Very Computer

Hi all

I am facing an issue that I haven't encountered yet, and am seeking advice
on what to look for...

Here's the situation:
A friend of a friend of a friend had a virus hit his NT machine - the
FunLove virus (w32fun.love.4099), and his SQL server is corrupt - and now he
is asking for my assistance in restoring the database from backup.

From Symantec on this virus:
"W32.FunLove.4099 attacks the Windows NT file security system and modifies
the Windows NT kernel, giving the virus the ability to change security
settings, compromising sensitive data once the machine is restarted with the
modified kernel. The virus also creates a program for itself and replicates
in the background while it executes the host program."

He has run a routine restore from disk, and is now getting errors like:
"Read of the file failed..."
"The database is marked inaccessible and cannot be edited..."

Error logs show:
dev_read extent - cannot read after data

I have never seen these errors, and am not sure what to look for as a
possible problem, and even more, solution.

Does anyone have experience with this? Or, can anyone offer suggestions to
look for?

Platform specs:
WinNT 4 Server SP5
SQL Server 7 SP3

Thanks for any advice!

Michael

You didn't provide any information of how backup was done and how he is trying to do
the restore.

--
Tibor Karaszi, SQL Server MVP
FAQ from Neil at: http://www.sqlserverfaq.com
Please reply to the newsgroup only, not by email.

Quote:

> Hi all

> I am facing an issue that I haven't encountered yet, and am seeking advice
> on what to look for...

> Here's the situation:
> A friend of a friend of a friend had a virus hit his NT machine - the
> FunLove virus (w32fun.love.4099), and his SQL server is corrupt - and now he
> is asking for my assistance in restoring the database from backup.

> From Symantec on this virus:
> "W32.FunLove.4099 attacks the Windows NT file security system and modifies
> the Windows NT kernel, giving the virus the ability to change security
> settings, compromising sensitive data once the machine is restarted with the
> modified kernel. The virus also creates a program for itself and replicates
> in the background while it executes the host program."

> He has run a routine restore from disk, and is now getting errors like:
> "Read of the file failed..."
> "The database is marked inaccessible and cannot be edited..."

> Error logs show:
> dev_read extent - cannot read after data

> I have never seen these errors, and am not sure what to look for as a
> possible problem, and even more, solution.

> Does anyone have experience with this? Or, can anyone offer suggestions to
> look for?

> Platform specs:
> WinNT 4 Server SP5
> SQL Server 7 SP3

> Thanks for any advice!

> Michael