|
Virus- L Newsletter V.6 No.30 From Internet
NOTICE: TO ALL CONCERNED Certain text files and messages contained on this site deal with activities and devices which would be in violation of various Federal, State, and local laws if actually carried out or constructed. The webmasters of this site do not advocate the breaking of any law. Our text files and message bases are for informational purposes only. We recommend that you contact your local law enforcement officials before undertaking any project based upon any information obtained from this or any other web site. We do not guarantee that any of the information contained on this system is correct, workable, or factual. We are not responsible for, nor do we assume any liability for, damages resulting from the use of any information on this site.
================================================================================
VIRUS-L Digest Friday, 19 Feb 1993 Volume 6 : Issue 30
Today's Topics:
Re: What is a virus ?
What kind of people make viruses?
Virus detection by code inspection
Re: Virus education
YOUR opinions on virus legality needed!
Re: TIME Magazine on "Cyperpunk": How Not to Define a "Worm"
Uruguay on PS/2 Ref disk (PC)
1757 virus (PC)
Re: Scanning memory (PC)
Michelangelo or STONED? (PC)
Possible new Virus found. HELP! (PC)
Re: New way of opening files??? (PC)
Minimal virus scan? (PC)
Re: windows virus (PC) - is WALDO one?
Re: New Virus (PC)
Re: Suggestion to the developers of resident scanners (PC)
Re: MtE Infected... (PC)
CLU-011.ZIP (PC)
SCAN 101 (PC)
FDISK buggy? (PC)
VIRUS-L is a moderated, digested mail forum for discussing computer
virus issues; comp.virus is a non-digested Usenet counterpart.
Discussions are not limited to any one hardware/software platform -
diversity is welcomed. Contributions should be relevant, concise,
polite, etc. (The complete set of posting guidelines is available by
FTP on cert.org or upon request.) Please sign submissions with your
real name. Send contributions to [email protected]. Information on
accessing anti-virus, documentation, and back-issue archives is
distributed periodically on the list. A FAQ (Frequently Asked
Questions) document and all of the back-issues are available by
anonymous FTP on cert.org (192.88.209.5). Administrative mail
(comments, suggestions, and so forth) should be sent to me at:
<[email protected]>.
Ken van Wyk, [email protected]
----------------------------------------------------------------------
Date: 11 Feb 93 19:59:10 +0000
From: ulogic!hartman (Richard M. Hartman)
Subject: Re: What is a virus ?
[email protected] (Vesselin Bontchev) writes:
>So, let's try again:
>
>"A computer virus is a sequence of symbols which, when interpreted
>under certain conditions in certain environments, will make a possibly
>evolved copy of itself. This is called `replication' and the copy
>retains at least the capability to recursively replicate further."
This still does not include the charactistic that is, to me, the
distinguishing characteristic between virii and worms. That is
that virii host themselves within other programs (a hard disk boot
sector program IS a program, even though it is not a "program file"),
altering their behavior, while worms merely propogate themselves
from system to system taking advantage of whatever mechanism the
system provides.
By "merely propogate themselves" I am ignoring any potential
side effects of the worm or virus, ranging from vandalism (trashing
files and hard disk sector indexes) to "useful worms" such as
a (hypothetical) network file or e-mail address finder... The
"intelligent assistant" that (Apple? Microsoft?) proposed a while
ago...
-Richard Hartman
[email protected]
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
"Nobody has ever had a sexual fantasy about being tied
to a bed and ravished by somebody dressed as a liberal." -P.J. O'Rourke
------------------------------
Date: Wed, 17 Feb 93 14:39:12 -0500
From: (Cameron D. Bunch) <[email protected]>
Subject: What kind of people make viruses?
I am trying to find information on whatever might be known about the
personality profile of the 'typical' virus author. Although there may
not be much available in this area I would appreciate any references
to either studies (if such exist) or case histories which would shed
some light on what kind of person creates and releases viruses, what
kinds of motivations are involved. Cases known to readers of this list
but not necessarily recorded else where would be of interest also.
