wct1@unix.cis.pitt.edu (William C Tom) (11/21/90)
Thanks to all who responded to my previous questions on the Stoned virus. I used MDisk to remove Stoned from the partition table of my hard disk. According to ViruScan, the hard disk is now disinfected. BUT,.... the DiskEditor of Norton Utilities reveals some interesting stuff. In sector 0 0 1, what appears to be the correct partition table (I don't have the actual code) resides up to E1. Some distance after that, at FD, there begins a long string which includes the lines "your pc is now stoned", and "LEGALIZE MARIJUANA". Thus it seems that the virus is still present at least in some form in my hard disk. Looking into sector 7, there is what looks to me to be a corrupted version of the partition table; I am reluctant to test it by moving this version into sector 1 and possibly overwriting the correct partition table. My guess is that MDisk removed the infectivity of the Stoned virus from the hard disk while allowing some strings to remaiin Sector 1. Can some netters cast more light on this? Will these viral remnants be reactivated if I don't remove them? What is this material sitting in Sector 7 now; can it cause future trouble unless I rewrite nulls into the sector now? Thanks for any help.