I aint so sure. For one... all the virus scanners make the assumption
that you are using a microsoft dos; I have used DR-DOS 3,5,6, and now
DR-DOS 7, and scanners will routinely freaked on it.
then tooo, there is the nature of the directory tool. I spoze you
might possibly have something that _writes_ when it _reads_, but if
so, that's a bug in the program. The _default_ of int 16 is not to
do that. Nonetheless, Jerry is right about Simtel. It has GDISK.ZIP,
an improvement over FDISK which will read and write any MBR of any
drive format I know of. I think Simtel even has Ralf Brown's intterupt
database, and lots of raw disk sector readers. You could use them to
satisfy which interrupts write to disk, and then use debug (Simtel has
an inproved version of that too) to look at the raw 00 sector data to
see if it, in fact, does have the ability to write to a drive.
ROM-DOS from data-light seems to suffer from the same mis-disagnosis.
for older PCs it beats the hell out of MS. I switched to DR-DOS when
I started using multi-gig hard-drives.
When a disk is read, the sectors get copied into DRAM... but they do
_NOT_ need to be 'run' or 'executed'. They just sit there like the
words on this screen, and dont do anything else. A virus is simply a
subroutine that makes copies of itself. but it cannot do that if the
program or sector on which it exists is not _running_. Directory file
managers dont do that unless told to.
What usta happen was that an infected floppy had software on it which
was run. Text or database arrays could be safely copied off it because
they are not executables. Nowadays, the big threat is the net, and the
use of JAVA, which is executable software coming in off the net to be
run on your own system. One reason I like Arachne is that it dont have
JAVA. A virus installed in JAVA code could be spread all over the net
in no time, and it could bring down the servers, killing the internet.
On Tue, 2 Jan 2001 00:28:03 -700, Jerry J. Haumberger wrote:
> A few months ago I contracted a virus (fortunately, harmless) from an
> old machine that lodged itself in the MBR of several dozen of my
> floppies -- 1.44 MB, 720k, 1.2M and 360k -- and even the hard drive
> of my AT (30 MB). Interestingly, though, even though it could infect
> 360k floppies when used in a 1.2 MB HDD, it was unable to infect the
> 20 MB HDD of my XT. I don't recall the name of the program, but I know
> that there was a program that specifically was able to remove MBR
> viruses (freeware) from the DOS Simtel site. This was the only way
> I could remove an MBR virus from my AT -- barely. My virus was called
> "WelcomB.A", and it took me quite awhile to go through all the infected
> floppies to remove it. All it required was to read the floppy in a
> drive with the virus, and bingo, it infected the drive and any other
> floppies that would come in contact with that drive...
> I seem to recall that there are lots of free programs that remove
> specific viruses... even the one you've mentioned. Just check out
> Simtel...
> Jerry [o:--] "The" IBM AT/5170 model 339 [--^~---] 9600kbps/30M HD
> *1986 ||||||||||||||||||||||||||||||||||||| [ =====_] 512k RAM - 8MHz
uncopywritten- do what you will with it.
-- Arachne V1.68, NON-COMMERCIAL copy, http://arachne.cz/
To unsubscribe from SURVPC send a message to [EMAIL PROTECTED] with
unsubscribe SURVPC in the body of the message.
Also, trim this footer from any quoted replies.
More info can be found at;
http://www.softcon.com/archives/SURVPC.html
