Path: utzoo!attcan!utgpu!jarvis.csri.toronto.edu!mailrus!wuarchive!gem.mps.ohio-state.edu!usc!polyslo!vlsi3b15!vax1.cc.lehigh.edu!sei.cmu.edu!krvw From: MATHRICH@UMCVMB.BITNET (Rich Winkel UMC Math Department) Newsgroups: comp.virus Subject: re: datacrime & fdisk (PC) Message-ID: <0005.8909251230.AA29228@ge.sei.cmu.edu> Date: 21 Sep 89 18:18:42 GMT Sender: Virus Discussion ListLines: 18 Approved: krvw@sei.cmu.edu >From: IA96000 >if you use fdisk to create a dummy partition of lets says 2 >cylinders and then create a second normal active dos partition >will this prevent the virus from destroying track zero? It depends on how it accesses the disk. If it uses bios calls (INT 13H), it will still attack physical cyl 0 on the disk. If it uses the dos absolute disk write call (INT 26H) it will wipe out whatever the starting track of the dos partition is. Even if it uses the bios call though, and you've partitioned the disk so it doesn't touch dos's FAT and directory, it will still wipe out the master boot sector where the partition table is stored. That wouldn't be so bad if you could make FDISK simply put a new master boot sector on the disk, but unfortunately FDISK insists on doing some general housecleaning which may finish the job that datacrime started. I'm not sure of the extent of the housecleaning, so I can't say for sure. Rich