Material available via ftp would be of greatest interest as I do not
have access to a university library. Direct e-mail responses would
probably be most appropriate. I would be glad to summarize if there is
interest.
- ----------------------------------------------------------------------
Cameron D. Bunch
Head, Management Information Systems Dept.
U.S. Naval Hospital, Rota Spain
Internet: [email protected]
cbunch@rota-measure.navy.mil
DSN: 727-3672
COMM: +34-56-823672
------------------------------
Date: Wed, 17 Feb 93 14:39:41 -0500
From: Jim O'Shea <[email protected]
k>
Subject: Virus detection by code inspection
A question for the virus experts.
Could you recognise that a file had been infected by a virus purely by
inspecting a disassembled listing? I do mean any virus, including one
you might not have met before. I accept it might not be possible to be
specific but answers like "Yes, given unlimited time." or " Seventy
percent probability of a correct answer after spending 6 hours on
inspection" will be useful. I am interested in applying AI to virus
detection and I would like to know how effective "Natural"
intelligence is first.
Jim O'Shea ( the Manchester Metropolitan University)
------------------------------
Date: 18 Feb 93 09:53:24 +0000
From: [email protected]
Subject: Re: Virus education
[email protected].COM (Chip Seymour) writes:
> I couldn't agree with Mr. Peters more, but I find that I am the one in
> need of the education.
For PC's, the basic information you need is contained in Ralf Brown's
interrupt list (plus various other lists of "inside" DOS information,
like memory maps and BIOS listings). The most I can say, without
giving ideas to virus writers, would be...
(1) viruses have to modify something that may eventually be executed
on another computer, such as a diskette's boot sector, a program's
code, a program "fork" or whatever. You can detect a virus when it
does this, via hardware or software (hardware is best), but they are
sometimes changed for valid reasons, and false-alarms become annoying.
(2) viruses like to (but don't really need to) intercept the system's
code once they are running so they can change programs or boot sectors
or whatever that they come in contact with. If they don't do that,
they'd just modify the disks or files they see when they start up -
usually making them more obvious to spot (by the longer time the
computer takes then) and spread slower. Virus detectors can look for
viruses staying in memory, because available memory is reduced,
interrupts are changed, or important bytes in system code get changed
that should never be modified.
(3) Viruses also like to stay in memory to modify the way the system
reports things that might give a clue to its presence, e.g.
intercepting PC interrupt 13h to read the boot sector, and returning
the original sector instead of the infected one. On the face of it,
this seems to make viruses harder to detect, but a good virus detector
can notice it is happening and by-pass it to see the real infection,
or simply report software is doing something that only viruses tend to
do. Personally, I like viruses doing this, since many "good guy"
programs do things similar to (2) - the more unlike disk caches, etc a
virus acts the better for detection in the long run.
(4) There is basically a race between viruses and anti-virus software;
whoever gets control of the system first has enormous power over
stopping what comes after it - although it could waste a lot of
computer power doing so. Viruses have the disadvantage that changes
can be detected if you *know* what the various vectors & system
routines should look like, either by running on a clean system and
thereafter looking for differences, or by knowing where standard
BIOSes (or whatever for non-PC's) store their important routines. The
latter is becoming less relevant, with strange disk controllers and
the ability of 386's to put RAM anywhere and make it look like ROM.
But then it is very difficult for viruses to use the 386 to do this as
it will probably conflict with the EMM386 running, and make the virus
very obvious too early.
But you don't need to know a lot about how the various viruses work -
the best system of all is hardware that rings alarm bells when
something out of the ordinary happens - writing to an area that should
be sacra sant, or a boot sector containing suspicious code. If you
know how your system normally behaves, and spot differences, you can
detect new viruses, and be able to trace whatever disk or program
caused the alarm to its source immediately, rather than a week later
when a scan of the disk is made and the source long forgotten.
