Tillbaka till svenska Fidonet
English   Information   Debug  
IC   0/2851
INTERNET   0/424
INTERUSER   0/3
IP_CONNECT   719
JAMNNTPD   0/233
JAMTLAND   0/47
KATTY_KORNER   0/41
LAN   0/16
LINUX-USER   0/19
LINUXHELP   0/1155
LINUX   6675/22112
LINUX_BBS   0/957
mail   18.68
mail_fore_ok   249
MENSA   0/341
MODERATOR   0/102
MONTE   0/992
MOSCOW_OKLAHOMA   0/1245
MUFFIN   0/783
MUSIC   0/321
N203_STAT   930
N203_SYSCHAT   313
NET203   321
NET204   69
NET_DEV   0/10
NORD.ADMIN   0/101
NORD.CHAT   0/2572
NORD.FIDONET   189
NORD.HARDWARE   0/28
NORD.KULTUR   0/114
NORD.PROG   0/32
NORD.SOFTWARE   0/88
NORD.TEKNIK   0/58
NORD   0/453
OCCULT_CHAT   0/93
OS2BBS   0/787
OS2DOSBBS   0/580
OS2HW   0/42
OS2INET   0/37
OS2LAN   0/134
OS2PROG   0/36
OS2REXX   0/113
OS2USER-L   207
OS2   0/4786
OSDEBATE   0/18996
PASCAL   0/490
PERL   0/457
PHP   0/45
POINTS   0/405
POLITICS   0/29554
POL_INC   0/14731
PSION   103
R20_ADMIN   1123
R20_AMATORRADIO   0/2
R20_BEST_OF_FIDONET   13
R20_CHAT   0/893
R20_DEPP   0/3
R20_DEV   399
R20_ECHO2   1379
R20_ECHOPRES   0/35
R20_ESTAT   0/719
R20_FIDONETPROG...
...RAM.MYPOINT
  0/2
R20_FIDONETPROGRAM   0/22
R20_FIDONET   0/248
R20_FILEFIND   0/24
R20_FILEFOUND   0/22
R20_HIFI   0/3
R20_INFO2   3250
R20_INTERNET   0/12940
R20_INTRESSE   0/60
R20_INTR_KOM   0/99
R20_KANDIDAT.CHAT   42
R20_KANDIDAT   28
R20_KOM_DEV   112
R20_KONTROLL   0/13300
R20_KORSET   0/18
R20_LOKALTRAFIK   0/24
R20_MODERATOR   0/1852
R20_NC   76
R20_NET200   245
R20_NETWORK.OTH...
...ERNETS
  0/13
R20_OPERATIVSYS...
...TEM.LINUX
  0/44
R20_PROGRAMVAROR   0/1
R20_REC2NEC   534
R20_SFOSM   0/341
R20_SF   0/108
R20_SPRAK.ENGLISH   0/1
R20_SQUISH   107
R20_TEST   2
R20_WORST_OF_FIDONET   12
RAR   0/9
RA_MULTI   106
RA_UTIL   0/162
REGCON.EUR   0/2056
REGCON   0/13
SCIENCE   0/1206
SF   0/239
SHAREWARE_SUPPORT   0/5146
SHAREWRE   0/14
SIMPSONS   0/169
STATS_OLD1   0/2539.065
STATS_OLD2   0/2530
STATS_OLD3   0/2395.095
STATS_OLD4   0/1692.25
SURVIVOR   0/495
SYSOPS_CORNER   0/3
SYSOP   0/84
TAGLINES   0/112
TEAMOS2   0/4530
TECH   0/2617
TEST.444   0/105
TRAPDOOR   0/19
TREK   0/755
TUB   0/290
UFO   0/40
UNIX   0/1316
USA_EURLINK   0/102
USR_MODEMS   0/1
VATICAN   0/2740
VIETNAM_VETS   0/14
VIRUS   0/378
VIRUS_INFO   0/201
VISUAL_BASIC   0/473
WHITEHOUSE   0/5187
WIN2000   0/101
WIN32   0/30
WIN95   0/4289
WIN95_OLD1   0/70272
WINDOWS   0/1517
WWB_SYSOP   0/419
WWB_TECH   0/810
ZCC-PUBLIC   0/1
ZEC   4

