|
|
Question : Problem: antiCMOS A virus removal
|
|
null
|
Answer : Problem: antiCMOS A virus removal
|
|
You may be experiencing a false report. If the McAffee located the virus, it should have, in my opinion also have deleted the virus, and by using a clean disk to reboot, well I assume you scanned that also. Its often a good idea to use more than one AV program. You can try Norton AV by going to:
http://www.symantec OR F-Prot from DataFellows: http://www.datafellows.com
More info on Lenart if you don't already have it:
AntiCMOS
Aliases: Lenart Known Strains: AntiCMOS.A and AntiCMOS.B Infection Length: 512 bytes
Area of Infection: Floppy Boot Sectors and Master Boot Records Likelihood: Common Region Reported: Hong Kong Keys: Wild, Memory Resident
Technical Notes:
The AntiCMOS virus is a simple Master Boot Record (MBR), DOS Boot Sector (DBS) infecting virus which will only spread to a system when there is an attempt to boot the system from an infected floppy disk.
Note that there is little difference between the .A and .B strains. Other than the triggered event, they are identical.
During the start of the boot process, the AntiCMOS virus first reduces the total amount of conventional memory by 2k (CHKDSK will report 653,312 on infected systems), loads itself into memory, redirects the BIOS Disk I/O Services Interrupt 13h and returns control to the system for further processing of the boot strap.
With the virus now active in memory, all disk reads of exactly one sector using the BIOS Disk I/O services are now filtered out. Upon request of such a service the virus first checks to see if the trigger requirements of the viruses payload have been met.
AntiCMOS.A If the trigger conditions hold true then AntiCMOS.A will make modifications to the systems CMOS data (a bug within the program's the trigger routine will more than likely never be executed). However, if the trigger condition is not met the MBR (when dealing with the hard drives) or the DBS (when dealing with floppy disks) is read into memory, infected, and then written back to the drive.
AntiCMOS.B If the trigger conditions hold true then AntiCMOS.B will generate sounds from the PC speaker (a bug within the program's the trigger routine will more than likely never be executed). However, if the trigger condition is not met the MBR (when dealing with the hard drives) or the DBS (when dealing with floppy disks) is read into memory, infected, and then written back to the drive.
Hope this helps...
|
|
|
|