padgett%tccslr.dnet@uvs1.orl.mmc.com (A. Padgett Peterson) (03/29/91)
>From: "Nick FitzGerald" <CCTR132@csc.canterbury.ac.nz> >Subject: STONED Problems (PC) >Padgett Peterson <padgett%tccslr.dnet@uvs1.orl.mmc.com> wrote: > Some OEM versions of DOS (some of them still >labelled MS DOS) with version numbers 3.0 and above have versions of >FDISK that still begin the first partition at 0,0,2 - from memory, I >think Falcon DOS 3.1 is one such. This may give a tiny bit more >usable disk space, but causes grief after a Stoned strike. This is very interesting, I had wondered since machines loaded with DOS 2.X have been advertised until recently. Since I have not seen many of the OEM versions of DOS this is quite possible. One point though: A disk could be partitioned with FDISK 1.00 even though a later version of DOS is loaded. I would like to hear from the readers if they have come across any later partitioning software that does not use "hidden sectors" as described. >So Padgett's recovery scheme only works if you happen to discover your >HD is infected between the actual infection (booting from an infected >floppy) and the first attempt to create or update a file, which >results in the 6th sector of FAT#1 being updated (at which point the >Stoned code is copied to FAT#2). Agree: the anti-viral mechanism I use detects such happenings immediately and does not even allow a boot to complete if this has occured. Also none of my disks are partitioned this way. Still, it's worth a try and beats the alternatives. I would recommend that anyone who feels their system is at risk from malicious software and is partitioned as above take the time to repartition their disk with the "hidden sectors" method. You lose a whopping 8k on a MFM drive. I would expect that the user would experience massive failures before getting to the writing stage. The most likely problem would stem from an attempt to use CHKDSK/F or Norton's to recover before finding the real cause of the trouble. Nick's points are very well taken and demonstrate the value of doing your homework on the architecture. He has taught me some new things. Padgett