Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!unix.cis.pitt.edu!dsinc!netnews.upenn.edu!vax1.cc.lehigh.edu!cert.sei.cmu.edu!krvw
From: frisk@rhi.hi.is (Fridrik Skulason)
Newsgroups: comp.virus
Subject: Problems removing Azusa (PC)
Message-ID: <0012.9106171414.AA16331@ubu.cert.sei.cmu.edu>
Date: 15 Jun 91 09:05:24 GMT
Sender: Virus Discussion List <VIRUS-L@LEHIIBM1>
Lines: 23
Approved: krvw@sei.cmu.edu

padgett%tccslr.dnet@mmc.com (A. Padgett Peterson) writes:
>From:    dwe29248@uxa.cso.uiuc.edu (Derek William Ebdon)
>One thing that Mr. Doss forgot to mention is that although Central
>Point Anti-Virus v1.0 can easily romove the Asuza virus from a floppy,
>it cannot remove the virus from a hard drive.  The only way to
>disinfect a hard drive is to redo the low level format because the
>virus infects the boot sector and the dos partition.  A high level
>format will not remove the virus, nor will simply removing the dos
>partition with the fdisk program.

Well, this is of course not correct - a format is never necessary to
get rid of a virus - boot sector or otherwise.  However, Azusa is
rather problematic, as it does not store the original PBR anywhere -
it simply replaces it.  (It is easy to remove Azusa from diskettes)

Suggested solutions:  1) Use NU to zero out the PBR, then use
			 NDD to rebuild it.

		      2) Use a disinfection program which can replace
			 the PBR with a "standard" PBR - such programs
			 exist.

- -frisk