[SNIPPED...]
>
> Yesterday I had an occasion of looking at some disks stricken by
> the virus. We mounted these on Linux/Alpha machine so we were pretty
> safe. :-) Partition tables actually still existed and even some top
> directories looked mostly reasonable at the first glance (there were
> multiple partitions on two disks). But FAT information was scrambled.
> A text file would look sane for a moment but pretty soon would turn
> into a binary chunk which obviously does not belong there. None of zip
> archives I checked were usable. As the affected party had backups and
> needed disks back right away we did not try to see if any attempts to
> untangle the mess had any traces of a chance. Disks got reformatted.
> This damage was definitely not confined only to "C:".
>
> Owners were also complaining that on disks they try to reformat
> and repartition themselves 'fdisk' from Windows got spooked and
> refused to do anything. Only after writing a block of nulls over
> an initial disk portion they were acceptable. Linux on a floppy
> and dd to the rescue. :-)
>
> Michal
Here is a way to help prevent problems in the future. Just `cp` the
raw device to a raw floppy until it's full. Save the floppy somewhere.
If you need to fix the disk, mount a rescue disk somewhere and `cp`
from the raw floppy back to the raw device. Here's a test I made
on a spare partition.
Script started on Wed Apr 28 14:34:30 1999
# umount /dev/sdb1
# cp /dev/sdb /fd0
# rm /fd0
# cp /dev/sdb /dev/fd0
cp: /dev/fd0: No space left on device
# Here I delete the parition.
# fdisk /dev/sdb
Command (m for help): p
Disk /dev/sdb: 255 heads, 63 sectors, 274 cylinders
Units = cylinders of 16065 * 512 bytes
Device Boot Start End Blocks Id System
/dev/sdb1 1 260 2088418+ 83 Linux native
/dev/sdb2 261 274 112455 83 Linux native
Command (m for help): d
Partition number (1-4): 1
Command (m for help): d
Partition number (1-4): 2
Command (m for help): p
Disk /dev/sdb: 255 heads, 63 sectors, 274 cylinders
Units = cylinders of 16065 * 512 bytes
Device Boot Start End Blocks Id System
Command (m for help): w
The partition table has been altered!
Calling ioctl() to re-read partition table.
Syncing disks.
WARNING: If you have created or modified any DOS 6.x
partitions, please see the fdisk manual page for additional
information.
# Here I put the partition information back.
# cp /dev/fd0 /dev/sdb
# fdisk /dev/sdb
Command (m for help): p
Disk /dev/sdb: 255 heads, 63 sectors, 274 cylinders
Units = cylinders of 16065 * 512 bytes
Device Boot Start End Blocks Id System
/dev/sdb1 1 260 2088418+ 83 Linux native
/dev/sdb2 261 274 112455 83 Linux native
Command (m for help): q
# mount /dev/sdb1 /mnt
mount: /dev/sdb1 is not a valid block device
# Need to have the kernel re-read the partition table.
# fdisk /dev/sdb
Command (m for help): p
Disk /dev/sdb: 255 heads, 63 sectors, 274 cylinders
Units = cylinders of 16065 * 512 bytes
Device Boot Start End Blocks Id System
/dev/sdb1 1 260 2088418+ 83 Linux native
/dev/sdb2 261 274 112455 83 Linux native
Command (m for help): w
The partition table has been altered!
Calling ioctl() to re-read partition table.
Syncing disks.
WARNING: If you have created or modified any DOS 6.x
partitions, please see the fdisk manual page for additional
information.
You have new mail in /var/spool/mail/root
# mount /dev/sdb1 /mnt
#
# It works. Let's check it.