos viruses also "take over" certain system calls. > > Viruses can be written for linux, but it haven't happened yet as far as I > know. > Dos/windows viruses are usually incompatible and can't work with linux, > just as dos programs don't run in linux (unless a suitable emulator is used). > > So a linux-only machine is very safe. It can be vulnerable to booting > with a boot-virus infected diskette in the drive, because such a thing > may obliterate the harddisk before linux is loaded. These viruses will > usually only mess with lilo though, possibly making the machine unbootable > but no damaged files. > These viruses may install their own int 13 handler (bios disk access) > but linux doesn't use that after the kernel is loaded, so it is > effectively isolated. > > dos-Viruses that affect files doesn't understand ext2 or the various > linux executable formats, so no danger there. The only way to activate > such a virus is by running some dos program in an emulator. The emulator > will stop the virus from obliterating the disk (i.e. dos fdisk activities > don't work in linux) The virus will only be able to mess with > files that the user is allowed to mess with, and it won't find dos/windows > executables among those. It can only spread to other dos files. > It may crash the dos emulator only, not linux. > > A dual-boot system is worse. The viruses can do anything when dos/windows > is running, but they don't understand ext2. Infection can spread to > the boot sector of the linux partition, not the files. > Of course the virus may do damage enough by interpreting the ext2 > partition as a FAT partition and write to it in this manner. Virus > writers don't bother testing for such mistakes. Also, overwriting > random disk sectors is a common way to to damage when the virus > pull the trigger. > > If you want a real safe machine, make it linux only. No dos > partition, no dos emulator. And set it up so it won't try booting > from the floppy drive. (You can always change that back if you ever > need to boot a floppy.) Such a machine will be immune until a > linux virus is written. And a linux virus wouldn't be able > to do much damage other than destroying the user's personal files. > > Helge Hafting > > > > -- > Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] < /dev/null
Re: Hit by virus !? Help, please...
Mitch Blevins wrote: > > As you pointed out, the smaller market share makes it less of a target > for the virus writers slaving away in the backrooms of antivirus software > companies. I've always suspected this, hmmm...? > > Win9x is like > a 10-generation, inbred, backwoods, hillbilly family where a common > cold can be introduced and wipe out the whole clan. GNU/Linux has a much > more robust gene pool. ROTFLMAO! > > Because of the Unix security model, spreading of virii is harder. Notice > how many more viris warnings you see for Win9x than for NT. > Data files in GNU/Linux tend to be common ascii text. This would be much > harder for a virus to hide in than the corfortable, dark and damp interior > of a MSWord file. (data files are a common way for virii to spread) Yeah, my boss has managed to pass along a nice little macro virus to just about everyone in the office. But hey, she sure has the nicest collection of jokes, .avi's, etc. > > Since GNU/Linux users are not conditioned to blindly run binary-only > programs, they are less likely to comply when they get that fateful > email with an attached executable and the spiffy subject line of > "Cool... run me. Fwd to your friends" I am surprised by how many people I know who blindly open e-mail from people/sources unknown to them. I've warned them, so one of these days... > > Also, I would hope that if antivirus software does become necessary > for Debian users, some smart people would step up and put the virus-cleaners > under a Free license, so we can use apt's auto-web-update capabilities > to sleep well at night. > and that's the beauty of Linux. Mark, chained to a windows machine :(
Re: Hit by virus !? Help, please...
So does it make the disk usable? or can if simply be reformatted? - Original Message - From: George Bonser <[EMAIL PROTECTED]> To: debian <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>; Sent: Wednesday, 28 April 1999 13:37 Subject: Re: Hit by virus !? Help, please... > On Wed, 28 Apr 1999, debian wrote: > > > In actual fact this virus deletes your FLASH BIOS rendering motherboard > > useless unless of course your got a bios chip around. > > It deletes your BIOS after writing over the disk ... not just the > partition table. > >
Re: Hit by virus !? Help, please...
