• (disco)

    This was the mid-90s; I couldn't just go online and lookup this virus.

    While Google wasn't yet a thing, the Web was. Depending on your definition of "mid"-90s, Yahoo! may have already (1994 as "Jerry and David's guide to the World Wide Web; 1995 as Yahoo!) been a thing. Usenet had been around for about 15 years, and fairly accessible to the general public since 1993, so even he couldn't find the answer on a silver platter on the Web, he probably could have asked about it and gotten an answer.

    Not that I'm knocking figuring it out on his own from the manual; that was probably a better learning experience, anyway. Perhaps @Remy, personally, wasn't able to go online for some reason, but it wasn't because going online to get an answer was impossible in the mid-90s.

  • (disco) in reply to HardwareGeek
    HardwareGeek:
    @Remy, personally, wasn't able to go online for some reason

    That is more the point of the line, yes.

  • (disco) in reply to Remy
    Remy:
    That is more the point of the line, yes.

    You poor depraveddeprived kid. Get off my lawn! ;P

  • (disco)

    No transcription? :/

  • (disco)

    I thought, perhaps, the computer was going to let the smoke out when he put the screwdriver in or that he was going to use something other than the screwdriver (paperclip?!). I've used that method several times when resetting BIOS, if the screwdriver was handy but the jumper was not.

  • (disco)

    TRWTF: A 30 second story that consumes 7 minutes.

  • (disco) in reply to FroshKiller

    Updated with a transcript, thanks to Ellis Morning.

  • (disco) in reply to Remy

    Not enough typos in the summary. I am disappoint! (She did misspell Duke Nukem's name, though ...)

  • (disco) in reply to aliceif
    aliceif:
    She did misspell Duke Nukem's name

    WHAT?

    /me grabs his pitchfork

    No, wait... Wrong game... Can anyone spare a shrink gun?

  • (disco) in reply to HardwareGeek
    HardwareGeek:
    wasn't able to go online for some reason

    OPPRESSION! (synonymous with "objection!")

  • (disco)

    I'm not sure if I believe this. First, AntiCMOS is a typical boot sector virus, but the payload affects the CMOS. Clearing CMOS just does the virus' job for it. Second, a true CMOS resident virus would live in the code area, not the data area. The "clear CMOS" jumper only clears the data area. If it cleared the code area, it would be a "make my computer a paperweight" jumper.

  • (disco)

    Gently putting things together with a tool was violent?

    Most software companies beyond a certain size have soccer field(s). Don't go near that.

  • (disco) in reply to Jaime

    Yes, from Wiki, seems the virus never success in writing anything to CMOS due to a bug. Booting from clean floppy and run "fdisk /mbr" seems to be enough to fix it.

    Of course, we don't have internet access at the time.

  • (disco)

    That reminds me of my own story, how I "Killed the Virus". I don't remember the details but in the early 90's I figured out that my IBM PC XT (yes I couldn't afford a newer one at the time...) got infected by the "Parity B" boot sector virus. This virus had a neat "stealth" mechanism: it overwrote interrupt 0x13 to intercept reads to sector 0, so that it could present the original bootsektor to the caller.

    I didn't had many tools available but I had dos "debug". So I thought of a way how to somehow restore the original boot sector by figuring out it's location and writing it back to sector 0. Then genius struck me:

    ;Killt den Parity Boot B Virus von der Festplatte C
    a 100
    mov	ax, 0201		;Funktion: 1 Sektor lesen
    mov	cx, 0001		;Spur 0, Sektor 1
    mov	dx, 0080		;Kopf 0, Laufwerk C
    mov	bx, cs			;Zwischenspeicher im Codesegment
    mov	es, bx
    mov	bx, 200
    int	13			;Funktion Sektor lesen ausführen
    jc	126			;Bei Fehler Abbruch
    mov	ax, 0301		;Funktion: 1 Sektor schreiben
    mov	cx, 0001		;Spur 0, Sektor 1
    mov	dx, 0080		;Kopf 0, Laufwerk C
    mov	bx, cs			;Zwischenspeicher im Codesegment
    mov	es, bx
    mov	bx, 200
    int	13			;Funktion Sektor schreiben ausführen
    mov	ax, 4c00		;Programm Beenden
    int	21
     
    r cx
    300
    n KillB.com
    w
    q
    

    Yes, that's right: it reads from sector 0 and then just writes the result back to sector 0. The Parity B virus didn't bother to also intercept write calls, so it basically helped in his own destruction by delivering the original sector. I found that kind of ironic.

    After that I could just execute KillB followed by an immediate reboot and the virus was gone. I even could use my "virus killer" later when I already upgraded to an 486 SX 25 (the Parity B and its brothers were quite widespread in germany at that time...). I probably also could have just used fdisk /mbr, but I didn't know that at that time (and it wouldn't have been half the fun...).

    I still remember how I learned x86 assembler just by trying out different opcodes in "debug". Fun times...

  • (disco) in reply to cheong
    cheong:
    Booting from clean floppy and run "fdisk /mbr" seems to be enough to fix it.

    Which is absolute proof that the virus was in the boot sector, not in CMOS. He didn't "kill the virus" with a screwdriver, he cleaned up after it.

  • (disco)

    If a friend of mine had let me install a game and only afterwards tell me their computer had a virus, I would be pissed.

  • (disco)

    So am I the only one who's read in my motherboard manual that I could use a screwdriver to close my CLR_CMOS pins' circuit (when there wasn't a jumper included), but who's misplaced my only wide entity flathead screwdriver and ended up using my house key?

  • (disco) in reply to Seahen

    Most likely "yes".

    I would use a Mk.II shorting tool though.

  • (disco) in reply to Seahen
    Seahen:
    So am I the only one who's read in my motherboard manual

    Yes.

    I don't need to see the rest of the post.

Leave a comment on “Killing the Virus”

Log In or post as a guest

Replying to comment #:

« Return to Article