LYNNE@vax.oxford.ac.uk (04/10/91)
Can anyone offer me preventative and curative measures for the new IDE hard disks if they become infected with a boot sector virus. If the virus is one that cannot be successfully removed by any of the current anti-viral software, I believe we will be reduced to doing a low-level format on the disk in order to rewrite the boot sector. This will, as far as I know, erase the information that on older drive types was stored in the CMOS, thereby making the disk unusable. As the manufacturers seem very reluctant to supply us with the information needed to correctly rewrite the boot sector we are looking at other means to avoid this eventuality. In the way of preventative measures we think that a solution would be to advise our users who are purchasing IDE drives to take several backup copies of the boot sector which they can then copy back to the disk if it becomes infected. We believe we can use Norton Utilities to rewrite the boot sector but are unsure about the procedure for writing the correct boot sector contents. Has anyone got information that would help us with this? Does anyone know of a simple (and optimally free) utility that provides a fool-proof mechanism for copying and writing the boot sector? As far as curative measures are concerned (where a copy has not been taken of the BS) we are stymied! Has anyone any suggestions? Again on the subject of boot sector viruses does anyone know of some anti-viral software that will remove the Spanish Telecom or Telefonica virus? Please mail me directly at LYNNE@UK.AC.VAX.OXFORD. Thanks in advance. Lynne Munro Oxford University Computing Service
padgett%tccslr.dnet@uvs1.orl.mmc.com (A. Padgett Peterson) (04/11/91)
>From: LYNNE@vax.oxford.ac.uk > >In the way of preventative measures we think that a solution would be >to advise our users who are purchasing IDE drives to take several >backup copies of the boot sector... I think you are talking about the Master Boot Record (aka Partition Table), DOS Boot Records are relatively easy to restore & FORMAT works if nothing else. >Does anyone know of a simple (and optimally free) utility that >provides a fool-proof mechanism for copying and writing the boot sector? I use DEBUG to do this all the time - the necessary code fragment is: MOV AX,201 MOV BX,200 MOV CX,1 MOV DX,80 INT 13 INT 20 After execution, the MBR will reside in locations 200h-3ffh for you to store in a .DAT file. Restoration just requires changing one byte. If you want the DOS Boot Record, "L 200 2 0 1" will put that in the same location. >As far as curative measures are concerned (where a copy has not >been taken of the BS) we are stymied! Has anyone any suggestions? If you have a number of similar machines, all partitioned the same way, you should find that the MBR and BR are the same between machines (no guarentees though). A good tech should be able to rebuild a lost MBR in about 15 minutes if the drive is known & familiar.