tony4@garfield.cs.mun.ca (Anthony H. Galway) (05/18/91)
I have, for partition table viruses, always done a DOS format to rid myself of the offender if McAfee's CLEAN didn't work (be assured that I have also done a LOW level format in cases when the partition table was hopelessly infected). This does not remove the virus, but it does seem to do something to the partition table that allows CLEAN to then remove it. Recently, (READ: since my previous post 2 days ago), it has come to my attention that this is not the accepted way of ridding myself of the virus, instead I should do the LOW Level format. Which way is correct? I know the LOW level format guarantee's results, but this method also destroys any additional partitions. We use DOS 3.3 and have two partitions, C: & D:. If I do a LOW level format then I have to reinstall about 30MB of various programs, this of course does not include any user programs/data, whereas if I use the DOS format and reformat only drive C: I then have to reinstall little more than half that. So am I safe in doing the DOS format, or should I only use a LOW level format? Thanks for any help. Anyone know where I can get a comprehensive list of viruses, their symptoms and what they do? - -- Anthony H Galway |\_/| I tried to think up something either tony4@garfield.cs.mun.ca (` ') profound or witty to put here ...... tony@piglet.engr.mun.ca |"| I couldn't.
frisk@rhi.hi.is (Fridrik Skulason) (05/21/91)
tony4@garfield.cs.mun.ca (Anthony H. Galway) writes: >(be assured that I have also done a LOW level format in cases when the >partition table was hopelessly infected). Uh, what do you mean ? There is NO virus which will "hopelessly" infect the partition table - all PBR infections can be removed without any formatting at all, although sometimes with some effort. Disinfection may not always cure all problems - if the virus in question is the variant of Stoned which stores the original PBR at (0,0,2) a low level format may be necessary on some machines - PS/2 in particular, I think. In the case of Azusa, Bloody and a few other viruses, not all disinfection packages are able to handle the problem, however. - -frisk
p1@arkham.wimsey.bc.ca (Rob Slade) (05/22/91)
tony4@garfield.cs.mun.ca (Anthony H. Galway) writes: > Which way is correct? I know the LOW level format guarantee's > results, but this method also destroys any additional partitions. We Hold on a second here. As Padgett (and others) keep trying to point out, formatting is not necessary. There are plenty of tools to "disinfect" your system without it. Secondly, and more importantly, even a low level format does not "garantee" any measure of safety. Most (all?) common viri are memory resident, and they will happily reinfect your system once you have reformatted. ============= Vancouver p1@arkham.wimsey.bc.ca | "If you do buy a Institute for Robert_Slade@mtsg.sfu.ca | computer, don't Research into (SUZY) INtegrity | turn it on." User Canada V7K 2G6 | Richards' 2nd Law Security | of Data Security