hi to all.
the situation is this:

os: Ubuntu 9.04
2 ntfs partition (Windows Vista version).

Vista was infected by Autoit trojan.

The user delete (on Ubuntu) the files like autorun.inf, AcroR.exe etc created by malware.
But when he reboot (and remout ntfs partitions) with ubuntu these files are created again.

The user *do not* boot Vista, only Ubuntu.

How this is possible???

Hi,


Well, the usual way... some program copying the files, eg triggered by opening some mail.

Reminder : there is no sane reason why a Linux program should write into the Windows system partition, and there is an option "ro" to mount it read-only.

Regards

Jean-Pierre

Hi,

We distribute NTFS-3G only in source code. Download and check it. It has no malware included.

If Ubuntu, or anybody else, creates a malware on the Windows partition then it must be some other software. Obviously it must use the operating system to place the malware but we are not a antivirus company, we simply execute what other software want to read and writte from/to the disk.

Regards, Szaka

Well, I think there is a misunderstatement.

I know ntfs-3g is virus-free and I know open source.

The question is: because Ubuntu is virus-free too and that files are obviously windows virus, how it is possible they are restored in ntfs partition? The user do not start Vista anymore.

Can be because some recover feature in ntfs supported by ntfs-3g (something like journaling or shadow copies or other)?

Thank you.

No, it can't be. Something reinfects the partition.

Regards, Szaka

thank you.

Just another couple of questions:

1) In ntfs-3g manpages i read:



What about this? Can this feature recover "damaged" files? And if yes, can it related to that files?

2) do you know if shadow copies in ntfs can recover automatically deleted files without a specific software?

Thank you very much.