Removing a DOS Virus
A good antivirus scanner will clean up the bug without harming your system. Just make sure you remember to cold boot with a known, write-protected, clean diskette first. If you have this option, use it first. When an antivirus program finds a virus it will offer to disinfect the file or disk, if possible. If I don’t trust the antivirus program to remove the virus without affecting the structure of the original host, I will make a copy of the host first and run the cleaning process on the copy. For example, many antivirus programs cannot remove a macro virus from a document without removing any other legitimate macros that may be present. In some cases, removing the virus can make a small problem worse.
If you don’t have a good antivirus program handy, here are some other hints:
- 1. Use FDISK /MBR to remove a hard disk virus.
FDISK.EXEis a utility that helps logically partition hard drives. If you have a virus that infects only the partition table, you can use FDISK to delete and recreate all DOS partitions. This effectively rewrites the partition table and overwrites the first few tracks of the hard drive. Unfortunately, this effectively destroys all data on the hard disk, too. Most hard drive boot viruses infect the MBR or boot sector. Rewriting the partition table does not recreate the MBR. Any virus hiding out in the MBR would still be able to infect the newly formatted disk. This is why somebody who formatted his hard drive will rightly claim the virus ...
Get Malicious Mobile Code now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
