Re: Can we recover data from corrupted excel file

[Mark Bassett <zosxavius () gmail com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
Amit shrma wrote:

> Dear all,
>
> *** Need Help ***
>
> All of my xls files have been corrupted by w32.chir.b virus.
> Basically what this virus do is stated just below.
>
> " On the first day of each month, W32.Chir.B@mm attempts to
> overwrite the first 4660 bytes of files that have .adc, r.db, .doc,
> and .xls extensions in all folders and subfolders. " quoted at
> symantec.com.
It is hard to get files to read when their headers have been
destroyed.  Look at the first 4660 bytes on a good excel file and see
if you can do a swap with a HEX editor.  It may be worth a try.  I am
running Office 2003, so I'm guessing 2k3 uses a slightly different
file format, or I would try and help you some more.  Also, you should
really be backing up critical data.  It sucks that you have to learn
this way, but now you should be a bit wiser as to how you manage your
data.  If everything is on a hard drive that is a single point of
failure, and as you have found out, it does not have to be the hard
drive itself that fails.

Wish I could help you more. You may want to google for some forensics
tools if you are not able to fix the file headers.  Some of the better
ones will extract chunks of data from files.  It may be better than
nothing.

Good luck.

Mark Bassett
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (MingW32)
 
iD8DBQFCp0DnvNkqLPQVYL4RApp6AJwO9ALi9kj1FnC9eEaq4+gqNAppkQCfVv5t
9uE0942trMdHSAj0MW8gTnk=
=ET61
-----END PGP SIGNATURE-----