Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!unix.cis.pitt.edu!dsinc!netnews.upenn.edu!vax1.cc.lehigh.edu!cert.sei.cmu.edu!krvw
From: BARNOLD@YKTVMH.BITNET
Newsgroups: comp.virus
Subject: DOS 5 Fdisk (PC)
Message-ID: <0003.9106171414.AA16331@ubu.cert.sei.cmu.edu>
Date: 13 Jun 91 18:26:07 GMT
Sender: Virus Discussion List <VIRUS-L@LEHIIBM1>
Lines: 16
Approved: krvw@sei.cmu.edu

Readers might want to play with an undocumented /MBR switch in DOS 5
FDISK.  It appears to force FDISK to overwrite the code in a PC/PS2
master boot record, without touching the partition table, and in
limited testing on a half dozen machines it succeeded in cleaning up
machines infected with the Stoned, the Stoned 2, and the Joshi
viruses.  This was with the DOS 5 shipped by IBM, not Microsoft's DOS
5; can somebody please test MS-DOS 5?

The Joshi can't be removed this way unless it isn't active in memory.
(e.g. cold boot from a write protected, uninfected bootable DOS 5 disk
with a copy of FDISK on it.)

The command line syntax tested was
   FDISK /MBR

Bill Arnold    barnold@watson.ibm.com