tony4@garfield.cs.mun.ca (Anthony H. Galway) (05/16/91)
Our PC labs have been recently become victim of several partition table viruses, namely Bloody!, Azusa and Stoned. I find that McAfee's CLEAN works well on the STONED allowing it to clean the partition table almost all the time (rarely, though it happens, it seems to be to far gone and I end up doing a format), but the BLOODY! virus seems to be a bit more advanced more often than not the CLEAN program claims that it can not safely remove the virus from the partition table ... and so ....format C:! Now am I the absolute soul of niavete by taking this action, or am I doing the only thing possibly? Is there any better anti-viral around that can handle partition table problems? If not is there any way to better protect ourselves. FYI: We use the latest version of Scan, Vshield, and Clean taken from Simtel (we have the site licence), plus we are not adverse to getting a better package commercially if it will satisfactorally protect us. P.S. Where can I get a comprehensive list of the effects and symptoms of known viruses? I appreciate any help. - -- Anthony H Galway |\_/| I tried to think up something either tony4@garfield.cs.mun.ca (` ') profound or witty to put here ...... tony@piglet.engr.mun.ca |"| I couldn't.
padgett%tccslr.dnet@mmc.com (Padgett Peterson) (05/17/91)
>From: "Anthony H. Galway" <tony4@garfield.cs.mun.ca> >... and so ....format C:! > Now am I the absolute soul of niavete by taking this action, >or am I doing the only thing possibly? Having dealt with a number of viruses, I have never "HAD" to format a disk, all are removable by someone who understands the architecture. Except in one case which I suspect you have encountered & relates to hardware rather than a virus (no hidden sectors), all that is needed is a protected bootable floppy containing DEBUG, a hardware list (optional but handy), and CHKDSK. The problem with CLEAN and other generic disinfection routines is that they being automatic routines, cannot anticipate or handle every conceivable mix of hardware and O/S. A good tech who understands assembly language, MBRs, & viruses can. Given the first two qualifications, the rest can be taught in a day.
72571.3352@CompuServe.COM (Wolfgang Stiller) (05/18/91)
>From: "Anthony H. Galway" <tony4@garfield.cs.mun.ca> > > Our PC labs have been recently become victim of several >partition table viruses, namely Bloody!, Azusa and Stoned. I find >that McAfee's CLEAN works well on the STONED allowing it to clean the >partition table almost all the time (rarely, though it happens, it >seems to be to far gone and I end up doing a format), but the BLOODY! >virus seems to be a bit more advanced more often than not the CLEAN >program claims that it can not safely remove the virus from the >partition table ... and so ....format C:! > > Now am I the absolute soul of niavete by taking this action, >or am I doing the only thing possibly? Is there any better anti-viral >around that can handle partition table problems? If not is there any >way to better protect ourselves. There are tools: CHKBOOT and LODBOOT which come with the PCdata Integrity toolkit (Free) which will detect any boot or partition table infections and reload if these sectors should be infected. (The toolkit also detects any file corruption or virus infection) Reloading the partition sector would have solved your problem without the need for a "format C:" unfortunately, you've got to use CHKBOOT before your partition table is infected. These programs are available on CompuServe (GO ZNT:UTILFORUM) and download PCDCOM.ARC and PCDART.COM for the toolkit and the (self-extracting) article. These files are also on many BBS systems including the NCSA BBS 202-364-1304. Please read my article in the Feb 13th 1990 PC Magazine to learn all about this free software without downloading. If used according to directions the toolkit provides a complete virus detection system that will detect ALL viruses. Wolfgang Stiller (Stiller Research) Author of the PCdata Integrity Toolkit