8326442@AWIWUW11.BITNET (martin zejma) (06/02/90)
During the last two months there were several asks how to remove
the STONED-virus from harddisks. The solution is quite easy :
1) Boot from a clean write-protected floppy disk
2) Use a disk-monitoring program
( the good old DEBUG would make it also, but better are programs
like the Norton Utilities )
3) Read sector 7 from the boot track
( Exactly : Head 0 , Track 0 , Sector 7 )
At the begin of this sector you should find the system description of your
operating system ( f.e. DOS 3.3, PCDOS 4.00, etc) and the volume label of
your harddisk.There is also the partition table viewable, but most people
can't read it ;-) .
4) Write this sector over the infected boot sector of the harddisk
( that's Head 0 , Track 0, Sector 0 , just to make it failsafe).
5) Remove the floppy disk, and make a cold-boot from the harddisk.
Now everything should work fine.
If you don't have backups from your harddisk, backup the infected disk,
the bootsector is not backed up like files, and the virus doesn't
infect files , just the boot sector.
All that stuff should work fine, because until now I heard nothing
about other variants of this virus floating around. On disks which
you can't clean transfering the OS using the SYS A: Command this
operation works also, but the ORIGINAL sector is stored at Head 1 ,
Track 0, Sector 3 .
Hope this solves the nightmares with this virus.
( All errors included without extra-fee )
sincerly yours,
Martin Zejma
+--------------------------------------------------------------------+
| |
| Martin Zejma 8326442 @ AWIWUW11.BITNET |
| |
| Wirtschaftsuniversitaet Wien --- Univ.of Economics Vienna /Austria |
+--------------------------------------------------------------------+8350893@AWIWUW11.BITNET (Zoltan DAROCZI (8350893)) (06/06/90)
Martin Zejma ( 8326442-awiwuw11.bitnet) writes: >4) write this sector over the infected boot sector of the harddisk. > ( that's Head 0 , Track 0 , Sector 0 , just to make it failsafe). the sectornumbers on harddisks are starting at 1, not at 0 || so the right position is Head 0 , Track 0 , Sector 0. at 3) the sectornumber is correct.
person@uunet.UU.NET (Brett G. Person) (06/07/90)
I had a friend call me who told me that Stoned actually damaged the media on the hard drive. He said they lost a full ten Meg. He took the drive through a low-level + dos format, and only wound up with 20Meg on a 30 meg disk. Now, I know that a piece of software isn't supposed to physically destroy media, but he said that the tech from the disk company claimed that Stoned actually does destroy the media permanantly. I don't pretend to know everything about the pc, do I told him I'd ask here. My bet is that the drive was either mis-labled as a 30 meg, or somehow partitioned wrong. - -- Brett G. Person North Dakota State University uunet!plains!person | person@plains.bitnet | person@plains.nodak.edu