goyal@ccu.umanitoba.ca (12/21/90)
From: goyal@ccu.umanitoba.ca () Newsgroups: comp.sys.ibm.pc Subject: Stoned virus - HELP!!! Expires: References: Sender: Followup-To: Distribution: world Organization: University of Manitoba, Winnipeg, Canada Keywords: i have got a stoned virus in the partition table of my hard disk and utilities like flushot, viruscan are no help any help would be greatly appreciated! sameer goyal goyal@ccu.umanitoba.ca
apm233m@vaxc.cc.monash.edu.au (12/21/90)
In article <1990Dec20.165152.25913@ccu.umanitoba.ca>, goyal@ccu.umanitoba.ca writes: > > i have got a stoned virus in the partition table of my hard disk > and utilities like flushot, viruscan are no help > any help would be greatly appreciated! > MS-DOS maintains (but does not use) two copies of the partition table. If you wrote NOTHING to your disk since it got "stoned" then you should still have one good copy of the partition table and it is not too difficult to write a small program to copy the good over the bad (I have done this some time ago but the program which I have may or may not be suitable for your particular machine). The bad news is that if ANYTHING has been written to disk using the MS-DOS functions then you will now have two identically corrupted copies of the partition table and you will find it difficult to retrieve some of the files from your disk - note that you should not have lost all of your files though. There are several things you can do to retrieve as much as you can from the disk, but for the most part it amounts to (the equivalent of) deleting those files which use the corrupted parts of the FAT. ----------------------------------------------- Bill Metzenthen Mathematics Department Monash University Melbourne Australia
silver@xrtll.uucp (Hi Ho Silver) (12/23/90)
In article <1990Dec20.165152.25913@ccu.umanitoba.ca> goyal@ccu.umanitoba.ca writes:
[includes a header from a probably identical article for unknown reasons]
$i have got a stoned virus in the partition table of my hard disk
$and utilities like flushot, viruscan are no help
$any help would be greatly appreciated!
You can try McAfee's CLEAN, but it may not be possible to remove the
virus from your partition table. Another program you can try is MDISK,
available from McAfee's BBS at (408) 988-4004. This is actually a series
of four programs; which one you need depends on your DOS version. For
DOS 3.30, for example, you would use MD33.EXE. It will rewrite your
partition table entirely, wiping out the virus and (hopefully) putting
things back to the way they were. This is a shareware program, BTW, so
if you use it, register it.
Make sure you do this after booting from a CLEAN, WRITE-PROTECTED
diskette. It's also a Very Good Idea to make a backup of your hard
drive before running MDISK. It usually works, but in some cases it
might not work perfectly. Stoned doesn't infect .COM and .EXE files,
so your backup won't be infected by it (though if you make your backup
after booting from an infected disk, your backup diskettes may have
infected boot sectors).
--
__ __ _ | ...!nexus.yorku.edu!xrtll!silver | always
(__ | | | | |_ |_) >----------------------------------< searching
__) | |_ \/ |__ | \ | if you don't like my posts, type | for
_____________________/ find / -print|xargs cat|compress | SNTF
--
__ __ _ | ...!nexus.yorku.edu!xrtll!silver | always
(__ | | | | |_ |_) >----------------------------------< searching
__) | |_ \/ |__ | \ | if you don't like my posts, type | for
_____________________/ find / -print|xargs cat|compress | SNTF
--
__ __ _ | ...!nexus.yorku.edu!xrtll!silver | always
(__ | | | | |_ |_) >----------------------------------< searching
__) | |_ \/ |__ | \ | if you don't like my posts, type | for
_____________________/ find / -print|xargs cat|compress | SNTF