Hope this helps,
Mark Aitchison, University of Canterbury, New Zealand.
------------------------------
Date: Thu, 18 Feb 93 13:56:08 -0500
From: Doug <[email protected]>
Subject: YOUR opinions on virus legality needed!
Greetings....
Some of you may read the infamous 40-Hex Virus magazine, published
by us. If so, we'd like your opinions for a survery we're doing.
The results of this survey will be published in 40-hex #10.
Here are the survey questions. Please answer them, and respond via
email to me. You may respond with simple Yes or No answers, or you
may be as wordy as you want. Please note - ANY response given might
be published in 40-hex magazine. Now, the questions:
1) Should it be Federally illegal to write a computer virus?
2) Should it be Federally illegal to distribute computer viruses,
to KNOWING individuals (ie on "virus" boards)? (This does NOT
mean infecting another person with a virus - it means giving
them a copy of a virus, and making sure they KNOW it is a virus)
3) If executable virus code is illegal, then should the SOURCE code
to the viruses be illegal to copy, sell, or other wise distribute?
Please mail me with YOUR opinions to the above, and feel free to
explain your views, or present other opinions you may have. We are
attempting to get a general idea as to the thoughts of people,
therefore we are posting this to COMP.VIRUS, and ALT.SECURITY, and
any other appropriate newsgroups.
Please note - we are NOT interested in the legallity of SPREADING
virus code by infection - that IS already illegal. We are also not
interested in the ethic issues of viruses. We want your opinions as
to what should be OUTLAWED, and what should be LEGAL. Of course, any
other opinions you may wish to add are welcome.
Thanks for your time and consideration..
[email protected]
------------------------------
Date: Thu, 18 Feb 93 22:41:46 +0000
From: [email protected] (Philip Elmer-DeWitt)
Subject: Re: TIME Magazine on "Cyperpunk": How Not to Define a "Worm"
[email protected].com (Matthew Curtin) writes:
>[email protected] (Joseph D. McMahon) writes:
>> In last week's TIME magazine (with the "Cyberpunk" lead article), RTM's
>> worm is is described as "not a virus, but a worm, since the damage was
>> unintentional".
>>
>> This is the most singular lack of grasp of the subject I have seen in
>> a long time.
>There were quite a few people posting on alt.folklore.computers about how
>many silly errors like that there were. I'd be interested in seeing people
>post their gripes about the article, so that I coulds summarize everything
>and write a letter to TIME's editor...
Not to defend the bogus worm definition, but it was taken straight from
Ed Krol's "Whole Internet Catalog."
Please do write your letter to the editor. The mail on this story was pitiful.
------------------------------
Date: Wed, 17 Feb 93 18:36:42 +0000
From: [email protected].edu (Patricia C Inman)
Subject: Uruguay on PS/2 Ref disk (PC)
Fprot 2.06 reports: command.com "Infection: Uruguay" on all PS/2
Model 70/80 Reference Disks Version 1.06. Version 1.03 of the Ref
Disk reports clean. CPAV is current and reports nothing.
I recently went through a scare and collected all disks in the
facility. This is all I have left to cleanup. Is this "normal"?
Thanks,
- -Patty Inman [email protected]
MUCIA 614/291-9646
------------------------------
Date: 17 Feb 93 17:21:11 -0600
From: [email protected] (Albert Crosby)
Subject: 1757 virus (PC)
Today I found a variant of the 1575 'Green Caterpillar Virus' that was not
detected by Scan v100. It was detected by VIRX 2.6, and detected/removed by
F-PROT, fortunately. This variant never displayed the 'Green Caterpillar'
described in F-PROT, but did take up _all_ of the UMB memory on some of the
infected computers.
Just another point in favor of keeping several scanning tools available...
Albert
- --
Albert Crosby | There are actually THREE things certain in this life:
[email protected] |
or AL.CROSBY on GENIE | Death, Taxes, and Parking Tickets.