Hi there, Seems ur sys is infected by the CIH virus and this will destroy ur HDD as well as ur BIOS. Many computers in our locality is infected. Their BIOS had to be replaced and the data in the HDDs could not be recovered. I have got a scan for the virus. U can have more details on the virus from http://www.cert.org. This virus will only infect Windows machines and not Linux. Thanks Ajith Peter VU3EMX <[EMAIL PROTECTED]> >>> Keeping up the spirit of Amateur Radio and Free Computing <<<
Re: Hit by virus !? Help, please...
In actual fact this virus deletes your FLASH BIOS rendering motherboard useless unless of course your got a bios chip around. - Original Message - From: Mitch Blevins <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Cc: Sent: Wednesday, 28 April 1999 2:38 Subject: Re: Hit by virus !? Help, please... > In foo.debian-user, you wrote: > > after my kid was playing games on win95 yesterday > > evening i was unable to boot into Linux - actually unable > > to boot into win95 also... Looks like some kind of > > virus destroyed boot sector with partition table. > > > > i can remember approximate partition sizes and order. > > > > Is there any way to recover partition table and the system > > as well ? > > You got hit with the CIH virus. It was well publicized at least > a week prior to the detonation date (yesterday). All reports that > I have seen don't hold much hope for recovering without a full reinstall. > (hope you backed up your data..) > > It is an unfortunate fact that if you want to run Windows on a machine > nowadays, you must pay tribute to the antivirus gods or suffer their > wrath from time to time. > > -Mitch > > > -- > Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] < /dev/null > >
Re: Hit by virus !? Help, please...
> I'm curious about virii and Linux... > > Am I wrong to assume that Linux is not immune to virii (I don't even know if > virii is a word - but it just sounds cool :) ? Obviously the security > features of Linux can prevent some virii from affecting certain files on your > system... but what about the boot sector? And what if you happen to be su'd > or logged in as root when you get (and heaven forbid) execute an infected > program? Viruses activate when infected files or bootsectors are executed. Some dos viruses also "take over" certain system calls. Viruses can be written for linux, but it haven't happened yet as far as I know. Dos/windows viruses are usually incompatible and can't work with linux, just as dos programs don't run in linux (unless a suitable emulator is used). So a linux-only machine is very safe. It can be vulnerable to booting with a boot-virus infected diskette in the drive, because such a thing may obliterate the harddisk before linux is loaded. These viruses will usually only mess with lilo though, possibly making the machine unbootable but no damaged files. These viruses may install their own int 13 handler (bios disk access) but linux doesn't use that after the kernel is loaded, so it is effectively isolated. dos-Viruses that affect files doesn't understand ext2 or the various linux executable formats, so no danger there. The only way to activate such a virus is by running some dos program in an emulator. The emulator will stop the virus from obliterating the disk (i.e. dos fdisk activities don't work in linux) The virus will only be able to mess with files that the user is allowed to mess with, and it won't find dos/windows executables among those. It can only spread to other dos files. It may crash the dos emulator only, not linux. A dual-boot system is worse. The viruses can do anything when dos/windows is running, but they don't understand ext2. Infection can spread to the boot sector of the linux partition, not the files. Of course the virus may do damage enough by interpreting the ext2 partition as a FAT partition and write to it in this manner. Virus writers don't bother testing for such mistakes. Also, overwriting random disk sectors is a common way to to damage when the virus pull the trigger. If you want a real safe machine, make it linux only. No dos partition, no dos emulator. And set it up so it won't try booting from the floppy drive. (You can always change that back if you ever need to boot a floppy.) Such a machine will be immune until a linux virus is written. And a linux virus wouldn't be able to do much damage other than destroying the user's personal files. Helge Hafting
Re: Hit by virus !? Help, please...
