On March 24, 2022 15:37:57 einfacheinewegwerfadre...@web.de wrote:
Situation: I analyzed a HDD with a Windows 10 wich was infected by a
Backdoor.As I wanted to see if ClamAV detects the Malware too and I
wanted to see how long it takes to do the Scan with OpenBSDI attached the
HDD to a OpenBSD-System and got a Kernel panic, TWICE doing so.... I
mounted the NTFS-Partition (to /mnt) and just let ClamAV scan the whole
drive.Since I had to wipe the HDD I can not provide a DD-Image. Since the
wipe was flawless (used the SCHNEIER (7-pass) Method) the HDD is alright.
I also used Vendor-Tools to check the HDD for any Malfunction (SeaTools
[Snip]
NTFS support is fragile. 1 do nothing on the machine but the NTFS process.
2. Do not touch the NTFS disk even with an ls during the copy.
I used it to rescue diseased Windows disks by copying all the data to a
safe world and then dealing with cleanup. If you suspect the disk is
infected, it is. Don't ever "clean" Windows disks, rebuild them.
But rsyncing many TB has worked for me in the past.
--STeve Andre'
Sent with Aqua Mail for Android
https://www.aqua-mail.com
