CHESS@YKTVMV.BITNET (David.M.Chess) (12/12/90)
DRAGON@RCN.BITNET (MYSTENSERTABETHIEN AND COMPANY) asks about how effective FORMATing a disk or erasing a file is in removing a virus. For most file-infecting viruses, it's sufficient to (1) get the virus out of memory, by power-off-rebooting from an uninfected diskette, and (2) erase all the infected files on all media (this includes backup sets, diskettes in drawers, that diskette you loaned to the guy in the next room the other day that he's about to return, etc). For viruses that infect diskette boot sectors, I'd generally recommend doing (1) above, using COPY (not DISKCOPY) to stash away any important files on the diskette, and then FORMATting the diskette (FORMAT on a diskette actually removes all the data). Boot-infecting viruses on hard disks are somewhat more complex. The DOS command "FORMAT" only does things to the DOS partition. If a virus (like the Stoned) has infected the master boot record, which is outside the DOS partition, FORMAT won't touch it. Removal techniques for such viruses include a low-level format of the entire drive (ouch), virus-specific removal programs, and utility programs that re-write the master boot record. Other viruses (like the Bouncing Ball) infect the DOS boot record, which _is_ in the DOS partition, and these can generally be removed with a FORMAT, or even just with the SYS command. Of course, always scan your system after a clean boot one last time, to make sure the virus is really gone (and don't forget all those diskettes). "Stealth" viruses are not much harder to clean up from than normal viruses; you just have to be a little more careful. As long as you haven't run an infected program, or booted from an infected disk(ette), a file/disk infected with a "stealth" virus is just as easy to find as any other infected thing. A "stealth" virus can do confusing things to you only if it gets a chance to run, after all! DC