[plug] Alternating caps problem
Russell Hobman
Russell.Hobman at watercorporation.com.au
Fri Oct 26 08:39:40 WST 2001
hi arkem, this sounds very much like a virus. have you virus checking
software that you can run from floppy disk and confirm it is a virus? worst
case scenario is format partition and reload os. hope it won't come to that.
regards, Russell.
> -----Original Message-----
> From: Arkem [SMTP:arkem at mornmist.2y.net]
> Sent: Friday, October 26, 2001 7:33 AM
> To: plug at plug.linux.org.au
> Subject: [plug] Alternating caps problem
>
> I woke up this morning to a very wierd and disturbing situation on my
> computer. In a few select directories (and their subdirectories) off
> my home directory all the file names have been mutilated, some have
> just been converted into alternating caps versions of their previous
> names others have had odd characters inserted into them and in some
> cases whole subdirectories have become empty. This occoured sometime
> between 8pm and 6:30am (At 6:27 or so a cron job ran and its output
> was the first to indicate something was wrong) and the only log
> entries that may be of relevance were this section from
> /var/log/messages: (appologies for the spam)
>
> Oct 26 06:16:18 mornmist -- MARK --
> Oct 26 06:28:40 mornmist kernel: hda: dma_intr: status=0x51 {
> DriveReady SeekComplete Error }
> Oct 26 06:28:40 mornmist kernel: hda: dma_intr: error=0x84 {
> DriveStatusError BadCRC }
> Oct 26 06:28:40 mornmist kernel: hda: dma_intr: status=0x51 {
> DriveReady SeekComplete Error }
> Oct 26 06:28:40 mornmist kernel: hda: dma_intr: error=0x84 {
> DriveStatusError BadCRC }
> Oct 26 06:28:41 mornmist kernel: hda: dma_intr: status=0x51 {
> DriveReady SeekComplete Error }
> Oct 26 06:28:41 mornmist kernel: hda: dma_intr: error=0x84 {
> DriveStatusError BadCRC }
> Oct 26 06:28:41 mornmist kernel: hda: dma_intr: status=0x51 {
> DriveReady SeekComplete Error }
> Oct 26 06:28:41 mornmist kernel: hda: dma_intr: error=0x84 {
> DriveStatusError BadCRC }
> Oct 26 06:28:41 mornmist kernel: hda: dma_intr: status=0x51 {
> DriveReady SeekComplete Error }
> Oct 26 06:28:41 mornmist kernel: hda: dma_intr: error=0x84 {
> DriveStatusError BadCRC }
> Oct 26 06:28:41 mornmist kernel: hda: dma_intr: status=0x51 {
> DriveReady SeekComplete Error }
> Oct 26 06:28:41 mornmist kernel: hda: dma_intr: error=0x84 {
> DriveStatusError BadCRC }
> Oct 26 06:28:41 mornmist kernel: hdb: DMA disabled
> Oct 26 06:28:41 mornmist kernel: ide0: reset: success
>
> hda1 is particion that this all happened on (its mounted as /home)
> does this log indicate that hda is failing? Or is this possibly the
> result of an intrusion? If its a simple intrusion does anyone know
> how I could easily reverse the alternating caps problem? (how would I
> for example write a shell script that mv's all files so they all have
> lower case names?)
>
> oh BTW I'm running Debian Sid on kernel 2.4.10
>
> Near a panic,
> Arkem
More information about the plug
mailing list