Path: utzoo!attcan!utgpu!jarvis.csri.toronto.edu!mailrus!wuarchive!gem.mps.ohio-state.edu!usc!polyslo!vlsi3b15!vax1.cc.lehigh.edu!sei.cmu.edu!krvw
From: MATHRICH@UMCVMB.BITNET (Rich Winkel UMC Math Department)
Newsgroups: comp.virus
Subject: re: datacrime & fdisk (PC)
Message-ID: <0005.8909251230.AA29228@ge.sei.cmu.edu>
Date: 21 Sep 89 18:18:42 GMT
Sender: Virus Discussion List 
Lines: 18
Approved: krvw@sei.cmu.edu

>From:    IA96000 
>if you use fdisk to create a dummy partition of lets says 2
>cylinders and then create a second normal active dos partition
>will this prevent the virus from destroying track zero?

It depends on how it accesses the disk.  If it uses bios calls (INT
13H), it will still attack physical cyl 0 on the disk.  If it uses the
dos absolute disk write call (INT 26H) it will wipe out whatever the
starting track of the dos partition is.  Even if it uses the bios call
though, and you've partitioned the disk so it doesn't touch dos's FAT
and directory, it will still wipe out the master boot sector where the
partition table is stored.  That wouldn't be so bad if you could make
FDISK simply put a new master boot sector on the disk, but
unfortunately FDISK insists on doing some general housecleaning which
may finish the job that datacrime started.  I'm not sure of the extent
of the housecleaning, so I can't say for sure.

Rich