BLACKMAL ATTACK HELP

[GIKUYU]

Hi all,

I have 7 machine's that have been attacked by a BLACKMAL Virus which has changed the sizes of all files (documents) in My Docuements into 1 kb in size
when i open them all are empty WITH THIS ERROR WRITTEN ON THE WORD DOCUMENT:

DATA Error [47 0F 94 93 F4 K5]


the documents are quite critical in some of the machine's.

1. WHICH TOOL CAN REPAIR THIS FILES BACK TO THEIR ORIGINAL SIZE AND RESTORE ALL THE INFORMATION CONTAINED IN EACH.

2. WHATS THE BEST TOOL TO SAFGUARD AGAINST THIS ATTACK AGAIN?

Your kind assistance is appreciated.

regards.

 

[bluntside]

Not to be an ass or anything, but thats why ppl created firewalls :lol:

 

[bluntside]

-OK-
http://www.ewido.net/en/product/
try this and find a crack for it, works great!!!
Other than your files :/ It seems that all of your documents are lost into olblivion. I dont want to jump into conclusions though.
UUUUMMMMM, try using Norton Go Back.
Or run your OS in SafeMode, that usually can make uo so that you can backup your files :twisted:

 

[Codesmith]

Want to keep your data safe?

I use the free versions of zone alarm and avast 4 Home, plus a hardware router with only the ports I need opened.

You also want to enable automatic updates and make sure you apply Windows secruity updates as soon as they are released.

Also it help to completely avoid Internet Explorer and Outlook Express, Firefox and Thunderbird are much safer.

I also scan my system with Adaware and Spybot Search and destroy, but I never find anything serious on my system because of the above precautions.

Next you need to follow a sound backup strategy.

Keep your installed software and documents on seperate partitions. (Don't forget to move your internet profiles, email store folders, desktop, my documents...).

Backup your OS regularly using True Image 9. Do before and after you make major changes to your software. (Before in case something goes wrong, and After so you saved your changes)

Backup your important files regularly with EMC Retrospective 7.5.

If you find that a program forces you to store important data on C: you wan to make sure you are backing it up with Retrospective.

I backup everything to a RAID 1 array, and occasionally move it to DVD+RW. If you are worried about a fire store the DVD's offsite (and don't forget to password protect the backup if you are storing confidential data)

-

To recover deleted files the first rule is imediately stop using the suspect drive.

Boot an OS from another drive and run recovery software. Deleted files stay on the hard drive until another file is written to the same location. So everytime anything is written to the hard drive you are potentially destroying part of your deleted files. Even booting or shutting down windows XP writes to the hard drive.

Installing recovery software to the drive with the deleted files is also bad.

Best to pull the plug and disconect the hard drive until you are ready to boot from another hard drive and attempt recovery.

If you don't have another hard drive/PC to boot from and install the recovery software to, then you are screwed.

---

PS if you install the same OS to the same hardware more than once then you are doing something wrong. Each motherboard/RAID configuration should require one and only one install (using an unattended install file of course). Then before you do anything else you back up the clean install and keep it in a safe place.

---
One more thing. If you pay the blackmail they can't fix your files.

 

[hubbardt]

I've had a good Google about this problem and the only (sort of) useful link is this one

 

[rodney_ws]

I've had a good Google about this problem and the only (sort of) useful link is this one

*chuckle* After reading this it makes me think they wrote the damned thing... as-is, the guy with the infected drive should DEFINITELY STOP USING THAT DRIVE until a data recovery lab has a chance to look it over... if this link is correct, recovery should be possible.


Schmucks.

 

[Codesmith]

I would try booting with a 2nd PC an using a non-destructive recovery tool for such as Final Data, or Get Data Back NTFS to see what you can recover on your own before sending it to a lab.

Many of these programs will let you run them unlicensed to see what they can recover and only after you see what files they find do they ask you to cough up the $$.

 

[bluntside]

-Good Luck Bro-