H C Pumphrey <[EMAIL PROTECTED]> writes: | Yike. That is a nasty thought. I have Debian and W98 on separate physical | discs at home and W98 refuses to acknowledge the existence of the Debian | disc. Hopefully a W98 virus would trash W98 on hda and leave my Debian | setup on hdb alone, except that I would need a boot floppy to get going. | Does this sound plausible? Depends on what you mean by Win9x refusing to see the disk and what the virus is. Are you saying your Linux disk is not visible in Win/DOS fdisk? In all likelihood Win9x doesn't see it because it doesn't recognize the partition type. That doesn't mean you can't get to it, via Win/Dos fdisk. At any rate, a virus could easily be written to wipe out the partition tables on any and all disks it has access to. The only way to get marginal assurance that this won't happen to you is by running a virus scan utility under Win9x. | I think I might just go home and make a boot floppy or two. That's only part of the story, if the virus wipes out your partition table you'll likely need a full backup to recover from it. In addition it doesn't hurt to do "fdisk -l |lpr" and keep the prinout around. This is a good idea even if you're not worried about a virus. Gary
Re: Hit by virus !? Help, please...
[Tale of W9x virus rubbing out both W95 and Debian by trashing boot sector snipped] Yike. That is a nasty thought. I have Debian and W98 on separate physical discs at home and W98 refuses to acknowledge the existence of the Debian disc. Hopefully a W98 virus would trash W98 on hda and leave my Debian setup on hdb alone, except that I would need a boot floppy to get going. Does this sound plausible? I think I might just go home and make a boot floppy or two. Hugh == Hugh C. Pumphrey, Dept. of -| Tel. 0131-650-6026,Fax:0131-650-5780 Meteorology, Univ. of Edinburgh | Replace 0131 with +44-131 if outside U.K EDINBURGH EH9 3JZ, Scotland | Email [EMAIL PROTECTED] ==P=l=e=a=s=e==N=o=t=e==t=h=e==N=e=w==F=A=X==N=u=m=b=e=r==
Re: Hit by virus !? Help, please...
On Tue, 27 Apr 1999 [EMAIL PROTECTED] wrote: > I'm curious about virii and Linux... > > Am I wrong to assume that Linux is not immune to virii (I don't even know if > virii is a word - but it just sounds cool :) ? Jay, Linux is immune to most viruii :) that affect LOSE 95/8 because most virii are specific to a particular kind of executable and operating system, and depend on the total anarchy of the environment. However, if the virus infects a LOSE 95/8 OS that is resident on the same system where Linux is resident, and eats the partition table and boot sector, Linux cannot see the disk anymore, since Linux depends on the boot sector to boot. Linux depends on the partion table to know where to look on the disk for the data. > Obviously the security features of Linux can prevent some > virii from affecting certain files on your system... but what > about the boot sector? And what if you happen to be su'd or > logged in as root when you get (and heaven forbid) execute an > infected program? Yes, Linux also provides disk, file, and memory protections that Lose 95 does not (I understand that OS/2 does provide these protections, and I really don't know about NT.) Programs can only affect files and other programs that have a specific set of permissions. I guess if the virus got in during boot, and functioned with root permission, it could play heck with your system. Is there a need for a virus scannner for Linux? I don't really know but I suspect not. > Is there a need for virus scanning software on Linux? My guess is Linux > isn't a targe right now because of it's lack of market share - but as more > users realize that Linux is better than Windows (imho), I would imagine that > virus software will start appearing in our beloved OS as well. I sure as heck hope this doesn't happen. -- David David Teague, [EMAIL PROTECTED] Debian GNU/Linux Because software support should be free, timely, useful, technically accurate, and friendly. (Thanks guys!)
