frisk@rhi.hi.is (Fridrik Skulason) (07/14/89)
I need an answer to the following question:
In the boot sector of every diskette and hard disk there is a short
string starting at the fourth byte. This string contains information
about the version of DOS used to format the disk/diskette.
Typically it is something like "IBM 3.0" or "MSDOS2.0".
What I need to know is: What other possibilities are there ?
The reason I'm asking this question is as follows:
I'm working on a package of programs for fighting computer
viruses on the PC. One program in this package tries to determine
if the boot sector has been infected by some virus. Since some
viruses modify the label described above, it is one of the things
I check on each diskette. For example, one well-known virus will
write 1234 in this place, and another (the Pentagon virus) will write
"HAL" there.
Now - my problem is that one person who was using a beta-test version
of the program told me that the program would flag diskettes formatted
on a Cordata machine as "Possibly infected by an unknown virus".
Examination revealed that the reason was the string "CDS" instead of
"IBM" or "MSDOS". Therefore I am asking for a bit of assistance.
If you have a machine from somebody other than IBM, please take a look
at this portion of the boot sector, using NORTON or some similar program.
If it contains a string different from "IBM", "MSDOS" or "CDS", please
send me information on the string and the machine type.
Of course - the package will be distributed freely when finished - Expect
it to appear on comp.binaries.ibm.pc or in some accessible place.
I just need to obtain a few more viruses to test it against first. Currently
I have only tested it (and found it 100% effective) against Brain, Ping-Pong,
1704 and a new Icelandic (I think) virus.
This message would have been posted to comp.virus, but since it is not
operating right now, I am posting it here.
Fridrik Skulason University of Iceland
frisk@rhi.hi.is
Guvf yvar vagragvbanyyl yrsg oynax .................allbery@NCoast.ORG (Brandon S. Allbery) (07/22/89)
In your article <0009.y8907171856.AA19378@ge.sei.cmu.edu> ["Request for boot se ctor information"], you wrote: +--------------- | I need an answer to the following question: | | In the boot sector of every diskette and hard disk there is a short | string starting at the fourth byte. This string contains information | about the version of DOS used to format the disk/diskette. | Typically it is something like "IBM 3.0" or "MSDOS2.0". | What I need to know is: What other possibilities are there ? +--------------- Out of three versions of DOS available to me, two don't follow this rule: ITT XTra, ITT DOS 2.11: "ITT 2.0 " Wyse PC DOS 3.2: "PC & AT^@" Altos 500 MS-DOS 3.3: "MSDOS3.3" ++Brandon - --- Brandon S. Allbery, moderator of comp.sources.misc allbery@NCoast.ORG uunet!hal.cwru.edu!ncoast!allbery ncoast!allbery@hal.cwru.edu NCoast Public Access UN*X - (216) 781-6201, 300/1200/2400 baud, login: makeuser (Send inquiries to rhg@NCoast.ORG, *not* to me! I'm just the resident guru.) * "ncoast" regenerates again! The 5th "ncoast", coming August 1 (stay tuned) *