Hello all....
Well I have tried tons of things and now turn to the greater Interweb for help, although it maynot be a situation that can be helped. Through a series of "perfect storm" type situations where a network reconfiguration was underway leaving the wireless network open, and a rogue PC laptop I was "helping" a friend with, something VERY bad happened on our Mac network.
LONG story short, the Vista laptop was infected with a nasty piece of malware, and unbeknownst to me the machine had previously (2 years ago) been on our network. When it booted I assumed it was isolated and it wasn't, and blah blah longer story truncated.... it....
DELETED ALL DRIVES ON THE NETWORK THAT WEREN'T SYSTEM DISKS.
ouch.
So basically from what I can tell it reformatted (or more likely scrambled the file tables) these drives, and the best I have been able to do is get back a bunch of fairly useless files using Data Recovery 3. The files ar either junk or some JPG's and Quicktime movies, but far less than is needed.
Last thing I have tried in the MANY Windows, Mac, and Linux tools I have tested with is testdisk by Christophe Grenier, and the error I am getting on the drive is as follows, and I am unsure what to do with this info.
check_FAT: Unusual media descriptor (0xf0!=0xf8)
Warning: Incorrect number of heads/cylinder 16 (FAT) != 1 (HD)
Warning: Incorrect number of sectors per track 32 (FAT) != 1 (HD)
EFI System 40 409639 409600 [EFI]
Mac HFS 409640 2930014983 2929605344
It's a 1.5tb drive, and if I could get just this one back it would be half the battle. It was an HFS+ Mac Extended Journaled drive, and I am running an advanced testdisk scan on another drive (3+ days in and still not done on a 2Tb drive! Ow) but if there is a way I can tell this drive it is what it is, and not what this malware said it was, I think all the data is still there. It simply doesn't habve the table in any kind of shape to undelete or rebuild it as far as my knowledge goes. Which has been greatly enhanced in the last week of dealing with this but far from "expert."
If anyone has any solutions or suggestions I would absolutely love to hear from anyone who won't tell me I am stupid for having that system in our office to begin with. That much I already know, and I would fire myself if I could.
Thanks in advance for all helpful help.
MacWynn
Well I have tried tons of things and now turn to the greater Interweb for help, although it maynot be a situation that can be helped. Through a series of "perfect storm" type situations where a network reconfiguration was underway leaving the wireless network open, and a rogue PC laptop I was "helping" a friend with, something VERY bad happened on our Mac network.
LONG story short, the Vista laptop was infected with a nasty piece of malware, and unbeknownst to me the machine had previously (2 years ago) been on our network. When it booted I assumed it was isolated and it wasn't, and blah blah longer story truncated.... it....
DELETED ALL DRIVES ON THE NETWORK THAT WEREN'T SYSTEM DISKS.
ouch.
So basically from what I can tell it reformatted (or more likely scrambled the file tables) these drives, and the best I have been able to do is get back a bunch of fairly useless files using Data Recovery 3. The files ar either junk or some JPG's and Quicktime movies, but far less than is needed.
Last thing I have tried in the MANY Windows, Mac, and Linux tools I have tested with is testdisk by Christophe Grenier, and the error I am getting on the drive is as follows, and I am unsure what to do with this info.
check_FAT: Unusual media descriptor (0xf0!=0xf8)
Warning: Incorrect number of heads/cylinder 16 (FAT) != 1 (HD)
Warning: Incorrect number of sectors per track 32 (FAT) != 1 (HD)
EFI System 40 409639 409600 [EFI]
Mac HFS 409640 2930014983 2929605344
It's a 1.5tb drive, and if I could get just this one back it would be half the battle. It was an HFS+ Mac Extended Journaled drive, and I am running an advanced testdisk scan on another drive (3+ days in and still not done on a 2Tb drive! Ow) but if there is a way I can tell this drive it is what it is, and not what this malware said it was, I think all the data is still there. It simply doesn't habve the table in any kind of shape to undelete or rebuild it as far as my knowledge goes. Which has been greatly enhanced in the last week of dealing with this but far from "expert."
If anyone has any solutions or suggestions I would absolutely love to hear from anyone who won't tell me I am stupid for having that system in our office to begin with. That much I already know, and I would fire myself if I could.
Thanks in advance for all helpful help.
MacWynn