1 501 575 4452 |
Microcomputer and Network Support-UA College of Agriculture and Home Economics
------------------------------
Date: Wed, 17 Feb 93 18:41:24 -0500
From: [email protected] (Bob Babcock)
Subject: Re: Scanning memory (PC)
>Yup. This is called ghost positive. It can be easily avoided by the
>producer of the scanner with a little bit of intelligent programming.
>I suggest that people REFUSE to use anti-virus software that is so
>stupid.
Isn't it better to be conservative and look everywhere in memory for active
viruses? I'd much rather see a false alarm than have something be missed
because a scanner was wrong about where viruses could lurk. Also, this sort
of false alarm can only arise if you have scanned an infected floppy. If a
user has an infected floppy, and doesn't know enough about viruses to
understand the ghosting problem, they should consider getting expert help.
------------------------------
Date: Thu, 18 Feb 93 00:01:41 +0000
From: [email protected] (LEPRICAN~~~)
Subject: Michelangelo or STONED? (PC)
The AUTOCAD lab at Montana State University has recently contracted
a nasty virus, which we can't exactly identify.
The older anti-virus programs we had would only see it some of the
time. We tried McAfee v100, which would recognise the virus, but
would not remove it from hard drives. It appears to be [Mich] when
it is on a drive, but when it loads itself into memory, McAfee says
it's [STONED].
It seems to be easily removed from floppies, but the virus infects
the partition table of hard drives, where McAfee cannot remove it.
Reformatting it from a write-protected floppy didn't remove it, either.
Does anyone have any suggestions on how to combat this virus?
thanks,
Leprican~~~
------------------------------
Date: 18 Feb 93 00:19:39 +0000
From: [email protected] (Heath Ian Hunnicutt)
Subject: Possible new Virus found. HELP! (PC)
Hello,
I've recently had the misfortune of experiencing what I believe
was a virus infection. Unfortunately, ver100 of McAfee's SCAN cannot
identify the virus involved. I have also tried older versions of Norton
and Central Point Anti-Virus, to no avail.
Here's what happenned: At about 1am on the 15th, Windows crashed
with a Severe Disk Error screen. I rebooted into DOS, and found that
I would get many, many "Sector not Found" errors when I would try to
access anything on my C: drive. (I also have a D: drive.) I tried
to run Norton Disk Doctor, but it crashed. Thinking that my FAT was
messed up on the C: drive, I tried to switch to the D: drive, where
I at least had some minimal disk-doctor type software, along with the
unformat command. (I was think of using unformat to restore my old FATs,
and just taking a loss on work done that day...)
Here comes the virus part:
C:\DOS>D: (I typed this)
Try that again and you'll die. (Was the response, as near as I can recall.)
C:\DOS>DIR D:
Try that again and you'll die.
I powered off the machine.
At this point, my partition table and boot records had been screwed up.
I managed to fix the drive's woes using unformat, and my file system is
now Ok. However, SCAN cannot find a virus at all on my drive C:. (I have
removed drive D:, since it is very important to me, and I want to have this
problem understood before I access that drive again.)
I have even scanned every file that was installed in the last
month or so for the word "die". No joy -- I assume it must be encrypted.
The message was along the lines of the one given above. The only words
that I am sure appear in it are: "[Tt]ry that again and you* die" There
may have been a period after the "die"
So, has anybody heard of a virus that does anything like this?
I cannot believe that this is anything but an infection, since the
"error message" seems so much like what a virus-writer would do.
Thanks for any help.
Heath
- --
- --
>From the Home for Amnesiac Computer Scientists....
[email protected]
------------------------------
Date: 18 Feb 93 11:24:18 +0000
From: [email protected]
Subject: Re: New way of opening files??? (PC)
[email protected] (Amir Netiv) writes:
> >> More then that: A product like the one you described will only work on 38
6,
> >> or higher, in protected mode....
