MATHRICH@UMCVMB.BITNET (Rich Winkel UMC Math Department) (09/22/89)
>From: IA96000 <IA96%PACE.BITNET@VMA.CC.CMU.EDU> >if you use fdisk to create a dummy partition of lets says 2 >cylinders and then create a second normal active dos partition >will this prevent the virus from destroying track zero? It depends on how it accesses the disk. If it uses bios calls (INT 13H), it will still attack physical cyl 0 on the disk. If it uses the dos absolute disk write call (INT 26H) it will wipe out whatever the starting track of the dos partition is. Even if it uses the bios call though, and you've partitioned the disk so it doesn't touch dos's FAT and directory, it will still wipe out the master boot sector where the partition table is stored. That wouldn't be so bad if you could make FDISK simply put a new master boot sector on the disk, but unfortunately FDISK insists on doing some general housecleaning which may finish the job that datacrime started. I'm not sure of the extent of the housecleaning, so I can't say for sure. Rich
2014_5001@uwovax.uwo.ca, , (A.R. PRUSS) (09/26/89)
In article <0005.8909251230.AA29228@ge.sei.cmu.edu>, MATHRICH@UMCVMB.BITNET (Ri ch Winkel UMC Math Department) writes: >>From: IA96000 <IA96%PACE.BITNET@VMA.CC.CMU.EDU> >>if you use fdisk to create a dummy partition of lets says 2 >>cylinders and then create a second normal active dos partition >>will this prevent the virus from destroying track zero? > > It depends on how it accesses the disk. If it uses bios calls (INT > 13H), it will still attack physical cyl 0 on the disk. If it uses the > [correct info deleted to conserve space] Is it not simpler to back the FAT/boot sectors up to floppy and then restore them? You can use Norton Utilities Advanced for that, or a quick little utility that I will release within a week. What I would like to know, however is whether just rewriting the boot and FAT sectors will be sufficient? Alexander Pruss, at one of: Department of Applied Mathematics, Astronomy, Mathematics, or Physics University of Western Ontario pruss@uwovax.uwo.ca pruss@uwovax.BITNET A5001@nve.uwo.ca