Re: Corrupt office, pdf, and other general use files

[p1g <killfactory () gmail com>]

If you know when the software was installed, you could compare MAC
times to the files you are trying to open. MAC = modified , accessed ,
created

See if the files we actually modified since the 'malware' was installed.

Try opening the files on another computer.

Just an idea :)

On Mon, Mar 24, 2008 at 11:12 AM,  <Robert.Yung () l-3com com> wrote:
> List, hope you can help.
>
>  It has become apparent that a user may have installed malware which has
>  randomly gone through an entire drive and corrupted pdf, doc, xls, and
>  other general use office files.  When an attempt is made to open a
>  corrupted file, Word (for example) will error out and say that the file
>  is not readable.
>
>  Question is, does anyone know of a tool that will traverse an entire
>  directory structure and check files of commonly known formats and report
>  back to say whether or not they are corrupt?  I need a way to identify
>  how widespread the problem is and see if there is a pattern to which
>  files are corrupted.  The tool does not need to fix the file, I just
>  require a report.
>
>  Thanks in advance!



-- 
-p1g
SnortCP, C|HFI, TNCP, TECP, NACP, A+
 ,,__
o" )~ oink oink
 ' ' ' '

If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked.
-- former White House cybersecurity czar Richard Clarke