Path: utzoo!news-server.csri.toronto.edu!cs.utexas.edu!swrinde!zaphod.mps.ohio-state.edu!unix.cis.pitt.edu!dsinc!netnews.upenn.edu!vax1.cc.lehigh.edu!cert.sei.cmu.edu!krvw
From: frisk@rhi.hi.is (Fridrik Skulason)
Newsgroups: comp.virus
Subject: Re: Stoned Again (PC)
Message-ID: <0011.9103131701.AA15339@ubu.cert.sei.cmu.edu>
Date: 13 Mar 91 08:57:12 GMT
Sender: Virus Discussion List <VIRUS-L@LEHIIBM1>
Lines: 27
Approved: krvw@sei.cmu.edu

KAMRAN@Vax2.Concordia.CA (Kamran Farahi) writes:

>My question is , how is it
>possible that the F-DRIVER did not protect the hard disk?. Although ,
>the warning message was given by the DRIVER on both occasions.

No drivers, TSR programs etc, can prevent you from being infected by a
boot sector virus, like the 'Stoned' for a simple reason - the virus
is executed and gets a chance to infect the hard disk before it can be
intercepted by any other program.  You need some special hardware to
prevent this.  The best any normal program can do is detecting the
infection, displaying a warning message and halting the computer, just
like F-DRIVER did.

>We lost everything because of the low-level format, do we have to go
>through this each time we get infected or is there a way to recover
>the data?

You never need to low-level format a disk infected by 'Stoned', to get
rid of the virus.  If the virus manages to infect the hard disk
successfully, you should be able to remove it by booting from a
'clean' system disk and running a disinfector program.

If that fails, use NU (or a similar program) to zero out the partition
table, and then use NDD to generate a new one.

- -frisk