Path: utzoo!attcan!uunet!cs.utexas.edu!rutgers!netnews.upenn.edu!vax1.cc.lehigh.edu!cert.sei.cmu.edu!krvw
From: 8326442@AWIWUW11.BITNET (martin zejma)
Newsgroups: comp.virus
Subject: removing Stoned from harddisks (PC)
Message-ID: <0002.9006051151.AA17014@ubu.cert.sei.cmu.edu>
Date: 1 Jun 90 21:56:04 GMT
Sender: Virus Discussion List <VIRUS-L@LEHIIBM1.BITNET>
Lines: 46
Approved: krvw@sei.cmu.edu

During the last two months there were several asks how to remove
the STONED-virus from harddisks. The solution is quite easy :

1) Boot from a clean write-protected floppy disk

2) Use a disk-monitoring program
      ( the good old DEBUG would make it also, but better are programs
      like the Norton Utilities )

3) Read sector 7 from the boot track
      ( Exactly : Head 0 , Track 0 , Sector 7 )
   At the begin of this sector you should find the system description of your
   operating system ( f.e. DOS 3.3, PCDOS 4.00, etc) and the volume label of
   your harddisk.There is also the partition table viewable, but most people
   can't read it ;-) .

4) Write this sector over the infected boot sector of the harddisk
   ( that's Head 0 , Track 0, Sector 0  , just to make it failsafe).

5) Remove the floppy disk, and make a cold-boot from the harddisk.
   Now everything should work fine.

If you don't have backups from your harddisk, backup the infected disk,
the bootsector is not backed up like files, and the virus doesn't
infect files , just the boot sector.

All that stuff should work fine, because until now I heard nothing
about other variants of this virus floating around.  On disks which
you can't clean transfering the OS using the SYS A: Command this
operation works also, but the ORIGINAL sector is stored at Head 1 ,
Track 0, Sector 3 .

Hope this solves the nightmares with this virus.

( All errors included without extra-fee )

                                        sincerly yours,

                                        Martin Zejma

+--------------------------------------------------------------------+
|                                                                    |
|  Martin Zejma                           8326442 @ AWIWUW11.BITNET  |
|                                                                    |
| Wirtschaftsuniversitaet Wien --- Univ.of Economics Vienna /Austria |
+--------------------------------------------------------------------+