|
Well,
I already restored from a two week old backup. Looks like I lost about two weeks (80 hours or so) worth of work, the drive held some of my personal projects that I was working on over the holidays.
I am still doing damage assessment. But I think I can quickly re-write most of what was lost.
|
|
|
|
|
You have my sympathy. I certainly know what that's like.
The difficult we do right away...
...the impossible takes slightly longer.
|
|
|
|
|
Randor wrote: Looks like I lost about two weeks (80 hours or so) worth of work, the drive held some of my personal projects that I was working on over the holidays.
Yikes.
My holiday plans include taking the time to back up some systems I've been neglecting for a while. I can just picture getting myself into that sort of situation...If that happens, I think I'll take up heavy drinking. I just no longer have the energy these days to re-do something I've already done, especially for personal projects done over holidays.
|
|
|
|
|
Try writing an entire software to simulate a Movie rental website for an AP class, then you duplicate it to change it to a the text file, and when you name the text file copy, you name it the same name, and it overwrites ALL of your code, which I spent a good 150 hours on give or take, and you lose all of that code......
|
|
|
|
|
The modern equivelant of "FORMAT C: /s/u/q"
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony
"Common sense is so rare these days, it should be classified as a super power" - Random T-shirt
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
Heh,
Worse. I guess the Debian image has multiple partitions. I knew something was wrong when Explorer suddenly showed H: I: J: K: L: drives.
Best Wishes,
-David Delaune
|
|
|
|
|
BTDT, good opportunity to rework your DR plans.
>64
If you can keep your head while those about you are losing theirs, perhaps you don't understand the situation.
|
|
|
|
|
I had a (fortunately fairly minor) disaster a couple of weeks ago. I hate long file paths so map them to drive letters; e.g. C:\inetpub\wwwroot\Personal can be accessed via P:\ I'm doing some historical research and had about 600 images saved in a folder on the P: "drive". I went to delete one, but had somehow inadvertently pressed ctrl-A before delete, thereby deleting everything. "No big deal" thought I, "I'll just un-delete from the recycle bin". It took a little while for it to dawn on me that stuff deleted from a mapped drive does NOT get put in the recycle bin.
Fortunately 95% of the pics had already been uploaded to the related website, so I just downloaded and all was well. Some were still under review and I have no backup of some of them, though in many cases notes on where to find them from elsewhere.
100% my fault; all now backed up and secured, and I don't work on a mapped drive anywhere I can delete stuff (e.g. Win Explorer). You live and learn!
|
|
|
|
|
DerekT-P wrote: I went to delete one, but had somehow inadvertently pressed ctrl-A before delete, thereby deleting everything.
When you delete a file in Windows the file isn't really deleted, the entry is simply removed from the MFT[^]. You can easily recover deleted files. If the USN Journal[^] is enabled on your partition then recovering is exceeding easy.
There are a few articles here on codeproject showing how to recover files, just search for "USN Journal NTFS"[^]
Text files are extremely difficult to find with forensics tools.
I couldn't use this technique because the Debian image overwrote everything at the beginning of the drive, all partitions, MFT and parts of the USN Journal. I could have used a forensics suite to recover files with known header/footer structures. But the problem with .H and .CPP files is that they are ultimately just pure text with nothing to uniquely identify the file type. It would be a nightmare to perform forensics to recover text files. It's a 4TB drive too. Would probably take longer to locate those source files than it would take to just re-write them.
I had a backup so I ultimately only lost about two weeks worth of code.
Best Wishes,
-David Delaune
|
|
|
|
|
Thanks David. All the images were found on the 'net and can ultimately be found again, so it's not such a major problem. I had other things to do at the time than search for undelete tools, but thank you for the info above; I've saved the links for another day. Although, I have also tried a couple of the examples from CP, and neither are working for me. One can't find any drives at all, the other lists them but says they're not NTFS (which they are). I note the examples are pretty old (2008 and 2010 respectively); maybe they can't cope with larger drives? (256Gb and 1Tb respectively)...
|
|
|
|
|
DerekT-P wrote: Although, I have also tried a couple of the examples from CP, and neither are working for me.
The article "Eyes on NTFS" has bugs, but they are easily fixed, I know this because I have that project in my library. I have not tried the others, make sure you run them as Administrator.
I'm not on a PC right now, I'm responding to you from my TV.
|
|
|
|
|
I have my own serialize/deserialize code that i've been using for years that, optionally, uses the GZip facility MS provides in System.IO.Compression, and, System.Runtime.Serialization.
