digip Posted August 24, 2007 Share Posted August 24, 2007 ntldr is the windows kernel (I still believe). but that's only the surface problem, the actual problem is that (at a guess) 90% of the file system is gone. ntldr is like boot.ini for win95/98. You can't load windows without it, its like the mbr telling it where the drive starts. http://en.wikipedia.org/wiki/NTLDR If there was a physical file ntldr.exe, it was probably a virus. http://www.auditmypc.com/process/ntldr.asp Quote Link to comment Share on other sites More sharing options...
Sparda Posted August 26, 2007 Author Share Posted August 26, 2007 Good news. Took 4 days or so but EnCase was able to recover most (if not all) of the important stuff. Still don't have a wtf clue as to what happened. If it was a skiddie, they got pwned :P. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.