14) Reasons NOT to use FDISK /MBR (Computer virus)
Description
This article is from the Computer viruses FAQ, by David Harley D.Harley@icrf.icnet.uk, George Wenzel gwenzel@telusplanet.net and Bruce Burrell bpb@umich.edu with numerous contributions by others.
14) Reasons NOT to use FDISK /MBR (Computer virus)
See Section 12 in part 2 of this FAQ for further information about FDISK
with the undocumented /MBR switch. However, people with virus problems
are frequently advised, out of ignorance or maliciousness, to use this
switch in circumstances where it can lead to an inability to access your
disk drive and possible loss of data (not to mention hair and sanity).
Essentially, you should avoid using FDISK /MBR unless you have it on good
authority that it's safe and necessary to do so. In most circumstances, it's
safer to clean a partition sector with a good anti-virus program.
You should avoid FDISK /MBR at all costs under the following circumstances:
1. Under an infection of viruses that don't preserve the Partition Table
e.g., Monkey, reported at 7.2% of the infections reported to _Virus
Bulletin_ for December '95, the last report for which I have data
2. Under an infection that encrypts data on the hard drive and keeps
the key in the MBR, e.g, One_half -- reported at 0.8% worldwide
3. When security software, e.g., PC-DACS is in use
4. When a driver like Disk Manager or EZDrive is installed
5. When a controller that stores data in (0,0,1) is in use
6. When more than one BSI virus is active, in some conditions
7. When a data diddler is active, e.g. Ripper, accountable for 3.8% of
the infections reported in the study cited above (N.B.: while this
case won't be fixed by AV utilities, at least one will know why
there are problems with the drive)
Continue to:
My Books
