home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Night Owl 6
/
Night Owl's Shareware - PDSI-006 - Night Owl Corp (1990).iso
/
010a
/
fixmbr17.zip
/
FIXMBR17.DOC
next >
Wrap
Text File
|
1991-12-08
|
6KB
|
112 lines
FixMBR v1.7 (beta)
FixMBR is a combination recovery/integrity management program
for the protection of hard disks. In the case of an Master Boot
Record infection FixMBR may be used to restore either the
original Master Boot Record or to rebuild it using an original
Partition Table taken from either inside the virus or from one of
the "hidden" sectors (where most MBR infectors hide them).
FixMBR also provides for capture/storage of an off-line copy
of the MBR sector that may be used for recovery.
FixMBR requires no complicated switches and will prompt for
all necessary information and permissions. Further FixMBR will
suggest only legitimate partition tables found in the "track 0"
area that have not overwritten vital information.
Suggested Use
FixMBR is best utilized before infection strikes. In this
case, save the original MBR, select the partition table found in
sector one, and allow use of the SafeMBR code.
In the event of an identified infection (e.g. STONED), simply
boot from a known clean floppy, run FixMBR and increment to the
sector in which the virus stores the real MBR (e.g. sector 7)
then use this to either restore the original MBR or use the
SafeMBR code.
In the case of an unknown infection, the best bet would be to
select a partiton table from a sector other than sector one
following a clean floppy boot.
In the event that a valid partition table is only found in
sector one (e.g. Azusa) then the SafeMBR code must be selected
again only after a known clean floppy boot.
WARNING: For FixMBR to work properly, it is essential that any
disk cacheing be turned OFF !
SAFEMBR v1.5
An integrity checking Master Boot Record for IBM-PCs and
Clones by Padgett. Copyright (C) 1991, all rights reserved.
This program is designed to replace the standard MS-DOS
master boot record program with code that does more than just
find the active partition and jump to the O/S boot record,
SAFEMBR first checks the disk access integrity, its own
integrity, and validates the indicated partition.
SAFEMBR will detect all known Master Boot Record virus
infections including those using "stealth" such as JOSHI and the
EVIL EMPIRE as well as the most common infector, STONED.
Used in conjunction with NoFBoot (C), the likelyhood of an
undetected BIOS level infection going undetected drops to near
zero.
Invocation is simple: from the DOS command line type
>SAFEMBR. SAFEMBR with then retrieve tha current MBR, check the
partition table for validity, incorporate the table into its own
code, copy the MBR to the second (hidden - SAFEMBR verifies the
presence of hidden sectors) sector, and places itself in the MBR.
Using the techniques proven by its more rigourous commercial
relative, DISKSECURE, SAFEMBR can provide immediate generic
front-line detection of viruses both known and unknown for the
individual PC.
Being a MBR replacement only, SAFEMBR does not go resident
and thus does not require any dedicated RAM. Following the
IBM/MicroSoft specifications for a MBR, SAFEMBR is effective even
with validating BIOSes such as the TANDON and "unrully" disk
controllers which write to the MBR.
When installed, SAFEMBR will display its logo on each boot.
Should an exception occur, the boot will halt with an error
message such as "Low Interrupt Vector", "Invalid First Sector",
"Invalid Master Boot Record", or "Missing Operating System". The
system can then be booted with a floppy disk and investigation
made to determine the cause of the exception.
It should be noted that many security products using MBR
relocation techniques are incompatable with SAFEMBR. If such a
product uses MBR redirection to prevent booting from a floppy
disk, this will be the case.
Padgett Peterson
Orlando, Florida
(407)352-6007
padgett@tccslr.dnet@mmc.com
DISCLAIMER: This software is furnished "as is" and all liability
for the effects of the use of this software rests with the
user. Adequate backups are the best protection from loss.
Note: This distribution consists of two files:
FixMBR17.exe - 1659 bytes - the program
FixMBR17.doc - this document
v1.7 - multiple drive handler added
v1.6 - fixes "Invalid Partition Table" error with SafeMBR when
active partition is not first in table.
v1.5 - first beta version released