home *** CD-ROM | disk | FTP | other *** search
- Path: sparky!uunet!dtix!darwin.sura.net!jvnc.net!netnews.upenn.edu!netnews.cc.lehigh.edu!news
- From: bontchev@fbihh.informatik.uni-hamburg.de (Vesselin Bontchev)
- Newsgroups: comp.virus
- Subject: Re: Is this a new virus? (PC)
- Message-ID: <0015.9301062041.AA14693@barnabas.cert.org>
- Date: 5 Jan 93 22:18:57 GMT
- Sender: virus-l@lehigh.edu
- Lines: 28
- Approved: news@netnews.cc.lehigh.edu
-
- tck@bend.ucsd.edu (Kevin Marcus) writes:
-
- > >0,0,8. This is irrelevant. What is rellevant is that the problem with
- > >Michelangelo occurs exactly because the "standard" Stoned variant put
- > >the original MBR at 0,0,7 - at the same place as Michelangelo, and
- > >because the two viruses do not recognize each other.
-
- > Oh, come on, it is relevant. The original problem: Disinfection of a
- > Stoned and MIchelangelo infection. Where they move the orig. MBR is
- > quite important, because in one case, it is possible to remove the
- > viruses by pulling the original MBR up, and in the other, it is not.
-
- That's exactly what I am trying to tell you, but maybe I am not
- expressing myself clearly enough. The Stoned+Michelangelo problem
- occurs exactly because both viruses store the original MBR at ONE AND
- THE SAME PLACE, therefore the original MBR gets lost. Such system
- cannot be disinfected, because there is no original MBR. The only
- solution is to put a new MBR, which the anti-virus program must carry
- with itself. Of course, some care should be taken not to destroy any
- PARTITION TABLE information.
-
- Regards,
- Vesselin
- - --
- Vesselin Vladimirov Bontchev Virus Test Center, University of Hamburg
- Tel.:+49-40-54715-224, Fax: +49-40-54715-226 Fachbereich Informatik - AGN
- < PGP 2.1 public key available on request. > Vogt-Koelln-Strasse 30, rm. 107 C
- e-mail: bontchev@fbihh.informatik.uni-hamburg.de D-2000 Hamburg 54, Germany
-
