Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!swrinde!zaphod.mps.ohio-state.edu!usc!apple!rutgers!netnews.upenn.edu!vax1.cc.lehigh.edu!cert.sei.cmu.edu!krvw
From: Otto.Makela@jyu.fi (Otto J. Makela)
Newsgroups: comp.virus
Subject: Re: New Virus? (The Invader?) (PC)
Message-ID: <0007.9012171526.AA00375@ubu.cert.sei.cmu.edu>
Date: 14 Dec 90 16:32:36 GMT
Sender: Virus Discussion List <VIRUS-L@LEHIIBM1>
Lines: 27
Approved: krvw@sei.cmu.edu

davidsen@crdos1.crd.ge.COM (Wm E Davidsen Jr) writes:
   PSYMCCAB@VM.UoGuelph.CA (Bob McCabe) writes:
   |   According to one distributor that got hit, the only way to remove the
   | virus is to disconect the AT board from the battery backup and to wipe the
   | BIOS on the hard disk controler. This may be a little extreme, but I have
   | yet to see an infected machine.

     This is unlikely. Any decent BIOS will have a way to get into the CMOS
   config at cold boot time. The parameters can then be set well enough to
   boot from your recovery floppy and restore the CMOS you saved when you
   made the disk, right before you write protected it.

Some Suntac chip sets CAN be set by CMOS to such a state that the CPU
will hang even before it can start up the BIOS.  It has to do with
setting the memory wait states and refreshes.  If you manage to set it
up incorrectly, you WILL have to disconnect the battery and wait for
the CMOS to go dead.

However, there seems to be some confusion about "viruses in CMOS".
Facts are, on a PC/AT the CMOS is not in the processor address space
- -> no programs can reside in it.  Thus, all a virus can do is scramble
the CMOS contents.
- --
   /* * * Otto J. Makela <otto@jyu.fi> * * * * * * * * * * * * * * * * * * */
  /* Phone: +358 41 613 847, BBS: +358 41 211 562 (CCITT, Bell 24/12/300) */
 /* Mail: Kauppakatu 1 B 18, SF-40100 Jyvaskyla, Finland, EUROPE         */
/* * * Computers Rule 01001111 01001011 * * * * * * * * * * * * * * * * */