Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!nntp.coast.net!howland.erols.net!news.mathworks.com!uunet!in2.uu.net!193.10.88.100!news00.sunet.se!sunic!mn6.swip.net!plug.news.pipex.net!pipex!cold.news.pipex.net!pipex!usenet From: sfw@dial.pipex.com (Shirley Worrall) Newsgroups: comp.os.ms-windows.win95.misc,comp.unix.bsd.freebsd.misc,comp.os.linux.misc Subject: Re: Windoze 95 Corrupts my Partition ID's Date: Sat, 04 Jan 1997 23:06:09 GMT Organization: UUNet PIPEX server (post doesn't reflect views of UUNet PIPEX) Lines: 27 Message-ID: <32d5e23b.6506899@news.dial.pipex.com> References: <5a02an$pm@herald.concentric.net> <32cb2d1d.8757144@198.147.221.35> NNTP-Posting-Host: ak182.du.pipex.com Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Newsreader: Forte Agent .99g/32.339 Xref: euryale.cc.adfa.oz.au comp.os.ms-windows.win95.misc:220910 comp.unix.bsd.freebsd.misc:33626 comp.os.linux.misc:150706 On Thu, 02 Jan 1997 04:47:28 GMT, efflandt@xnet.com (David Efflandt) wrote: [snip] >If anything loads loads before io.sys (like mbrint13.sys) it sounds >like you might have a Stoned.Empire.Monk virus on the other drive. It >moves and encrypts (xor's) the partition table. It infects all drives >and floppies that are used with that drive (even non-boot floppies). > >Another way to tell is to boot with a good 'copy protected' DOS or >WIN95 boot floppy from a computer that is known to be good. If you >cannot see the C: drive, you've got the virus. Only infected boot >floppies will work when the HD is infected. > The most reliable way to know is to run a reliable Anti-Virus programme. If you don't have one, download one from one of the suggested sites on my web site or look at alt.comp.virus. [snip] -- Shirl ----------------------------------------- Mail: sfw@dial.pipex.com WWW: http://dialspace.dial.pipex.com/sfw/ -----------------------------------------