|
|
|
Help! I have (or my computer has) a virus. I have Antiexe and can't get rid of it. McAfee Scan229 finds it but can't get rid of it. I have asked the computer systems people at work and what they said is as follows: "Removal should follow a cold boot from a known clean system diskette. Users of DOS 5.0 or later (I have 5.0) may remove the virus from a hard drive with the FDISK /MBR command (where available). Otherwise, they should copy the original MBS, stored at Track 0, sector 13, Head 0 back to its correct location at Track 0, Sector 1, Head ), using a sector editor" Question: Is it safe to try the FDISK /MBR command or do I stand a chance of wiping out my disk? Thanks,
11 responses total.
This response has been erased.
Yes, it apparantly doesn't do disastrous things, but I can't share any disks with my work computer now. The work computer shuts down if it detects a virus. I also tried F-Prot which is supposed to be a lot better than McAfee, but it does exactly the same thing. I think I am going to get up enough nerve to try the FDISK /MBR command, but I don't know what I am risking by doing so. PS. Yes, I was cold booting from a clean disk.
This response has been erased.
<orinoco crosses his eyes>
Hmm. The help for the Windows95 version of fdisk doesn't mention the /mbr switch.
It appears to be in versions of DOS 5.0 and above
By the way, I thought I was booting from a clean disk, but I wasn't. Apparantly, I did a "DIR" on the disk before I booted and it must have picked up the virus. I finally got a totally new copy of a virus scan program and booted it from the off position. It found it and cleaned it. I am not sure how my other disks got infected, but I know I looked at them first. I recently bought a new (used) computer and thought that was the source. Not so! All the software I bought with the new computer was clean as was the hard disk. I scanned all my own disks and found ANTI-EXE in abundance. It was not detectable by the older level Disk Scan I was using. Some of the infected disks were very old - not used for 5 yrs or so. The Antiexe virus made the COMMAND.COM file slightly larger than it should be. Apparantly the virus scan software compares file sizes, although I don't know how it knows what the file size should be. Final note: Maybe I forgot to write-protect the boot disk in my oriiginal attempts. This is listed as a requirement. The antiexe virus is referred to as a "stealth" virus which infects upon reading.
Yep, when you suspect you've got a virus, always write-protect every single diskette you put into the drive as you try to fix the problem.
for future reference, the /mbr switch is an undocumented dos feature that stands for "master boot record." fdisk /mbr simply re-writes this record to make it dos-nice. it isn't a bad command, doesn't remove partitions, and shouldn't destroy any data. one thing it will do is remove LINUX LILO (linux loader) because LILO has its executable code IN the mbr (just like a virus, in fact!).
I might add that the software which was on the used computer I bought has programs which other software sees as a virus. The software, by Central Point Software has MSAV/CPAV programs which reside on memory and are read by McAfee as ISRAELI BOOT, OHIO, FILLER A, and other virus names. This caused a lot of confusion to me, but the latest McAfee gives you a warning on the subject.
Norton Anti-Virus thought Windows95 was a virus when I installed it on a client's machine. That was because Windows95's install (of course) had to overwrite the MBR.
Response not possible - You must register and login before posting.
|
|
|
- Backtalk version 1.3.30 - Copyright 1996-2006, Jan Wolter and Steve Weiss