1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Malicious Attack - Possibly..

Discussion in 'Linux - General discussion' started by skipzoid, Aug 19, 2008.

  1. skipzoid

    skipzoid Member

    Joined:
    Aug 5, 2008
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    11
    I hope someone can help;
    A friend of mine last week visited a hotel and used their WiFi, not long after logging on the laptop began to miss-behave, so he rebooted it and then the machine froze just after the POST.

    After 6 hours ish of spinrite scanning the HD was given a clean bill of health and so we turned to trying to boot it from a standard Windows XP Pro CD, the machine again freezes just after the 'Setup is scanning etc..' message. Weird.. We tried a 'live' Linux CD which booted with no problems at all and allowed us access to the HD, everything apears to be there - except the \WINDOWS directory.

    We found a util called ntfsundelete to run under Linux, which did indeed find a few (5 files) that where delete on th date when the Laptop stopped working. However no windows directory.

    Can someone suggest a method of recovering the \WINDOWS directory ?

    Its all a bit coincidental that it happend a short while after connecting to the WiFi in the hotel,

    He's now discovered the value of backups - updates - firewalls etc, no point dwelling on this..
     
  2. OzMick

    OzMick Guest

    Backup what you can through the live CD, then format the drive, then try to reinstall Winblows if you must. Beyond that, what you have is entirely a Windows fault, so you're posting in the wrong forum. Most of us just use Linux in here and couldn't give a damn about repairing Windows, but best repair is often to just format it, it is all one big malware DRM ridden virus.

    Or, you know, you could just install Linux, seeing as you've proven to yourself that it is significantly more stable that Windows...
     
  3. skipzoid

    skipzoid Member

    Joined:
    Aug 5, 2008
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    11
    You're preaching to the converted, I've been a /nix user for over 15 years, my own laptop duel boots windoze/Linux with the default being Linux.

    I do realise its entirely a windows problem, just never encountered a laptop that wouldnt even boot from an original windows cd and allow a reinstall, the linux live cd boots and allows access back to the /damaged/ drive, but no windows directory, ntfsundelete (linux util) finds some files on the same date when it all died, but doesnt discover the directory its self,

    I chose this forum - becuase the Linux guys (in my experiance) seem to know more about Windows than the windows guys sometimes - :)


     
  4. varnull

    varnull Guest

    I have seen some laptops with windows in odd places.. A dell for repair last week had it in E:\system\windows ;)

    I have seen tis situation once or twice.. what is happening is people are stealing windows by moving the folder to their local machine instead of copying it. Why they would want to steal it is a mystery because IMHO it's a worthless thing, so many good pirated versions kicking about, but possibly they sell it or use the legit key (if they find one)

    Puzzling why it won't install, unless there is some flag in the bios to only allow the manufacturers oem version. In that case the easiest way I have found is to make an install of windows on a similar machine then copy the whole windows directory and those odd few extra C: files across to the partition (which BTW I have taken the boot flag off) then start it with the "boot first hdd or partition" on the UBCD and let it find all the different new hardware.. finally to use the partitioning tools again (I use gparted.. but whatever) and set that partition to boot.. sometimes it works, other times it doesn't.. but it usually then allows you to run the xp cd and run the recovery/repair console thing :)
     
    Last edited by a moderator: Aug 20, 2008

Share This Page