Diskwarrior 4.2 saves the day (again!)

[aka21stCentury]

Got hit by a New Years Day bit volume virus... disk utility and Norton couldn't repair. I have three older versions of DW but there is a special CD version that boots into Tiger CD44... a few weeks more and the new ROM from Apple will be available to Alsoft and the new DVD with 4.2 will boot 09+ macintels.

Just a head's up.

Tel# 281 353 4090


When you preview damage disks, have a large Sandisk Cruzer or another firedrive partition to store 'unrecovered data' that way you may not loose anything.

Yep there is a warning going out re: tiny urls and phishing... but it may be a lot worse, as in port forwarding or DNS hacks on servers, even Airport and newer routers. Just another head's up. Yep 30-50 pages of compressed code (Trojan) hidden with a url shortening service, so beware of email and iChat any messenger system coming from 'buddy' list or address book (this is a botnet).

[sunburst79]

Quote:

Originally Posted by aka21stCentury

Got hit by a New Years Day bit volume virus... disk utility and Norton couldn't repair. I have three older versions of DW but there is a special CD version that boots into Tiger CD44... a few weeks more and the new ROM from Apple will be available to Alsoft and the new DVD with 4.2 will boot 09+ macintels.

Just a head's up.

Tel# 281 353 4090


When you preview damage disks, have a large Sandisk Cruzer or another firedrive partition to store 'unrecovered data' that way you may not loose anything.

Yep there is a warning going out re: tiny urls and phishing... but it may be a lot worse, as in port forwarding or DNS hacks on servers, even Airport and newer routers. Just another head's up. Yep 30-50 pages of compressed code (Trojan) hidden with a url shortening service, so beware of email and iChat any messenger system coming from 'buddy' list or address book (this is a botnet).

Sorry to hear that. Thats not magical at all.

[aka21stCentury]

That number FYI is Alsoft sales. If you have an '09 or '10 Apple call first to see if the boot rom available on the DVD will boot your mac. A newer boot rom is expected any day from them to boot the newer machines. 10.6.6. was just released.

SOL -- these are Flash Security Settings. Mine were hacked late Dec and my drive crashed with data coming in off my router, lighting write LED's on my boot firewire drive (apple).... then BLUE SCREEN, but because I was able to save my boot disk I could see with Better Security Addon to Firefox the SOL hack. No password is required.

Support Apple in their movement against Adobe/Macromedia -- as Apple iMacs and Laptops were the first to come out with onboard video cameras this is a big concern for Apple IT team & security consultants.

If you have an HP Printer Flash 6 installs at root even if root is not enabled by default on all Macs. This security flaw is similar to what is now being seen on W-7 64 bit. I.e. the print spooler on W-7 has root access. It is being exploited by the new variant below.

THIS NEW THREAT IS CALLED TDL-3 variant or Aluero


TDL3 rootkit still large issue for anti virus programs Free TDL3 removal
with Hitman Pro

-----------------------------------------------------------------------------------

Hengelo, January 19, 2010. Occasionally a new virus appears that is clever
enough to completely deceive anti virus programs. TDL3, a variant of the
TDSS rootkit (also known as Alureon) is such a sophisticated virus that is
causing sleepless nights for anti virus researchers. The first variant,
TDL1, appeared in the summer of 2008 and is still capable to prevent
detection by many anti virus programs. In the summer we saw the 2nd variant
TDL2. *"The TDL3 is one of the most sophisticated viruses I have seen"*,
according to CEO Mark Loman. *"The rootkit is piggybacking on a standard
driver to avoid detection by anti virus programs."*
How does TDL3 work?

TDL3 registers itself first as print processor. The printer subsystem
(spoolsv.exe), that has administrative rights, loads this Print Processor.
Virus scanners that monitor the behavior of processes will not be alarmed
because the printer subsystem is a trusted part of Microsoft Windows. TDL3
has now full system access rights as Print Processor and infects the lower
level system driver that is responsible for the communication with the hard
drive. When virus scanners want to check this driver, they see the original
file so they are unable to recognize the infection.

TDL3 places an encrypted file system on top of the standard file system on
the last sectors of the hard drive. The encryption ensures that these files
cannot be read directly from disk to avoid detection by anti virus programs.
The encrypted file system is used to store other threats that are downloaded
from the Internet. *"It is like a hotel"*, says Mark Loman. *"Other virus
writers can book a room in this 'TDL3-hotel' and use it to hide their virus
from anti virus programs"*.
How to remove TDL3?

The number of infected computers is growing quickly. The latest guest of the
TDL3-hotel is redirecting search engines to malicious websites so many
people refer to this as the Google Redirect Virus. There are only a few anti
virus programs that detect a TDL3 infection. And the number of anti virus
programs that can remove the infection is nearly zero.


Also see http://www.eset.com/resources/white-...3-Analysis.pdf
------------------------------------------------------------------------------------------------------------------------------------
end of quote

From 21stCentury -- it was my boot volume. Two other partitions were fine. Not a HD crash. This was an attack targeting data. Probably because I am behind three firewalls I was spared worse damage. FYI - I actually watched as I booted to a firewire disk (Oxfords) the write LED's light. I rarely boot online. Then blue screen. I bought a much more secure router prior to going online. I don't work for any companies mentioned above, although I am a former sys admin and Cisco trained IT network dimwit.