childs%gpx.dnet@deimos.oscs.montana.edu (12/07/90)
In the past few weeks, one of our student use microcomputer labs has been repeatedly infected with the STONED-B virus. What makes the problem difficult, however, is that NONE of the disinfect programs we have tried (F-PROT, M-DISK, Cleanup) seem to be able to remove it properly. It appears that the partition table on these machines is not in a standard location, so after the virus is removed, the partition table is invalid and the machine will no longer boot from drive c:. Using information I received second-hand from Mike Lawrie (ccml.rures@f4.n494.z5.fidonet.org) I wrote a short C program to copy the bytes in head 0, cylinder 0, sector 7 to the h0,c0,s1 and everything seems to work ok (the program does NO error checking, though, so its quite dangerous to use). This led me to a bigger endeavor, though, and I need some help. I once saw a program called PC-LOCK by Johnson Computer Systems that password protected a hard drive by 1) invalidating the partition table so an attempt to get to drive c: after booting from drive a: would result in an "Invalid drive specification"and 2)installing a device driver upon bootup from drive c: that asked the user for a password and locked up the machine if failure. I have been trying to duplicate the functionality of this program without the password protection code (too much of a nuisance for lab use). This program was able to prevent boot sector viruses from ever getting to the hard drive by virtue of the invalid partition table, and I'd like to write my own program to do this (of course, if code already exists (that DOES NOT ask for a password) please let me know). So, my question is this: Can anyone explain to me (or send me code :-)) in detail how the hard drive boots up?? I understand fairly well how a floppy disk boots, but I dont understand the relationship (or the code) between the master boot record/partition table and the partition boot code (the one affected by sys c:). If I can actually figure out this program, the resulting code will be placed in the public domain! Thanks for any help provided. John-David Childs Senior Consultant University of Montana CIS I can be reached at any of the following addresses: con_jdc%umt01.dnet@deimos.oscs.montana.edu con_jdc@selway.umt.edu con_jdc%umt01.dnet@mtsunix1.bitnet Disclaimer: Huh?? Whats that?