[ale] windows virus?

Robert Reese ale at sixit.com
Fri Jun 4 19:45:05 EDT 2010 

Hello Preston,

Thursday, June 3, 2010, 7:00:59 PM, you wrote:

> Paul Cartwright wrote:
>> On Thu June 3 2010, Preston Boyington wrote:
>>> I have to admit that I'm curious about the whole thing.  I wasn't sure
>>> if there was a dual-boot and WINE was used to run a program in the
>>> Windows directory that activated the malware OR if it was something that
>>> installed itself via the webbrowser from a site someplace.

>> my desktop is dual boot, but I haven't booted windows since... Jan 2009 ?
>> I mounted that partition, here is part of the listing:

>> dr-x------  1 root root          0 Jan 16  2009 Config.Msi
>> dr-x------  1 root root      24576 Jan 16  2009 Program Files
>> -r--------  1 root root 2145386496 Jan 16  2009 pagefile.sys
>> -r--------  1 root root 2145300480 Jan 16  2009 hiberfil.sys
>> dr-x------  1 root root     122880 Jan 16  2009 WINDOWS


> on a different note, is that a 'hibernation' file?

Yep, you see a hibernation file as well as a pagefile (swap file).  The pagefile will, almost without fail, be there.  The hibernation file will be there if hibernation is activated.

Unless you are concerned about resuming from a hibernated state, both files can be safely and confidently removed.


>  does your Linux 
> system gripe about mounting the partition?  i ask because my netbook 
> wouldn't allow me to copy over files to my NTFS partition because 
> Windows had not been shutdown (as opposed to it going into 
> suspend/hibernation) correctly.

Your Linux was checking to see if Windows was shut down properly; Windows does have some recovery built into it, and damage to the file system or OS if the wrong files are manipulated before Windows can reboot.  Thus the strong protection against mounting it.  Of course, you can override that if you are confident that you aren't going to cause damage or don't care.  By the way, the presence of a hibernation file is essentially independent, and therefor not necessarily indicative, of a system in a hibernated state.

Cheers,
Robert~

More information about the Ale mailing list