• HardwareGeek (disco)
    Comment held for moderation.
  • Remy (disco) in reply to HardwareGeek
    Comment held for moderation.
  • HardwareGeek (disco) in reply to Remy
    Remy:
    That is more the point of the line, yes.

    You poor depraveddeprived kid. Get off my lawn! ;P

  • FroshKiller (disco)

    No transcription? :/

  • machtyn (disco)

    I thought, perhaps, the computer was going to let the smoke out when he put the screwdriver in or that he was going to use something other than the screwdriver (paperclip?!). I've used that method several times when resetting BIOS, if the screwdriver was handy but the jumper was not.

  • blonffer (disco)

    TRWTF: A 30 second story that consumes 7 minutes.

  • Remy (disco) in reply to FroshKiller

    Updated with a transcript, thanks to Ellis Morning.

  • aliceif (disco) in reply to Remy

    Not enough typos in the summary. I am disappoint! (She did misspell Duke Nukem's name, though ...)

  • Onyx (disco) in reply to aliceif
    aliceif:
    She did misspell Duke Nukem's name

    WHAT?

    /me grabs his pitchfork

    No, wait... Wrong game... Can anyone spare a shrink gun?

  • xaade (disco) in reply to HardwareGeek
    HardwareGeek:
    wasn't able to go online for some reason

    OPPRESSION! (synonymous with "objection!")

  • Jaime (disco)

    I'm not sure if I believe this. First, AntiCMOS is a typical boot sector virus, but the payload affects the CMOS. Clearing CMOS just does the virus' job for it. Second, a true CMOS resident virus would live in the code area, not the data area. The "clear CMOS" jumper only clears the data area. If it cleared the code area, it would be a "make my computer a paperweight" jumper.

  • feishadow (disco)

    Gently putting things together with a tool was violent?

    Most software companies beyond a certain size have soccer field(s). Don't go near that.

  • cheong (disco) in reply to Jaime
    Comment held for moderation.
  • bitti (disco)

    That reminds me of my own story, how I "Killed the Virus". I don't remember the details but in the early 90's I figured out that my IBM PC XT (yes I couldn't afford a newer one at the time...) got infected by the "Parity B" boot sector virus. This virus had a neat "stealth" mechanism: it overwrote interrupt 0x13 to intercept reads to sector 0, so that it could present the original bootsektor to the caller.

    I didn't had many tools available but I had dos "debug". So I thought of a way how to somehow restore the original boot sector by figuring out it's location and writing it back to sector 0. Then genius struck me:

    ;Killt den Parity Boot B Virus von der Festplatte C
    a 100
    mov	ax, 0201		;Funktion: 1 Sektor lesen
    mov	cx, 0001		;Spur 0, Sektor 1
    mov	dx, 0080		;Kopf 0, Laufwerk C
    mov	bx, cs			;Zwischenspeicher im Codesegment
    mov	es, bx
    mov	bx, 200
    int	13			;Funktion Sektor lesen ausführen
    jc	126			;Bei Fehler Abbruch
    mov	ax, 0301		;Funktion: 1 Sektor schreiben
    mov	cx, 0001		;Spur 0, Sektor 1
    mov	dx, 0080		;Kopf 0, Laufwerk C
    mov	bx, cs			;Zwischenspeicher im Codesegment
    mov	es, bx
    mov	bx, 200
    int	13			;Funktion Sektor schreiben ausführen
    mov	ax, 4c00		;Programm Beenden
    int	21
     
    r cx
    300
    n KillB.com
    w
    q
    

    Yes, that's right: it reads from sector 0 and then just writes the result back to sector 0. The Parity B virus didn't bother to also intercept write calls, so it basically helped in his own destruction by delivering the original sector. I found that kind of ironic.

    After that I could just execute KillB followed by an immediate reboot and the virus was gone. I even could use my "virus killer" later when I already upgraded to an 486 SX 25 (the Parity B and its brothers were quite widespread in germany at that time...). I probably also could have just used fdisk /mbr, but I didn't know that at that time (and it wouldn't have been half the fun...).

    I still remember how I learned x86 assembler just by trying out different opcodes in "debug". Fun times...

  • Jaime (disco) in reply to cheong
    cheong:
    Booting from clean floppy and run "fdisk /mbr" seems to be enough to fix it.

    Which is absolute proof that the virus was in the boot sector, not in CMOS. He didn't "kill the virus" with a screwdriver, he cleaned up after it.

  • Masaaki_Hosoi (disco)

    If a friend of mine had let me install a game and only afterwards tell me their computer had a virus, I would be pissed.

  • Seahen (disco)

    So am I the only one who's read in my motherboard manual that I could use a screwdriver to close my CLR_CMOS pins' circuit (when there wasn't a jumper included), but who's misplaced my only wide entity flathead screwdriver and ended up using my house key?

  • JBert (disco) in reply to Seahen
    Comment held for moderation.
  • blakeyrat (disco) in reply to Seahen
    Seahen:
    So am I the only one who's read in my motherboard manual

    Yes.

    I don't need to see the rest of the post.

Leave a comment on “Killing the Virus”

Log In or post as a guest

Replying to comment #:

« Return to Article