Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

antiCMOS A virus removal

Posted on 1997-02-05
1
Medium Priority
?
1,840 Views
Last Modified: 2013-12-27
null
0
Comment
Question by:gmcdc
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 2

Accepted Solution

by:
helper earned 200 total points
ID: 1598516
You may be experiencing a false report.  If the McAffee located
the virus, it should have, in my opinion also have deleted the
virus, and by using a clean disk to reboot, well I assume you
scanned that also.  Its often a good idea to use more than one
AV program.  You can try Norton AV by going to:

  http://www.symantec   
OR F-Prot from DataFellows:  http://www.datafellows.com

  More info on Lenart if you don't already have it:

AntiCMOS

Aliases:            Lenart
Known Strains:      AntiCMOS.A and AntiCMOS.B
Infection Length:   512 bytes

Area of Infection: Floppy Boot Sectors and Master Boot Records
Likelihood:        Common
Region Reported:   Hong Kong
Keys:              Wild, Memory Resident

Technical Notes:

The AntiCMOS virus is a simple Master Boot Record (MBR), DOS Boot
Sector (DBS) infecting virus which will only spread to a system when there is an attempt to boot the system from an infected floppy disk.

Note that there is little difference between the .A and .B strains. Other than the triggered event, they are identical.

During the start of the boot process, the AntiCMOS virus first reduces the total amount of conventional memory by 2k (CHKDSK will report 653,312 on infected systems), loads itself into memory, redirects the BIOS Disk I/O Services Interrupt 13h and returns control to the system for further processing of the boot strap.

With the virus now active in memory, all disk reads of exactly one sector using the BIOS Disk I/O services are now filtered out. Upon request of such a service the virus first checks to see if the trigger requirements of the viruses payload have been met.

AntiCMOS.A
If the trigger conditions hold true then AntiCMOS.A will make
modifications to the systems CMOS data (a bug within the program's the trigger routine will more than likely never be executed). However, if the trigger condition is not met the MBR (when dealing with the hard drives) or the DBS (when dealing with floppy disks) is read into memory, infected, and then written back to the drive.

AntiCMOS.B
If the trigger conditions hold true then AntiCMOS.B will generate
sounds from the PC speaker (a bug within the program's the trigger routine will more than likely never be executed). However, if the trigger condition is not met the MBR (when dealing with the hard drives) or the DBS (when dealing with floppy disks) is read into memory, infected, and then written back to the drive.

 Hope this helps...


0

Featured Post

Take our survey for a chance to win!

As a valued customer of Targus, we’d like to ask you a few questions about us. As thanks, you will be automatically entered for a chance to win a $500 VISA gift card. To enter, just complete the survey by September 15, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Every server (virtual or physical) needs a console: and the console can be provided through hardware directly connected, software for remote connections, local connections, through a KVM, etc. This document explains the different types of consol…
A clone is a duplicate copy. Sheep have been cloned and maybe someday even people will be cloned, but disk cloning (performed by the hard drive cloning software) is a vital tool used to manage and protect data. Let’s look at what hard drive cloning …
Add bar graphs to Access queries using Unicode block characters. Graphs appear on every record in the color you want. Give life to numbers. Hopes this gives you ideas on visualizing your data in new ways ~ Create a calculated field in a query: …
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question