[RC5] Re: rc5-digest V1 #167
cannona at poboxes.com
Mon Mar 16 19:36:44 EST 1998
Where can I download some virus scanning software, or do I have to buy it?
REAL NAME: Aaron Willis Cannon
HOME PAGE: http://www.poboxes.com/cannona
Join the largest super computer in the world! http://www.distributed.net
Donate money to your favorite nonprofit organization for free!
On Mon, 16 Mar 1998, Joe Zbiciak wrote:
> Thanks for using NetForward!
> 'Dave Ladd' said previously:
> | Bad advice. Don't use the command until you know it
> | will wipe out the virus and nothing else.
> | If your system is infected with an self encrypting
> | virus you will screw up your partition table. You need
> | to use the virus innoculation options provided in your
> | virus software. Or fdisk and start over.
> The Monkey virus is known for this behavior. It is a "Stealth Virus"
> which copies your MBR/Partition Table to a different area of the
> hard drive and "encrypts" it. (Really, it just XORs with a constant,
> but that's sufficient to make it obscured.)
> When you boot with Monkey present, it hooks all drive accesses so that
> reads/writes to the MBR appear to show the real, uninfected MBR, but in
> actuality, the MBR on the drive has the Monkey virus in it. I imagine
> utilities and OSes which bypass DOS/BIOS services to access the disk
> would see an inconsistent MBR and complain of a problem, but would also
> be powerless to fix the problem.
> There are programs on the net for cleaning Monkey (eg. "KillMonk" comes
> to mind) and related virii from your computer. I would first boot from
> a clean, write-protected floppy which has your favorite DOS-based
> Anti-Virus software on it first and have it give its opinion of your
> hard drive before you proceed with drastic measures such as FDISK.
> +----------- Joseph Zbiciak ----------+
> | - - - - j-zbiciak1 at ti.com - - - - | Ignorance is the
> |- http://www.primenet.com/~im14u2c/ -| Mother of Devotion.
> | - - -Texas Instruments, Dallas- - - | -- Robert Burton
> +-----#include "std_disclaimer.h"-----+
> To unsubscribe, send 'unsubscribe rc5' to majordomo at lists.distributed.net
> rc5-digest subscribers replace rc5 with rc5-digest
To unsubscribe, send 'unsubscribe rc5' to majordomo at lists.distributed.net
rc5-digest subscribers replace rc5 with rc5-digest
More information about the rc5