A new C# WinForm project i started in VS22 to try and see what using Blazor webassembly was like, and that used Gzip to save state compiled, but, would not run ... no error message; it just exited the app with no output.
Figuring there was some weirdness goin' down with Blazor/VS 22, I went and tested a previous VS2019 project that used the old library; saving using GZip showed the same puzzling behavior., The code that invokes GZip is bog-standard:
using System.IO.Compression;
using System.Runtime.Serialization;
using (FileStream compressedFileStream = File.Create(filename))
{
using (var compressionStream =
new GZipStream(compressedFileStream, CompressionLevel.Optimal, true))
{
dcs.WriteObject(compressionStream, typeof(T));
compressionStream.Close();
}
} Oh .. my firewall/virus thing (EmsiSoft) was blocking the .exe ... the details surprised me:<\Quote: 12/9/2021 11:44:19 AM quarantined Malware "Behavior.CryptoMalware" in "test blazor dec 4 2021.exe".
Cloud Host Rule modified "Block silently" for host "42.180.243.234" That IP appears to be in China:Quote: P Address: 42.180.243.234
IP Location: China, Liaoning, Liaoyang
IP Owner: Unicom Liaoning Province Network Of course i'll submit a report to EmsiSoft, but, wonder if anything in this scenario you see i might be overlooking.
thanks !
«The mind is not a vessel to be filled but a fire to be kindled» Plutarch
|
|
|
|
|
Doesn't seem great...
It's possible that code has been injected from your PC, I'd run a scan locally as well as copying the code to a new PC and building/testing from there.
|
|
|
|
|
Please keep us updated!
That's.. concerning!
|
|
|
|
|
I would check your PC - it seems to be infected...
"The only place where Success comes before Work is in the dictionary." Vidal Sassoon, 1928 - 2012
|
|
|
|
|
Update:
i should have added to my original message:
1) on first detecting the odd behavior, i ran a complete scan ... all clean.
2) since i a/b tested in both VS 2019 and VSA 2022 the same apps using standard xml serialize techniques, and no unexpected behavior appeared, and the av software was not triggered ... i assumed the hypothesis that use of GZip was the trigger here was relatively strong.
«The mind is not a vessel to be filled but a fire to be kindled» Plutarch
|
|
|
|
|
You may follow the code here - Source Browser[^]
"The only place where Success comes before Work is in the dictionary." Vidal Sassoon, 1928 - 2012
|
|
|
|
|
Using your code created an exe - it runs without any alert. Asked for a direct scan from my ESET Endpoint Security and nothing came up...
"The only place where Success comes before Work is in the dictionary." Vidal Sassoon, 1928 - 2012
|
|
|
|
|
Thanks, Kornfeld, May i ask what version IDE and app (WinForm ?, WPF ?) and FrameWork version you are using ? i suspect that's not a factor here ... just curious.
fyi: Emsisoft is not blocking the .exe files of other projects in VS-19 or -22 when they are run.
«The mind is not a vessel to be filled but a fire to be kindled» Plutarch
|
|
|
|
|
VS 2022
NET 6.0
Console Application
"The only place where Success comes before Work is in the dictionary." Vidal Sassoon, 1928 - 2012
|
|
|
|
|
Verify your dotNet dlls haven't been infected. In fact, I'd double check the entire machine for malware, including rootkits.
|
|
|
|
|
thanks, as i said in my update message above, that was the first thing i did after seeing the odd behavior.
the fact that only the code calls GZip produces the error is a sign the dll is not infected, since that same dll provides the code for standard XML serialization which works without error.
«The mind is not a vessel to be filled but a fire to be kindled» Plutarch
|
|
|
|
|
It could still be infected. Malware tends to be some of the best written software on the planet.
|
|
|
|
|
Have you had a direct experience with a MS dll infected with any form of malware that is triggered only when a specific facility in the dll is invoked ?
«The mind is not a vessel to be filled but a fire to be kindled» Plutarch
|
|
|
|
|
I am working on an existing C# application, and find that there is a set of class definitions like this:
public class Class1<Ttype> { }
public abstract class Class2 { }
public class Concrete2 : Class2 { }
public class Report { }
public class Class3 : Concrete2
{
public Class1<Report> report = new ();
}
Would you call this spaghetti code? Or, is this a standard Design Pattern? Currently, it is causing my mind to whirl.
modified 9-Dec-21 0:29am.
|
|
|
|