Michael_Kessler.Hum@mailgate.bitnet (02/09/91)
Someone just brought in 3 diskettes, 2 of which contained only text files, the last one contained an application. None of them were boot diskettes (although they may have been originally and someone simply erased the command.com file). F-Prot's (version 1.13) F-Disinf claimed that all three had the Alameda/Yale virus. But when asked to clean the boot sector, I received that message that the virus could not be removed, no boot sector was found. Copying the files to a new disk and reformatting the disks solved the problem. But is there any explanation for finding the virus in an infected boot sector that then cannot be found?
frisk@rhi.hi.is (Fridrik Skulason) (02/10/91)
Michael_Kessler.Hum@mailgate.bitnet writes: >But when asked to clean the boot sector, I received that message that the >virus could not be removed, no boot sector was found. Copying the files to >a new disk and reformatting the disks solved the problem. But is there any >explanation for finding the virus in an infected boot sector that then >cannot be found? The diskettes are infected, all right - the problem is just that the original boot sector, (which is normally stored on track 39) cannot be found. This could be because the diskettes did not contain a valid boot sector when they were infected - the disinfector could remove the virus, but when it attempts to locate a valid boot sector to replace it with, it fails. Another possibility is that the diskettes were infected by a new variant of the virus, (which stores the boot sector elsewhere) but this cannot be determined as the diskettes were (unfortunately) formatted. - -frisk Fridrik Skulason University of Iceland | Technical Editor of the Virus Bulletin (UK) | Reserved for future expansion E-Mail: frisk@rhi.hi.is Fax: 354-1-28801 |