Path: utzoo!censor!geac!torsqnt!lethe!yunexus!ists!helios.physics.utoronto.ca!news-server.csri.toronto.edu!cs.utexas.edu!usc!elroy.jpl.nasa.gov!swrinde!zaphod.mps.ohio-state.edu!unix.cis.pitt.edu!dsinc!netnews.upenn.edu!vax1.cc.lehigh.edu!cert.sei.cmu.edu!krvw
From: padgett%tccslr.dnet@uvs1.orl.mmc.com (A. Padgett Peterson)
Newsgroups: comp.virus
Subject: MusicBug (PC)
Message-ID: <0006.9102271603.AA00262@ubu.cert.sei.cmu.edu>
Date: 23 Feb 91 00:13:55 GMT
Sender: Virus Discussion List <VIRUS-L@LEHIIBM1>
Lines: 22
Approved: krvw@sei.cmu.edu


	Have just had a chance to look at the February VSUM and though
Patti and I discussed this, evidently the fix did not get into this
month's list.

	In short, you do not have to do a low level format of a hard
disk to remove the MBug (though it will certainly work). Earlier I
posted the "better" way to remove it, but if you are familiar with the
disk and do not mind boot sector patching, restoration using "SYS" is
possible.

	Simply put, the MBug wipes the "reserved" sector value in the
boot record. Since a DOS SYS command preserves this value, on boot,
the system looks in the wrong place for the FAT. This makes finding
the system files difficult. If the disk is a standard MFM or RLL
drive, this value is hex 11 (17). Big drives are liable to use 3F
(63). If in doubt, the maximum sector value (bits 0-5 of CL return
from Int 13 fn 08) is a good start.

	No guarentees & caveat todo but might retrieve the disk.

						Padgett