[PLUG] Boot Sector Virii and Linux
Dan Haskell
danh at fork.com
Tue Mar 26 02:33:56 UTC 2002
On Sat, 23 Mar 2002, Richard Seymour wrote:
> Mark Morgan wrote:
>
> > Well, if you had an infected floppy, booted from it, you could infect
> > your bootsector. I'm not sure if this would screw LILO or Grub since
> > most viruses would assume DOS. The safest way to deaL with unknown
> > equipment is to just low level format it.
>
> I'm looking to develop a procedure to determine IF a boot sector virus
> has infected a box. It's not practical to low level format all the
> drives every time we think any computer might have a boot sector virus.
I've had some experience with this. A bootblock virus overwrites the
bootloader (lilo or, presumably, grub) with something that looks like a
normal DOS boot sector. This means that a system that formerly was dual
boot will suddenly start booting directly into Windows. In that case the
best solution would be to boot from floppy and re-install lilo.
In my experience, installing Linux will overwrite the virus. However, if
you have DOS/Windows systems you think might be infected you need to boot
them with a clean, write-protected floppy and run "fdisk /mbr".
Dan
More information about the PLUG
mailing list