>> > Well, there are several ways to spot writing to the disk port directly.
> > Obviously, software-only methods would be limited in speed...
> Isn't that what I said?...
Well, you don't need a 386 with protected mode, but it is nice of
course. You can emulate or trace instructions, plus a few other sneaky
hardware-dependent methods which I probably shouldn't mention.
> What you suggest is a bit too expensive for a user to get...
That's true. I'm an advocate of relatively simple, cheap methods
being used by virtually all computer users (I talked a lot last year
about what could be built into DOS and BIOS, for example). But I have
to acknowledge that the level of protection you need to make a
standard Mac or PC safe against the kinds of viruses that *could* be
made is well beyond what average users can stand. Not just cost, but
inconvenience in responses needed from users, time taken to scan, and
the need for serious, consistent security considerations. The whole
beauty of the "openness" of the PC to getting at the works is also its
greatest weakness. Although a lot can be done to tighten up the system
(there are really stupid loopholes at the moment that could be fixed
without bumping up the cost more than a few dollars), the whole
popularity and philosophy of the PC (and Mac) makes them prone to
virus writers. I really don't think water-tight security is what
average users should be heading for (organisations, yes!), rather it
is important to discourage virus writers.
> > The big problem with viruses on PC's, at least, at the
> > moment is that there is
> > a large fuzzy area filled with programs (like Norton's
> > DS and sel...
> I wish it were the only problem.
I think everybody realises the problems in relying on old fashioned
fixed string scanners. But going on from there is difficult.
Heuristics for boot sector viruses are reasonably good (I could talk
at length about this - email me if you want to chat about it), but
file infectors are a nuisance. If I said that using the "call next
instruction" sequence was a pretty good detector of suspicious
programs, all the virus writers would go out and change their code to
"call next-plus-one instruction". Similarly, anything that can be
disassembled from present heuristic detectors can be used to the
benefit of virus writers. You could say that the fact that there are
any viruses at all is the problem, but to really analyse what is
stopping a truely good virus detector (not just 2nd
generation/heuristics but 3rd generation), I think it would be the
fact that so many "naughty" things that *should* identify viral
activity have already been done in commercial software!
> Personally I prefer that they will just stop writing viruses, or better yet
> write usual ones that are easy to solve with generic methods like FDISK /MBR
> or SYS or...
> and let the PC users work without fear. Are you among those that will
> sacrifice the user's benefit for an academic interest?
No, I wish they'd stop too, but that won't happen without effort -
like making it so common to spot a new virus as soon as it gets on
your system that the *source* of viruses can be tracked while the
scent is warm. And stop giving them the glory of new virus names.
Even before mutation engines, the rate of "new" viruses was alarming.
The popularity of virus writing D-I-Y kits is a great nuisance, but at
least it has delayed the next stage of virus developments. I believe
there are several more generations of virus detector left in the
evolution process even for traditional "Personal" (insecure)
computers. They would have to abandon looking for known viruses,
unless you are interested in understanding what is there (which I, at
least, am). To do better they have to distinguish between what is
viral activity and what a common PC program might do. If it is hard
enough at the moment for a human to do that, think how hard it is for
AI software. I personally think there is reason to hope boot sector
viruses can be eradicated - it is so obvious what you are supposed to
have in a boot sector, and there's only 512 bytes to play with. But
infected executables are difficult to tackle. I know of some "tricks"
viruses tend to do, which makes the present generation of heuristics
tick quite nicely. But that won't last. As virus writers and virus
detectors play a game of cat and mouse, e.g. going to greater lengths
to bypass DOS to open files to either infect, or to tell if they are
infected, the code gets larger and less like conventional programs.
That helps the average user - an infected file will grab a lot of
extra disk space, and go slow, and it helps the 3rd generation of
virus detector, simply because some virus writer who thinks he's
clever is trying to bypass the 2nd generation of detector. Those that
get around the 1st generation of detector (string scanners) are
difficult for humans to detect as well. That's why I take the radical
stand of hoping virus writers will move onto the next generation
(provided anti-virus writers are ready for them).
