MMCCUNE@sctnve.BITNET (08/07/90)
Here is a program to remove the Joshi virus from hard disks. It can be assembled by using DEBUG (Like this). DEBUG A MOV DX,0080 MOV CX,0001 MOV BX,0200 MOV AX,0201 INT 13 CMP AH,0 JNE 13C MOV CX,0008 MOV AX,0301 INT 13 CMP AH,0 JNE 150 MOV CX,0009 MOV AX,0201 INT 13 CMP AH,0 JNE 13C MOV CX,0001 MOV AX,0301 INT 13 CMP AH,0 JNE 150 INT 20 MOV AH,9 MOV CX,145 INT 21 INT 20 DB 'Read Error$' MOV AH,9 MOV DX,159 INT 21 INT 20 DB 'Write Error$' N RMJOSHI.COM RCX :80 W Q To restore the disk to its origonal condition (like using it on and uninfected hard disk), use this program. DEBUG A MOV DX,0080 MOV CX,0008 MOV BX,0200 MOV AX,0201 INT 13 CMP AH,0 JNE 122 MOV CX,0001 MOV AX,0301 INT 13 CMP AH,0 JNE 136 INT 20 MOV AH,9 MOV DX,12B INT 21 INT 20 DB 'Read Error$' MOV AH,9 MOV DX,13F INT 21 INT 20 DB 'Write Error$' N RETURN.COM RCX :50 W Q This will return the hard disk to it's origonal state (before RMJOSHI was executed). Be sure to boot off an unifected diskette before using these programs. Since Joshi Virus redirects attempts to read or write to the virus, these programs will not work if the virus is active in memory. These programs may be used by anybody, as long as they are not modified or used in another program...<MM>.
Alan_J_Roberts@cup.portal.com (09/01/90)
Iain Noble asked in yesterday's VIRUS-L if there existed a Joshi virus remover. CLEAN-UP (McAfee's) version 66 removes the Joshi, as does McAfee's M-DISK. Both programs remove the Joshi and repair the corrupted boot sectors and partition table. Alan Roberts