|WebDezign secrets revealed...||viruses|
|It is important for the Internet surfer to be aware of viruses. We dedicated this page to the subject because the media we work in and probably some of us even live in is one of the easiest ways for the viruses to spread. Casual contacts are always dangerous even if only virtual!|
CIH.1003 - the monstrous disaster of
1999. Is there a hope for survival for
the PC world?
There are tones of pages how to prevent
evil since the BIOS can be re-programmed and completely restored.
The worst is when the virus attacks the hard disk which happens with
the older MB's. It damages the partition table and the FAT tables which
are the keys to a proper reading of the information on the hard disk.
Fot the unfamiliar user to whom these abbreviations speak nothing we'll simply say that the mentioned above results in the total "absence" of the hard disk, the directory srtucture and the files as well. If this happens the hard disk must be formatted in order to be prepared to store readable files again.|
THE HOT SOLUTION
The program aftercih.exe will extract your HTML files from an "after CIH" hard disk. Probably there are many other similar viruses, and it doesn't really matter what their names are if the result is one and the same - hard disk "disappearing". The program will work in those cases as well. Even if you have already formatted your hard disk but still haven't installed all your applications and favourite games, the program will extract the previous HTML files!
Instructions to use aftercih.exe|
1. You need a second hard disk which must be able to operate in DOS mode (WinNT DOS emulation will NOT work, DOS prompt under Win95/98 will not work properly either - you need to exit to DOS). This hard drive must be the primary master on your system and will appear as C:\>_.
2. Your "after cih" hard disk could be set to either primary slave or secondary. It MUST be recognized by the BIOS as an existing hard drive during the initial tests on start up, but you won't see it to apperar as D:\>_ afterwards. Read its physical characteristics - the number of its cylinders, heads and sectors. They are written on the body of the hard disk. You can also use the program diskedit.exe from Norton utilities to see them. These characteristics are very important since the program uses them to read the physical sectors on the hard disk.
3. Copy aftercih.exe in the main directory of the operating disk. Create a directory where the extracted files will be saved, for instance C:\SURVIVED (make it up to 8 characters). Exit to DOS or if you did the previous in DOS mode start aftercih.exe. The program will consequently prompt you to enter 7 fields - first the number of the cylinders, the heads and the sectors of the crashed hard disk (for a 2.1G these parameters may look like this - 1024, 64, 200). Then you have to enter the number of the cylinder and the head from which the program will start to read. If you run the program for the first time enter 0 in both two fields. Then enter the full path where the files will be saved (the one you've already created - C:\SURVIVED>). The last entry is the starting file number. If you run the program for the first time you can enter 0 here. The process of reading and extracting may take some hours. You can break the program by pressing CTRL-C at any time and then to continue again from the same place by specifying the new start cylinder, start head and start file numbers (entries 4, 5 and 7; the other entries should be the same).
How the program works:
The program uses a specific feature of the HTML documents. They all start with an opening tag <HTML> and finish with a closing tag </HTML>. Another helpful thing that eases the recovering process is that the web pages are simple ASCII coded text files. The program reads the whole content of the hard disk byte by byte and sector by sector and extracts everything that is between <HTML> and </HTML>.
One very interesting thing is that among the restored files you'll see many similar versions of one and the same file if the latter had been developed on the hard disk and saved many times for every latest change. This is because if you had enough space on the hard disk every newer version of the file was saved physically on different place and the older versions disappear just because they were "missed" by the FAT tables.
How to restore other types of files:
It is hard (but I think it's possible) to define markers for other types of files. Some definite information for a certain file type could be searched in the file header. And the specific interpretation for each file type must be known as well. If you want to restore text no matter how it was written and what its file extension was (.TXT, .DOC, .CPP, other source code) you can use the program diskedit. Use the search (find) function of the program and enter key words that are present in the text.
This document (text and images) may not be copied in part or full without express written
permission from the publisher. All violations will be prosecuted to the fullest extent of the law.