 
4DOS   0/134
ABORTION   0/7
ALASKA_CHAT   0/506
ALLFIX_FILE   0/1313
ALLFIX_FILE_OLD1   0/7997
ALT_DOS   0/152
AMATEUR_RADIO   0/1039
AMIGASALE   0/14
AMIGA   0/331
AMIGA_INT   0/1
AMIGA_PROG   0/20
AMIGA_SYSOP   0/26
ANIME   0/15
ARGUS   0/924
ASCII_ART   0/340
ASIAN_LINK   0/651
ASTRONOMY   0/417
AUDIO   0/92
AUTOMOBILE_RACING   0/105
BABYLON5   0/17862
BAG   135
BATPOWER   0/361
BBBS.ENGLISH   0/382
BBSLAW   0/109
BBS_ADS   0/5290
BBS_INTERNET   0/507
BIBLE   0/3563
BINKD   0/1119
BINKLEY   0/215
BLUEWAVE   0/2173
CABLE_MODEMS   0/25
CBM   0/46
CDRECORD   0/66
CDROM   0/20
CLASSIC_COMPUTER   0/378
COMICS   0/15
CONSPRCY   0/899
COOKING   33431
COOKING_OLD1   0/24719
COOKING_OLD2   0/40862
COOKING_OLD3   0/37489
COOKING_OLD4   0/35496
COOKING_OLD5   9370
C_ECHO   0/189
C_PLUSPLUS   0/31
DIRTY_DOZEN   0/201
DOORGAMES   0/2065
DOS_INTERNET   0/196
duplikat   6002
ECHOLIST   0/18295
EC_SUPPORT   0/318
ELECTRONICS   0/359
ELEKTRONIK.GER   1534
ENET.LINGUISTIC   0/13
ENET.POLITICS   0/4
ENET.SOFT   0/11701
ENET.SYSOP   33946
ENET.TALKS   0/32
ENGLISH_TUTOR   0/2000
EVOLUTION   0/1335
FDECHO   0/217
FDN_ANNOUNCE   0/7068
FIDONEWS   24159
FIDONEWS_OLD1   0/49742
FIDONEWS_OLD2   0/35949
FIDONEWS_OLD3   0/30874
FIDONEWS_OLD4   0/37224
FIDO_SYSOP   12852
FIDO_UTIL   0/180
FILEFIND   0/209
FILEGATE   0/212
FILM   0/18
FNEWS_PUBLISH   4436
FN_SYSOP   41708
FN_SYSOP_OLD1   71952
FTP_FIDO   0/2
FTSC_PUBLIC   0/13615
FUNNY   0/4886
GENEALOGY.EUR   0/71
GET_INFO   105
GOLDED   0/408
HAM   0/16075
HOLYSMOKE   0/6791
HOT_SITES   0/1
HTMLEDIT   0/71
HUB203   466
HUB_100   264
HUB_400   39
HUMOR   0/29
Möte LINUX, 22112 texter
 lista första sista föregående nästa
Text 6947, 162 rader
Skriven 2006-08-09 22:00:00 av MARTIN ATKINS (1:123/140)
     Kommentar till en text av WAYNE CHIRNSIDE
Ärende: Memory
==============
-=> WAYNE CHIRNSIDE wrote to MARTIN ATKINS <=-


 ->  ->  WC> Booting to the Knoppix live CD, RAMDRIVE.

 ->  -> So much for your BIOS virus theory.

 ->  WC> Uh, that's what I was *currently* running when you asked.
 ->  WC> I zero'd the drive, booted to the CD in an effort to clean up the
 ->  WC> infestation.

 -> You've been running Knoppix CD from day one so logic should have
 -> told you that there was nothing wrong with the BIOS.

 WC> Knoppix from day one *on the hard drive*.

Then the situation is the same. How did you come up with the
silly idea that you had a BIOS virus?

 WC> You can boot Knoppix from the CD as an *option*
 WC> I however had it on the hard drive.

Presumably before you stuffed it up.

 -> The DMI
 -> thing only happened when you tried to boot the DOS 5.0 disk
 -> so logic should have told you that it was a DOS disk problem.

 WC> No to both.
 WC> I had DOS and Windows on a slave drive but as  it's slave it's
 WC> *never* been online in this machine.

Then how did you come up with the idea that that disk had been 
infected? In the cold light of day can't you see how ridicules
that notion is. 

 ->  ->  -> You should know that DOS is deaf dumb blind and stupid.

 ->  ->  WC> So it appears aren't I.

 -> I'm not disputing that there may have been some kind of nasty on the
 -> disk. I'm questioning your approach to the problem _after_ you zeroed
 -> the H/D.

 WC> Nope.
 WC> It survived that attempt.

"It" did not. You started playing with fdisk, didn't understand
what you were seeing and decided it was a virus. 

