Path: utzoo!attcan!utgpu!jarvis.csri.toronto.edu!mailrus!wuarchive!gem.mps.ohio-state.edu!usc!polyslo!vlsi3b15!vax1.cc.lehigh.edu!sei.cmu.edu!krvw
From: jwright@atanasoff.cs.iastate.edu (Jim Wright)
Newsgroups: comp.virus
Subject: Re: OGRE virus in Arizona (PC)
Message-ID: <0005.8910051142.AA12544@ge.sei.cmu.edu>
Date: 4 Oct 89 23:15:47 GMT
Sender: Virus Discussion List <VIRUS-L@IBM1.CC.Lehigh.EDU>
Lines: 18
Approved: krvw@sei.cmu.edu

In article <0011.8910041808.AA09177@ge.sei.cmu.edu> WIER@NAUVAX.BITNET writes:
| Because the OGRE virus operates at such a "low level," none of the
| existing virus detection/elimination programs currently in existence
| for the IBM PC will work.
|
| FUTURE VIRUS DETECTION IDEA
|
| Checksum the boot blocks.

The new program BootChek goes one better than this.  It will compare the
entire boot block with a secured copy.  Since it is small, this comparison
is fast, and better than a checksum.  If a change is detected, the computer
is halted.  WARNING:  This will detect any *change* in the boot block.
If you start with an infected system, this won't help.

- --
Jim Wright
jwright@atanasoff.cs.iastate.edu