Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!wuarchive!zaphod.mps.ohio-state.edu!unix.cis.pitt.edu!dsinc!netnews.upenn.edu!vax1.cc.lehigh.edu!cert.sei.cmu.edu!krvw From: mcafee@netcom.com (McAfee Associates) Newsgroups: comp.virus Subject: VSHIELD and Warm Boots (was Re: Checksumming) (PC) Message-ID: <0010.9106202012.AA20764@ubu.cert.sei.cmu.edu> Date: 20 Jun 91 19:23:00 GMT Sender: Virus Discussion List Lines: 34 Approved: krvw@sei.cmu.edu padgett%tccslr.dnet@mmc.com (A. Padgett Peterson) writes: (a lot of stuff deleted here...) >I believe that VSHIELD protects from hot-boots now - do not believe >that prevention from cold boots can be done without hardware or >special BIOS. My next project now that DISKSECURE is essentially >complete will be a small addition to warn the user on boot if a floppy >is in the drive - should not be difficult or require much code (trap >cntrl-alt-del, check for floppy, write warning message, loop for >response), several viruses make use of this technique already so it >cannot be too difficult (famous last words). VSHIELD traps warm (hot) boots (aka Ctrl-Alt-Dels, Three Finger Salutes) to check the floppy drive and then the hard disk for boot sector and partition table infecting viruses. If a virus is found, VSHIELD displays it's "found virus X in area Y" message and prompts the user to power down and boot off a clean system disk. If no virus is found, then VSHIELD reboots the system as normal. Some XT systems apparently have problems with this, causing a reboot to take a long time (5 minutes or more). If so, the option can be turned off by using the /NB (No Boot) checking. Regards, Aryeh Goretsky McAfee Associates Technical Support - -- McAfee Associates | Voice (408) 988-3832 | mcafee@netcom.com 4423 Cheeney Street | FAX (408) 970-9727 | (Aryeh Goretsky) Santa Clara, California | BBS (408) 988-4004 | 95054-0253 USA | v.32 (408) 988-5190 | mrs@netcom.com ViruScan/CleanUp/VShield | HST (408) 988-5138 | (Morgan Schweers)