Simtel MSDOS 1992 September

home *** CD-ROM | disk | FTP | other *** search

/ Simtel MSDOS 1992 September / Simtel20_Sept92.cdr / msdos / trojanpr / dirtyd9c.arc / TRECOVER.DD < prev next >

Wrap

Text File | 1989-12-16 | 7KB | 138 lines

------------------------------------------------------------------ | | | TROJAN HORSE RECOVERY | | | ------------------------------------------------------------------ | Issue #9: December 17, 1989 | | Revision Stage: C | | | | Written by Eric Newhouse | ------------------------------------------------------------------ While reading this, bear in mind that there is no better remedy for a drive that has run a trojan horse than a recent backup.. AARGH! Perhaps your hard disk sounds like a sick moose. Perhaps your drive light starts flashing repeatedly, like a police car's lights. Perhaps your drive just sits in the computer, and the computer doesn't acknowledge its presence. Having watched my drive crash many times, I can understand the frustration you will feel after your hard disk conks out. While a faulty hard drive, disk controller, or cable can make these ailments uncurable without spending a lot of money, usually you CAN recover from a trojan horse with only investing a little time. After running a trojan horse, the first thing to do is calm down. Face the situation stoicly; it may prevent your hair from turning gray. Diagnose the damage. Was your [hard] drive formatted? Did the trojan scramble your FAT table? Did it erase every file? Did it erase or format your [hard] drive's boot sector? The odds are that the trojan incurred one of these four disasters.. After a successful diagnosis, you are ready to remedy the problem. 1) If the trojan low-level formatted your [hard] disk: Hope that you have a recent backup; that's the only remedy for this disease. 2) If the trojan high-level formatted your [hard] disk: In 1987 Paul Mace introduced a way to recover formatted data. Unfortunately, most programs can only recover formatted data COMPLETELY if you run a "snapshot" program right before the format. The reason: DOS fragments large files and without an accurate map of the formatted disk, unformatters have problems dealing with such files. You will need one of these three programs to recover your disk if the trojan formatted it: 1. PC-Tools Deluxe (Central Point, $79.95) 2. Mace+ Utilities/Gold (Paul Mace $99.95) 3. Advanced Norton Utilities (Peter Norton, $150.00) retail) There is at least one other program that can unformat disks, but the name of it is slipping my mind. As of this printing, PC-Tools probably has the best unformatter. It can reputedly reconstruct formatted disks regardless of the disk's state of fragmentation. PC-Tools may not be right for your other disk management needs, however, so you should talk to a salesmen about these products before making a purchase. 3) If the trojan scrambled your FAT table: Sector editors such as those included in the Norton Utililites, PC-Tools, and a host of other popular utility packages (not Mace+) allow experienced users to piece their FAT backtogether from Gibberish. This avenue of recovery is only open to extremely proficient users, however. Everyone else, including myself, must rely on a FAT backup program to provide a feeling of security. DBACK10.ZIP (available on my board) will back up your FAT table in under a minute to floppy. DBACK makes FAT backup easy and non time consuming. 4) If the trojan erased file(s), and the FAT table is undamaged: There are many commercial and public domain packages available that undelete deleted files. Norton Utilities, PC-Tools, MACE+, and UNDEL.COM will all do the job. The commercial products are all more reliable in undeleting, but they are also more expensive that the Public-Domain UNDEL. Always undelete your most recent files first; that is, undelete files in the order of last time written to disk. I know that PC-Tools and Mace automatically list undeletable files in the correct order, but the other two may not. 5) If the boot sector on your hard disk gets erased/formatted: There are four things to do if this happens, and the worst that can happen is that you will go without a hard disk for a while. Backup before proceeding with any of the steps here, for you may have to destroy some files to restore your hard disk to boot status. A) Try doing a "SYS C:" (or "SYS A:") from your original DOS disk. Then copy COMMAND.COM back onto the hard drive. If your hard drive still won't boot then try step B. B) If you have the MACE+ utilities go to the "other utilities" section and "restore boot sector." This should do the job if you have been using MACE+ correctly. C) If you are still stuck, BACK EVERYTHING UP and proceed to do a low level format. Instructions on how to perform a low-level format should come with your hard disk controller card. Be sure to map out bad sectors using either SCAV.COM by Chris Dunford or by manually entering the locations of bad sectors into the low level format program. After the low level format run FDISK.COM (it comes with DOS) to create a DOS partition. Refer to your DOS manual for help in using FDISK. Then put your original DOS diskette in drive A: and type FORMAT <drive letter>:/S/V. <Drive letter> represents the letter of the disk you are formatting. Try rebooting again. D) If you are still stuck, either employ some professional computer repairmen to fix your drive, or live with a non-bootable hard drive.. Mace+/Gold, PC-Tools, and Norton's Utilities are all fine programs. However, there's one more program worth mentioning, and that's SpinRite (tm) by Steve Gibson. SpinRite advertises itself by saying that it prevents ALL hard disk crashes before they happen. I don't have any experience with the program, but I know some colleagues who love it. SpinRite may be worth a look.