"saskee" <cattj@sasktel.net> wrote:
There is a simple *visual* inspection that confirms that One_Half cannot be on
your hard drive. Download RESQ from http://invircible.com/resq.php and extract
the files to a directory on your hard drive.
Boot to Windows 98 or Me, then from a DOS box, run RESQDISK. Press the 'end'
key to watch the last sector (63) of track 0. Step back with the left arrow
key. If the virus was on your drive, then you should see gibberish in the last
sectors of the track. This is the virus code itself. In one of the sectors,
you should be able to read "Dis is One-Half" [sic]. If these sectors are blank,
then the virus was never present on that drive.
BTW, One_Half isn't a boot infector, it's a multipartite and FDISK /MBR was a
stupid thing to do if you really had it. This virus encrypts data of one track
every time you boot, and keeps the decryption key as well as the index from
which cylinder to which one it already encrypted ... in the MBR!
Most chances are that it's a false alarm.
Regards, Zvi
--
NetZ Computing Ltd. ISRAEL http://invircible.com support@resq.co.il
InVircible Virus Defense Solutions, ResQ and Data Recovery Utilities
E-mail sent in reply to this post will not be considered private and
will be answered in the newsgroup. Top posting is not appreciated!
