Padgett Peterson (08/14/90)
In my limited looks at viruses, I have noticed that those that go "resident" do so in a number of obvious ways. Those that do not (I believe the ICELANDIC was one) do not seem to spread very well since they chance being overwritten with a resultant crash. After 50 or 60 times most people tend to suspect something. My question is, does anyone know of any legitemate software that moves the TOM or changes the size of allocation available such as reported by CHKDSK ? I know of a few systems that start out with some memory allocated at the TOM (Compaq is one) but none that change after the BIOS start-up. Since Microsoft-compliant TSRs reside in low memory, these should not do anything up top. A call was received from Zenith today confirming that XT-type machines running Zenith's version of DOS 3.1 & 3.2 do periodically place a timestamp on the boot record of the hard drive. Generally the boot record will contain the signature ZDS3.x (where x is 1 or 2) though since Norton's Disk Doctor became available, I have seen some strange combinations. On the machines I have examined, if they boot without an AUTOEXEC.BAT present, a Zenith logo will be displayed following the time/date request. In any event, a good virus checker that validates the boot record will probably flag this as an exception each time it checks. Good luck, Padgett