Re: Hit by virus !? Help, please...
raymond rote, > On Tue, 27 Apr 1999, Oleg Krivosheev wrote: > > i can remember approximate partition sizes and order. > > Is there any way to recover partition table and the system > > as well ? > Well, *maybe*. If it's only approximate, you could be in trouble. I'd > advise looking for a disk editor and start perusing disk blocks. Look for > filesystem boundaries around where you think they are. I *think* they have > signatures - FAT has aa55, and I forget what ext2's is. I'd see if you can > find something on the web about that. I have recovered ext2 partitions, and ext2 extended partitions, by using fdisk in this manner on multiple occasions. But I did know the *exact* way that I'd created them. Important note: create them in the same order as you originally did. Otherwise minor (but fatal) misallignment occurs. Also, "findsuper" will help you find the superblocks, which may be of help. > 2. If you're going to run Windows, get at least decent freeware > antivirus software. This is what pentiums are for. Safe computing dictates that you should draw one around your computer before loading windows or otherwise trafficcing in demons :) --
Re: Hit by virus !? Help, please...
In foo.debian-user, you wrote: > I'm curious about virii and Linux... > > Am I wrong to assume that Linux is not immune to virii (I don't even know if > virii is a word - but it just sounds cool :) ? Obviously the security > features of Linux can prevent some virii from affecting certain files on your > system... but what about the boot sector? And what if you happen to be su'd > or logged in as root when you get (and heaven forbid) execute an infected > program? > > Is there a need for virus scanning software on Linux? My guess is Linux > isn't a targe right now because of it's lack of market share - but as more > users realize that Linux is better than Windows (imho), I would imagine that > virus software will start appearing in our beloved OS as well. Of course Linux is not immune from virii, but it does have many advantages. As you pointed out, the smaller market share makes it less of a target for the virus writers slaving away in the backrooms of antivirus software companies. Virii are written to be small, stealthy, and to spread without much helpful human interaction. This becomes easier when you have a consistant environment to operate in, such as that offered by the millions of binary equivalent versions of Win95 and Win98 that clutter the desktops of the world. With the diversity of the different GNU/Linux distributions that exist, it becomes harder for the virii to hide/spread. Win9x is like a 10-generation, inbred, backwoods, hillbilly family where a common cold can be introduced and wipe out the whole clan. GNU/Linux has a much more robust gene pool. Because of the Unix security model, spreading of virii is harder. Notice how many more viris warnings you see for Win9x than for NT. Data files in GNU/Linux tend to be common ascii text. This would be much harder for a virus to hide in than the corfortable, dark and damp interior of a MSWord file. (data files are a common way for virii to spread) Since GNU/Linux users are not conditioned to blindly run binary-only programs, they are less likely to comply when they get that fateful email with an attached executable and the spiffy subject line of "Cool... run me. Fwd to your friends" Also, I would hope that if antivirus software does become necessary for Debian users, some smart people would step up and put the virus-cleaners under a Free license, so we can use apt's auto-web-update capabilities to sleep well at night. -Mitch
Re: Hit by virus !? Help, please...
I'm curious about virii and Linux... Am I wrong to assume that Linux is not immune to virii (I don't even know if virii is a word - but it just sounds cool :) ? Obviously the security features of Linux can prevent some virii from affecting certain files on your system... but what about the boot sector? And what if you happen to be su'd or logged in as root when you get (and heaven forbid) execute an infected program? Is there a need for virus scanning software on Linux? My guess is Linux isn't a targe right now because of it's lack of market share - but as more users realize that Linux is better than Windows (imho), I would imagine that virus software will start appearing in our beloved OS as well. -Jay
Re: Hit by virus !? Help, please...
