C09615SJ@WUVMD.BITNET (01/18/91)
>From: "David.M.Chess" <CHESS@YKTVMV.BITNET> >Hm, interesting. The Stoned infects the master boot record >(synonymous with "partition table") on the first physical hard drive >(BIOS drive id "80" hex). In your case, that's the master boot record >on the 80Mb hard disk. The master boot record (and therefore the >partition table) are stored at the very bottom of the disk, lower than >any of the partitions (E F G and H). Ooops. Yes I found all this out after I sent the message. I am, unfortunately, BIOS illiterate. But the poliferation of viruses here at Washington University in St. Louis is forcing me to learn more every day. It was a "shoot from the hip" answer to very real effect which I outlined. >Did you test whether or not, after booting from a clean floppy and >then switching to E: and back to A:, the virus was actually *active* >(infecting new diskettes), as well as being in memory? My guess would No we did not. Oops again. [stuff deleted] >active virus from a "ghost" of the virus that just happens to be >sitting in a buffer somewhere, never running). The only way the usual >Stoned virus can get control is if it's present on the boot record or >the disk or diskette that the system is booted from. Ummmm... I'm not sure I understand what a "ghost" virus implies, we were never able to actually clean it off so I don't know how it could have become a "ghost". Also there was at least enough of it to set of McAfee's SCAN program. Jon Jon Spinner Washington University C09615SJ@WUVMD