raynor@rzsin.sin.ch (Jeff Raynor) (08/04/89)
One of my colleagues has just become infected with the "Stoned/Australian" virus and contacted me for help. I have searched through my VIRUS-L archives for information. There seems little specific details of what part of the hard disk it infects, nor how to remove it. The best information was on 8-May-89 from Alan_J_Roberts/Jim Goodwin: >..this virus stores itself between the partition table and the > first partition. According to Norton Utilities, Absolute sector Side 0, Cylinder 0, Sector 1 is my partition table, while Sector 2 is the start of my DOS partition. Where is the virus supposed to reside? at the end of the 1st sector, or is there an error in my sector numbering? There is further mention that SYS fails to remove the virus (I can confirm that), but recommends MDISK. I have downloaded the <MSDOS.TROJAN-PRO>MD40.ARC from Simtel, but find that it is DOS version specific, MD40 is for DOS 4.0 only. In this case, I need MD32, but would like MD30 and MD33 as we run 3.1 and 3.3 here. I would also like to see a DOS independent algorithm to remove the virus manually using DEBUG low-level read/writes or a Disk editor. Thanks for your help Jeff Raynor EARN: RAYNOR@RZSIN.SIN.CH Post: Paul Scherrer Institut, Badenerstrasse 569, 8048 Zurich, Switzerland.