Subject:  DISINFECT: F-HARE detect/clean
Author:  Data Fellows
Uploaded By:  CJ Gloria
Date:  9/19/1996

File:  F-HARE14.ZIP (15046 bytes) 
Estimated Download Time (53797 baud):  < 1 minute
Download Count:  2082

Equipment:  Computer Hard Disk Floppies
Needs:  PKUNZIP.EXE

Keywords:  WINDOWS 95 INTERNET WWW WEB F-PROT F-HARE HARE VIRUS SCAN PROTECT DISINFECT CJGS DETECT REMOVE BOOT SECTOR MEMORY

TYPE:  Freely distributed

LIBRARY: IC/ Helper Apps (WIN)
------------------------------------------------
E-mail Address:    F-PROT-Support@DataFellows.com

WWW Address:    http://www.DataFellows.com/

FTP SITE:              ftp://ftp.europe.datafellows.com/

DESCRIPTIONS:  F-HARE will detect and disinfect the three known variants of the Hare virus (also known as HDEuthanasia and Krsna). This document gives a brief description of the Hare virus and explains how to use F-HARE to detect and disinfect this virus.

On the 22nd of August and the 22nd of September, members of the Hare virus family will trigger, attempting to overwrite hard disks, floppy disks in drives A: and B:.

Hare is a polymorphic, stealth, multi-partite virus. It is memory-resident and infects .COM and .EXE files, MBRs of hard disks, and floppy disk boot sectors. It is Windows 95 aware, enabling it to infect both files and the boot sectors of floppy disks used from Windows 95.

Known variants are Hare.7610, Hare.7750 and Hare.7786

TO INSTALL:  Run F-HARE with the drive letter of directory as a paramter. For example:

        F-HARE C:
        F-HARE Z:\USERS

F-HARE will first check memory and will tell you if the Hare virus is in resident:

              "Scanning for Hare in memory - Infected!"

If you find the Hare virus in memory, please reboot your computer from a clean write-protected system floppy diskette. This will ensure that the Hare virus is not in memory.

Type F-HARE <drive parameter> to determine if your Master Boot Record or any files are infected with the virus. If F-HARE finds the virus, you will be notified. Then, type F-HARE <drive parameter> /disinf. F-HARE will disinfect your Master Boot Record and infected files.

As detailed above, it is possible in some cases for the Hare virus to cause the DOS partition to be inaccessible when booted from a clean system disk. Do not worry, if this occurs, F-HARE can still remove the virus from both your hard disk and from any infected files.

If F-HARE has found the HARE virus in your MBR, but you cannot see the DOS partition of your fixed disk after booting from a floppy disk, take the following steps to disinfect your machine fully:

DOCUMENTATION:  F-HARE.TXT, PRO-DOC
-----------------------------------------------------------
Internet Connection Forum Libraries.     Keyword: NET SOFTWARE