Mark Aitchison, Department of Physics & Astronomy, University of Canterbury, NZ
------------------------------
Date: Thu, 18 Feb 93 12:04:43 +0000
From: [email protected].nokia.fi
Subject: Minimal virus scan? (PC)
We have an automatic virus-scan (in autoexec.bat) on all computers
here at work. As it slows down the boot process to much on some
computers i am planning to scan only parts of the files instead of the
whole disk.
My question now is if these assumptions are correct:
- - viruses only infects:
*.EXE and *.COM -files that has been used when a virus is in memory
the boot sector
command.com
- - it is enough to scan only memory, the boot sector and for example the
following files:
command.com smartdrv.exe emm386.exe keyb.com
win.com win386.exe lat.exe redir.exe
Is that correct? If not please tell me why not! I can also think about
varying the scanned directories from day to day.
Also is there really any need to scan DLL, DRV, OVL and SYS-files?
Sten
============================================================================
Sten Westerback (BSc. electronics) Telephone: +358+0 +5115891(work)
X400 : c=fi, a=Elisa, p=Nokia Telecom, S=Westerback, G=Sten, (u=SWS)
Internet : [email protected] Time zone: EET (=GMT+3)
Test the utility at WSMR-SIMTEL20.Army.mil::pd1:<msdos.dirutl>swxd303d.zip
============================================================================
------------------------------
Date: Thu, 18 Feb 93 18:13:57 +0000
From: [email protected].edu (Terry)
Subject: Re: windows virus (PC) - is WALDO one?
[email protected] (Andrew Wang) writes:
>[email protected] (David M. Chess) writes:
>
>We have been experiencing a problem with Windows that also may
>be connected with a virus. Recently a couple machines have been
>producing a "WALDO has caused a General Protection Fault" error,
>and then crashing hard.
..
>seriously. Here's some info: We run Word for Windows, Corel Draw, and Excel
I've seen his. Corel draw is sending the message. It's not a virus. I
think you need to update corel to make this go away. Call them and
ask - also tell them cute messages should be stoped or have an
explanation attached!
------------------------------
Date: 18 Feb 93 18:39:56 +0000
From: [email protected] (Fridrik Skulason)
Subject: Re: New Virus (PC)
[email protected] (Tan Bui) writes:
>Well, from my point of view, the Whale virus is one of the better viruses
>written by the virus authors.
Well, "better" only in the sense "more heavily armored" than other viruses.
It has one flaw, however. It doesn't work (well, most of the time, that is).
- -frisk
- --
Fridrik Skulason Frisk Software International phone: +354-1-694749
Author of F-PROT E-mail: [email protected] fax: +354-1-28801
------------------------------
Date: 18 Feb 93 19:23:23 +0000
From: [email protected] (Fridrik Skulason)
Subject: Re: Suggestion to the developers of resident scanners (PC)
[email protected] (Vesselin Bontchev) writes:
>Ah, yes, I forgot about that. Yes, the file should be scanned when
>executed from a network drive too. BTW, one thing that Frisk really
>*MUST* implement soon is an option to re-activate VirStop after the
>network shell has been loaded...
Will be done in 2.08, or possibly earlier.
- -frisk
- --
Fridrik Skulason Frisk Software International phone: +354-1-694749
Author of F-PROT E-mail: [email protected] fax: +354-1-28801
------------------------------
Date: Fri, 19 Feb 93 01:23:08 +0000
From: [email protected] (martin dewaele)
Subject: Re: MtE Infected... (PC)
>However, what bothers me is that you are talking about a single file
>(if I've understood you correctly). In this case, it is likely to be a
>false positive alarm (for more information about that, please read the
>FAQ). Thus, you are advised to try a couple of other scanners that are
>able to detect MtE-based viruses reliably. Two general-purpose
>scanners (shareware) that can do that are SCAN 100 and F-Prot 2.07. An
>MtE-only detector, called CatchMtE is freeware and is available from
>most anti-virus sites, including ours. If no other scanners reports
>the file as infected, it is almost certainly a false positive. In this
>case you are advised to contact your local Symantec tech support.
