[RESOLVED] New Virus?

[byteme_1997]

Has anyone come across a virus that when activated automatically repartions drive? This particular customers business computer appears to have had this done and they are all listed as Non-Dos partitions. Any insight would be useful as to the possible virus and or a way to recover the data.

Mike

[Student^2]

eh, I'll bite but it seems like a long shot. I haven't ever seen a virus that could re-part a drive, nor could I find one that did in McAfee's viri database (but not an exhaustive search, so maybe). As for them being non-DOS that could indicate
1) The customer uses NT
2) They were formatted by Partition Magic or such
3) He has an older drive with wierd overlay software or has it compressed. Both of those can (not always, but can) create strange problems.

Maybe more info?

[Wayward Clam]

I have to agree, don't think it is a virus. There are many data-recovery programs out there that you could use... I use Lost & Found myself. I believe there are some links here are Windrivers to some downloadable ones.

[L15ard]

could be the CIH/chenoble virus (think that how it's spelt) that destroys the MBR, again L&F is the answer, if you are going the follow this method use KILLCIH first otherwise you'll just pass the virus on to another machine...

[Platypus]

Have you tried FDISK/mbr in case its a stealth boot-sector virus. I've found Monkey causing report of Non-DOS partitions.

[qdoc]

you'll propably have finished working on the system by now but i'll post my opinion.

If you want the customers data u should try "easy recovery" from ontrack.
It finds the data (if it can) stores it in another hd but without directory names.U can see the directories as dir001 dir 002 etc.
The files are ok though, with long name support and a file manager similar to good old norton.