[RC5] Re: rc5-digest V1 #167

Aaron Cannon cannona at poboxes.com
Mon Mar 16 19:36:44 EST 1998


Where can I download some virus scanning software, or do I have to buy it?
Thanks.

--
REAL NAME:       Aaron Willis Cannon
HOME PAGE:       http://www.poboxes.com/cannona

Join the largest super computer in the world! http://www.distributed.net

Donate money to your favorite nonprofit organization for free!
http://www.eyegive.com/html/ssi.cfm?CID=1222&MID=3995

On Mon, 16 Mar 1998, Joe Zbiciak wrote:

> Thanks for using NetForward!
> http://www.netforward.com
> v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v
> 
> 'Dave Ladd' said previously:
> | 
> | Bad advice.  Don't use the command until you know it
> | will wipe out the virus and nothing else.
> | 
> | If your system is infected with an self encrypting
> | virus you will screw up your partition table.  You need
> | to use the virus innoculation options provided in your
> | virus software.  Or fdisk and start over.
> 
> The Monkey virus is known for this behavior.  It is a "Stealth Virus"
> which copies your MBR/Partition Table to a different area of the 
> hard drive and "encrypts" it.  (Really, it just XORs with a constant,
> but that's sufficient to make it obscured.)  
> 
> When you boot with Monkey present, it hooks all drive accesses so that
> reads/writes to the MBR appear to show the real, uninfected MBR, but in
> actuality, the MBR on the drive has the Monkey virus in it.  I imagine
> utilities and OSes which bypass DOS/BIOS services to access the disk
> would see an inconsistent MBR and complain of a problem, but would also
> be powerless to fix the problem.
> 
> There are programs on the net for cleaning Monkey (eg. "KillMonk" comes
> to mind) and related virii from your computer.  I would first boot from
> a clean, write-protected floppy which has your favorite DOS-based
> Anti-Virus software on it first and have it give its opinion of your
> hard drive before you proceed with drastic measures such as FDISK.
> 
> Regards,
> 
> --Joe
> 
> -- 
>  +----------- Joseph Zbiciak ----------+
>  | - - - -  j-zbiciak1 at ti.com  - - - - |       Ignorance is the
>  |- http://www.primenet.com/~im14u2c/ -|       Mother of Devotion.
>  | - - -Texas Instruments, Dallas- - - |          -- Robert Burton
>  +-----#include "std_disclaimer.h"-----+
> --
> To unsubscribe, send 'unsubscribe rc5' to majordomo at lists.distributed.net
> rc5-digest subscribers replace rc5 with rc5-digest
> 
> 

--
To unsubscribe, send 'unsubscribe rc5' to majordomo at lists.distributed.net
rc5-digest subscribers replace rc5 with rc5-digest



More information about the rc5 mailing list