Yes you are correct, there are only three files on my system which NAV
states are infected. In the last week I have tried other virus scanners,
such as SCAN99. The result was that the system did not contain the virus,
so I am content that it is just a false positive.
Martin
------------------------------
Date: Thu, 18 Feb 93 21:35:11 -0500
From: [email protected]
Subject: CLU-011.ZIP (PC)
Hi fellows.
just received and made available for FTP processing CLU-011.ZIP. This
file contains a collection of utilities created by Andy Balog for use
on his site. Following is a short description written by Andy:
These programs were written especially for use in batch files and for
use in campus computer labs; I think they can be a useful addition to
other software tools.
These programs are copyrighted freeware.
Please address questions and/or comments directly to Andy at one of the
following addresses:
Internet: | U.S. Mail:
abalog@babbage.ecs.csus.edu | Andy Balog
| P.O. Box 277341
| Sacrament, CA 95827-7341
Thanks for the programs, Andy!
- ----------
Site: urvax.urich.edu, [141.166.36.6] (VAX/VMS using Multinet)
Directory: [anonymous.msdos.antivirus]
FTP to urvax.urich.edu with username anonymous and your email address
as password. You are in the [anonymous] directory when you connect.
cd msdos.antivirus, and remember to use binary mode for the zip files.
- ----------
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Claude Bersano-Hayes HAYES @ URVAX (Vanilla BITNET)
University of Richmond [email protected] (Bitnet or Internet)
Richmond, VA 23173
------------------------------
Date: Thu, 18 Feb 93 20:30:43 -0600
From: [email protected]
Subject: SCAN 101 (PC)
Anyone notice how slow SCAN 101 has become?? I like and use Scan but it
has become extreamly slow. I know people that at onetime put it in their
AUTOEXEC.BAT file with /FAST /CF /CERTIFY parrameters. Now SCAN is so
slow they have to break out unless they turn on the computer and go out
for coffee. This is under the fast mode. Remember SCAN without /FAST
is more reliable and /A is evem more reliable (/A looks at all files and
more of the EXE and COM file's). Thes parrameters make SCAN even SLOWER
Alan
------------------------------
Date: Fri, 19 Feb 93 10:45:13 +0000
From: [email protected] (Charles Howes)
Subject: FDISK buggy? (PC)
Hi. I recently had a hard disk failure. A single 135Meg partition.
(I'd really like to find a program that would tell me what was corrupted..
NDD wouldn't read it, nor NU, FORMAT, SYS, etc. But I digress.)
So, after recovering the data, I used fdisk to try to create several
smaller partitions.
Problem was, the #@#$ program refused to let me create a second partition!
I either had to create a 135 meg partition, or leave part of my disk
unused!
Is this a bug in fdisk, or what?
(Hardware notes: 135meg IDE drive, 80286 machine, no viruses, DOS 5.0)
(Actually, scan99 refused to admit the existence of the drive, so that was
kinda moot.)
- -------ON ANOTHER TANGENT------
Has anyone written a program that will allow you to create a new
partition table sector from scratch, and if the numbers you give
correspond to the previous partition table's numbers, *poof*, you have
a working hard disk again? (Fdisk /mbr didn't work in this case.) And
then do the same thing for the boot sector if called for?
I actually found NDD 6.0 to be impotent with regards to this. NDD 4.5,
too. NDD detects a problem, asks if you want it fixed, then fails to
fix it.
------------------------------
End of VIRUS-L Digest [Volume 6 Issue 30]
*****************************************
|
|
