Path: utzoo!censor!geac!torsqnt!news-server.csri.toronto.edu!rutgers!netnews.upenn.edu!vax1.cc.lehigh.edu!cert.sei.cmu.edu!krvw
From: frisk@rhi.hi.is (Fridrik Skulason)
Newsgroups: comp.virus
Subject: Re: EB21 or PrintScreen virus (PC)
Message-ID: <0006.9012061747.AA16948@ubu.cert.sei.cmu.edu>
Date: 6 Dec 90 11:12:32 GMT
Sender: Virus Discussion List <VIRUS-L@LEHIIBM1>
Lines: 19
Approved: krvw@sei.cmu.edu

deepak@shakti.ernet.in writes:
>Can the hard-disk be written without use of BIOS int 13? (We have XT & ATs)

Yes, in numerous ways - many Bulgarian viruses do this, by the use of
an obscure INT 2FH function, which enables them to bypass any program
monitoring INT 13H.

Other viruses do this by a direct JMP into ROM.

In the case of boot sector viruses, any 13H monitoring program is
useless, because the virus gains control of INT 13, before the
monitoring program is executed.

- -frisk

- --
Fridrik Skulason      University of Iceland  |
Technical Editor of the Virus Bulletin (UK)  |  Reserved for future expansion
E-Mail: frisk@rhi.hi.is    Fax: 354-1-28801  |