Assuming it was the CIH virus (and there's an excellent chance it was) here's an extract from DataFellows web site about this virus: > What makes the CIH case really serious is that the virus activates > destructively. When it happens the virus overwrites most of the > data on the computers hard drive. This can be recovered with recent > backups. > > However, the virus has another, unique activation routine: It will > try to overwrite the Flash BIOS chip of the machine. If this > succeeds, the machine will be unable to boot at all unless the chip > is reprogammed. The Flash routine will work on many types of > Pentium machines - for example, on machines based on the Intel > 430TX chipset. On most machines, the Flash BIOS can be protected > with a jumper. By default, protection is usually off. So even if you do have a data backup your BIOS is probably fried. For more information see: http://www.datafellows.com/v-descs/cih.htm Good luck On 27 Apr 99, at 12:38, Mitch Blevins wrote about Re: Hit by virus !? Help, please...: > In foo.debian-user, you wrote: > > after my kid was playing games on win95 yesterday > > evening i was unable to boot into Linux - actually unable > > to boot into win95 also... Looks like some kind of > > virus destroyed boot sector with partition table. > > > > i can remember approximate partition sizes and order. > > > > Is there any way to recover partition table and the system > > as well ? > > You got hit with the CIH virus. It was well publicized at least > a week prior to the detonation date (yesterday). All reports that > I have seen don't hold much hope for recovering without a full reinstall. > (hope you backed up your data..) > > It is an unfortunate fact that if you want to run Windows on a machine > nowadays, you must pay tribute to the antivirus gods or suffer their > wrath from time to time. > > -Mitch == Jan M.- mailto:[EMAIL PROTECTED] PGP key mailto:[EMAIL PROTECTED] Fingerprint:397D 093C E802 964E 5316 B90A 93CE 6696 Thought for the day: Concerto (n): a fight between a piano and a pianist.
Re: Hit by virus !? Help, please...
On Tue, 27 Apr 1999, Oleg Krivosheev wrote:
> after my kid was playing games on win95 yesterday
> evening i was unable to boot into Linux - actually unable
> to boot into win95 also... Looks like some kind of
> virus destroyed boot sector with partition table.
You almost certainly got hit by the CIH ("Chernyobl") virus. Depending on
the version, it triggers on June 26th, April 26th, or every 26th. It kills
the first 14 (?) sectors of the drive (blasting the partition table) and
then tries to trash the CMOS and/or Flashable BIOS. It sounds like you're
lucky - it only got the disk, otherwise your computer wouldn't boot at
all. :-/
More information at:
http://www.symantec.com/avcenter/kill_cih.html
http://www.datafellows.com/v-descs/cih.html
or do a web search.
> i can remember approximate partition sizes and order.
> Is there any way to recover partition table and the system
> as well ?
Well, *maybe*. If it's only approximate, you could be in trouble. I'd
advise looking for a disk editor and start perusing disk blocks. Look for
filesystem boundaries around where you think they are. I *think* they have
signatures - FAT has aa55, and I forget what ext2's is. I'd see if you can
find something on the web about that.
Once you think you've got it, mount read-only at first to help prevent
further corruption.
In the future, I'd advise three things. :->
1. Spank your kid, or whoever got the computer infected.
2. If you're going to run Windows, get at least decent freeware
antivirus software.
3. Go buy some kind of backup system and use it.
I know, I know, easier said than done. :-/
Sincerely,
Ray Ingles (248) 377-7735 [EMAIL PROTECTED]
"Improvements succeeded each other so rapidly, that machines which had
never been finished were abandoned in the hands of their makers,
because new improvements had superceded their utility."
Charles Babbage 'On the Economy of Manufactures' 1832
Re: Hit by virus !? Help, please...
In foo.debian-user, you wrote: > after my kid was playing games on win95 yesterday > evening i was unable to boot into Linux - actually unable > to boot into win95 also... Looks like some kind of > virus destroyed boot sector with partition table. > > i can remember approximate partition sizes and order. > > Is there any way to recover partition table and the system > as well ? You got hit with the CIH virus. It was well publicized at least a week prior to the detonation date (yesterday). All reports that I have seen don't hold much hope for recovering without a full reinstall. (hope you backed up your data..) It is an unfortunate fact that if you want to run Windows on a machine nowadays, you must pay tribute to the antivirus gods or suffer their wrath from time to time. -Mitch