 WC> Looking at notes I wrote during the experience it appears
 WC> the drive geometry was altered.
 WC> The two anomolies were a 0 block partition at the end of the drive

Like this.

Nr AF  Hd Sec  Cyl  Hd Sec  Cyl     Start      Size ID
 2 00 254  63 1023 254  63 1023   33672240  122629248 05
 5 00 254  63 1023 254  63 1023    9446220   14378175 05
 6 00 254  63 1023 254  63 1023   23824395    6249285 05
 7 00 254  63 1023 254  63 1023   30073680    9108855 05
 8 00 254  63 1023 254  63 1023   39182535   13092975 05
 9 00 254  63 1023 254  63 1023   52275510     498015 05
10 00 254  63 1023 254  63 1023   52773525   69855723 05
11 00   0   0    0   0   0    0          0          0 00

Normal.

Again due to you lack of knowledge you decided it was a virus.

 WC> and a extended at the beginning of the drive.

It shows the extended partition as /dev/hda5. That is _not_
the beginning of the drive.

Like this.

  Device Boot      Start         End      Blocks   Id  System
/dev/hda1   *           1        2096    16836088+   b  W95 FAT32
/dev/hda2            2097        9730    61314624    5  Extended
/dev/hda5            2097        2684     4723078+  83  Linux
/dev/hda6            2685        3579     7189056   83  Linux
/dev/hda7            3580        3968     3124611   83  Linux
/dev/hda8            3969        4535     4554396   83  Linux
/dev/hda9            4536        5350     6546456   83  Linux
/dev/hda10           5351        5381      248976   82  Linux swap / Solaris
/dev/hda11           5382        9730    34927830   83  Linux


 WC> These only showed up in fdisk expert mode when you displayed
 WC> inits as sectors

Like this.

Nr AF  Hd Sec  Cyl  Hd Sec  Cyl     Start      Size ID
 1 80   1   1    0 254  63 1023         63   33672177 0b
 2 00 254  63 1023 254  63 1023   33672240  122629248 05
 3 00   0   0    0   0   0    0          0          0 00
 4 00   0   0    0   0   0    0          0          0 00
 5 00 254  63 1023 254  63 1023         63    9446157 83
 6 00 254  63 1023 254  63 1023         63   14378112 83
 7 00 254  63 1023 254  63 1023         63    6249222 83
 8 00 254  63 1023 254  63 1023         63    9108792 83
 9 00 254  63 1023 254  63 1023         63   13092912 83
10 00 254  63 1023 254  63 1023         63     497952 82
11 00 254  63 1023 254  63 1023         63   69855660 83

So much for your virus.

 ->  WC> These were.
 ->  WC> DMI event logging prompt on boot.
 ->  WC> DOS label command failing to alter or clear volume label.

You cannot use DOS to change anything in a primary partition
while a extended partition exists. You must first delete
all the partitions in the extended then delete the extended
before you can use DOS to alter it.

 -> I have a resonable memory and that was going on _before_ you
 -> dd'ed the drive.

 WC> And after.
 WC> I *attempted to dd the drive.
 WC> It *appeared* to work.
 WC> Now explain how  Lilo showed up after zeroing the drive
 WC> anbd before installing anything?

Because it is alive in the MBR but not functoning.

 ->  WC> Make that four things.
 ->  WC> Lilo kept returning having morphed repeatedly in it's configuration
 ->  WC> during attempts to clear the drive.

 -> You may have removed LILO from the partition but you didn't remove
 -> it from the MBR. It was still resident but of course it quickly failed.

 WC> I would have thought two passes with dd zeroing the drive and a pass
 WC> with Maxtors low level formatting tool would have taken care of that.

No not neccassaraly. The MBR could still remain intact.

 -> Some where about "L" i should think.

 ->  WC> You might be a bit obsessive too if you were in a motorcycle accident,
 ->  WC> lost 2 1/2 inches of your lubar spine, were bedridden and your only
way
 ->  WC> out into the world was a

 WC>  PC crippled by malicious software.

 ->  WC> Did you have a bad problem with such at one time?

 -> Yes.

 WC> I too once had a RAM problem but rather quickly pinpointed it.
 WC> It was a clash between a stick and on MB SMT RAM.
 WC> Jumpered of the 4 Meg on MB and all was well.

Well at least we know this time it is not the RAM.
 
--- MultiMail/Linux v0.47
 * Origin: Try Our Web Based QWK: DOCSPLACE.ORG (1:123/140)