home *** CD-ROM | disk | FTP | other *** search
- Path: sparky!uunet!dtix!darwin.sura.net!jvnc.net!netnews.upenn.edu!netnews.cc.lehigh.edu!news
- From: padgett@tccslr.dnet.mmc.com (A. Padgett Peterson)
- Newsgroups: comp.virus
- Subject: Clash between FDISK/MBR and scanners (PC)
- Message-ID: <0013.9301062041.AA14693@barnabas.cert.org>
- Date: 5 Jan 93 20:31:08 GMT
- Sender: virus-l@lehigh.edu
- Lines: 31
- Approved: news@netnews.cc.lehigh.edu
-
- >From: "Roger Riordan" <riordan@tmxmelb.mhs.oz.au>
-
- >The command FDISK /MBR is often recommended for removing MBR
- >infectors (Stoned, etc) from hard disks. However in some
- >circumstances this can cause problems with some scanners. It
- >appears that some versions of FDISK/MBR rewrite the Master Boot
- >Record only as far as the end of the error messages, leaving the all
- >important partition information unchanged, but also leaving any
- >viral code between the messages and the partition information.
-
- Cannot speak for all versions but the FDISK.EXE in MS-DOS 5.00
- dated 3-22-91 is identical to that of 11-11-91 and both zero out all
- the unused bytes between the end of the messages at absolute offset
- 0D9h and the beginning of the partition table at offset 1BEh.
-
- Of course FDISK/MBR will not have *any* effect with any DOS before
- 5.00 so this may be the cause.
-
- It is possible that PC-DOS or some other proprietary version or even
- that there may be an "export" MS-DOS that might have the effect Roger
- reports. (can only speak for what I have seen).
-
- Please reply directly & I will summarize any verifiable exceptions.
-
- Warmly,
-
- Padgett
- <padgett@tccslr.dnet.mmc.com>
-
- ps anyone know what the FORMAT switches /SELECT, /BACKUP, & /AUTOTEST
- do (MS-DOS 5.0) ?
-
