Path: utzoo!mnetor!uunet!husc6!mit-eddie!ll-xn!ames!pasteur!agate!aurora!labrea!decwrl!pyramid!prls!philabs!ttidca!woodside From: woodside@ttidca.TTI.COM (George Woodside) Newsgroups: comp.sys.atari.st Subject: Re: Virus-- suggestion! Message-ID: <2164@ttidca.TTI.COM> Date: 24 Mar 88 14:10:02 GMT References: <1288@uop.edu> <254@laura.UUCP> <4132@batcomputer.tn.cornell.edu> Reply-To: woodside@ttidcb.tti.com (George Woodside) Organization: Citicorp/TTI, Santa Monica Lines: 42 Keywords: virus, GEMDOS, atari, GNOME In article <4132@batcomputer.tn.cornell.edu> braner@tcgould.tn.cornell.edu (braner) writes: >[] > >Another suggestion: could somebody make a dump of the boot sectors of >a standard SS floppy, a DS one, standard HD setup, etc? These dumps could >be compared with what's on a disk that is suspected of having been hit >by a virus. One could even write a program that has these dumps embedded, >compares with what's on the disk, reports about differences, and, >upon request, replaces what's on the disk with the standard. > There's really only about 30 bytes of important data in the boot sector of a non-executing floppy. The rest is usually random garbage, and varies wildly. Very few formatters are polite enough to clear out the garbage before using a buffer to prototype the boot sector. No disk should be bootable unless you know exactly what it does. The program I posted a couple days ago, in response to disk formats and DCFORMAT, will tell you if a disk contains a bootable first sector. If it does, and you didn't know it, be very suspicious. I'll make this offer: If anyone locates a virus infected floppy, send me an exact copy (via PROCOPY, ST-COPY, or some equally comprehensive image copier). I'll disect the virus, post an autopsy report here, and provide a program that will detect and kill the virus on any disk you feed it. I think I know enough about how disks work on the ST to back up this offer with confidence. Mail the virus disk, CLEARLY LABELLED "VIRUS DISK", to George R. Woodside 5219 San Feliciano Drive Woodland Hills, Ca. 91364 (USA) -- *George R. Woodside - Citicorp/TTI - Santa Monica, CA *Path: ..!{trwrb|philabs|csun|psivax}!ttidca!woodside