Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!usc!elroy.jpl.nasa.gov!sdd.hp.com!zaphod.mps.ohio-state.edu!unix.cis.pitt.edu!dsinc!netnews.upenn.edu!vax1.cc.lehigh.edu!cert.sei.cmu.edu!krvw From: decomyn@penguin.uss.tek.com Newsgroups: comp.virus Subject: Re: Norton sd says *NonMovable Blk* (was Curse.exe virus) (PC) Message-ID: <0009.9011081406.AA17159@ubu.cert.sei.cmu.edu> Date: 7 Nov 90 20:41:45 GMT Sender: Virus Discussion List Lines: 39 Approved: krvw@sei.cmu.edu rzi@philpav.tds.philips.se (Roman Zielinski) writes: >Some days ago someone complains that *curse.exe* (i.e. the tool replacing >the mouse-arrow by a tiger-cartoon-figure in win 3.0) creates non-movable >blocks. > >I looked a little in my 386-system and noticed that Nortons *sd* reported >a number of areas marked by X, *NonMovableBlks*! > >2 areas was occupied by the boot staff >1 was msdos.exe (i localized it to \windows directory (its the *old* > win 2.x-like executive) >1 was a lost cluster that could be corrected/removed by chkdsk /f > >The only strange thing is why msdos.exe is nonmovable? >- - if I rename it to msdos1.exe the X-marking disappears! >- - I fetched a new copy from MSDOS distrib diskettes (You have to use > "expand.exe" to uncompress!), and the same occurs - the file is nonmovable > only when it has the funny msdos.exe-name... > >Can someone explain that????? Most likely, Norton's sd is looking for a combination of System attribute bit and one of the names that the DOS programs can have (IBMBIO, IBMDOS, MSDOS and IO) without checking the file extension (as far as I know, all of these have a .SYS extension). Of course, if the MSDOS.EXE file doesn't have the System bit set, then it might be looking for the name on any executable file. An easy test would be to copy some text file to MSDOS.COM and see if Norton's flags it as unmovable. In any case, it's probably just a bug in the program. - ------------------------------------------------------------------------------- Brendt Hess a.k.a. | Disclaimer: Opinions? I don't even work here! Vergil William de Comyn a.k.a. |----------------------------------------------- Payne Hirds | Life is not a zero-sum game: decomyn@penguin.uss.tek.com | don't treat it as such.