GabrielKnight123 wrote on 2023-03-05, 12:27:

Does formatting in Win 10 using a USB floppy drive overwrite the MBR?

F-PROT used to detect NYB as B1, but the virus was renamed in February 1996 (F-PROT 2.22) is F-PROT still the best dos virus cleaner?

yes
yes

So that socket 7 system is probably infected.

You need to make sure to scan every single floppy disk you have used in that system and figure out what media the virus came from.

I just finished doing that cyclone3d all the floppies I own have been Kaspersky scanned but now I'm going to boot with a clean 98se boot disk and use F-PROT from a CD to check the hard drive and all my floppies again in case Kaspersky missed something at least I now know my floppy drives were running good

Cool! Did you know that collecting these little critters is a vintage hobby of some people?
It's a hobby inside a hobby.😄

Jo22 wrote on 2023-03-05, 18:45:

Cool! Did you know that collecting these little critters is a vintage hobby of some people?
It's a hobby inside a hobby.😄

yeh but why? I can only think its part of some master plan to take over the world bond villain style 😉

chinny22 wrote on 2023-03-06, 09:30:

Jo22 wrote on 2023-03-05, 18:45:

Cool! Did you know that collecting these little critters is a vintage hobby of some people?
It's a hobby inside a hobby.😄

yeh but why? I can only think its part of some master plan to take over the world bond villain style 😉

You can learn a surprising amount from these little beasts, virus creators used some exceptionally creative ways to infect machines. Its fun to dig into the inner workings of virus creation and also just as funny to load a machine up with as many as itll hold then try cleaning it before it falls over.

Egon: I collect spores, molds and fungus, he forgot to mention malware, keyloggers and viruses too

I finished F-Proting my hard drives and floppy disks and I have a question about F-Prot, after it found the same virus as Kaspersky "NYB" I luckily scanned it again and it found another virus in the same place as NYB "AntiCMOS.A" at the boot sector level (even though I read floppies don't have a MBR but a sector zero) is there a reason or two why F-Prot cant detect and clean all virus's at the same time?

Use my mini antivirus to clean NYB and ANTICMOS on your disks, you dont even need to boot from clean floppy disk just run VCHECK.EXE it can disable those viruses even if they are active

Disks don't have MBR, just the boot sector (sector 0 of track 0). Any proper format from a non-infected OS should eliminate the virus. For an HDD, yes you also need to clean the MBR. Either FDISK -MBR from a clean OS, followed by regular fdisk and format. Or just use a good anti-virus to avoid all that hassle 🙂

GabrielKnight123 wrote on 2023-03-07, 06:00:

at the boot sector level (even though I read floppies don't have a MBR but a sector zero) is there a reason or two why F-Prot cant detect and clean all virus's at the same time?

MBR and "boot sector" are two different concepts. MBR is the first sector of your hard drive. Floppies don't have an MBR. The job of the MBR is to look for the active partition, and boot that partition. "Boot sector" is the first sector of any partition (or a floppy disk, which is treated like a single partition). For floppy disks, the boot sector is directly loaded and executed by the BIOS. For hard disks, the boot sector is loaded and executed by the MBR (at least if you use a standard MBR).

Many "boot sector" viruses were programmed in a way that they can infect both boot sectors of floppy drives and MBRs of hard drives. Some AV vendors called this type of virus "multipartite".

A boot sector virus usually works by writing a backup copy of the original boot sector to some hopefully safe place, and then putting the virus code into the boot sector. The virus will install itself into the computer at boot time, and then load the backup boot sector and continue booting. To clean a boot sector virus, there are two ways: Either you can write a known-good boot sector to the medium (which is a safe choice for non-bootable media), or you can locate the backup boot sector and copy that one back to the original boot sector (which is a general method to restore any kind of boot sector. You need different boot sectors for MS-DOS and DR-DOS for example). It's possibly the F-PROT detected NYB, and recovered the boot sector backup performed by NYB, but failed to check if that floppy had multiple infections, so the backup by NYB contained AntiCMOS.A. It's not unlikely that both viruses use the same location for the boot sector backup, so trying to boot that double-infected floppy might have ended in an endless loop with NYB loading AntiCMOS.A, and AntiCMOS.A repeatedly loading AntiCMOS.A again.

mkarcher wrote on 2023-03-27, 09:35:

MBR and "boot sector" are two different concepts. MBR is the first sector of your hard drive. Floppies don't have an MBR. The jo […]
Show full quote

GabrielKnight123 wrote on 2023-03-07, 06:00:

at the boot sector level (even though I read floppies don't have a MBR but a sector zero) is there a reason or two why F-Prot cant detect and clean all virus's at the same time?

MBR and "boot sector" are two different concepts. MBR is the first sector of your hard drive. Floppies don't have an MBR. The job of the MBR is to look for the active partition, and boot that partition. "Boot sector" is the first sector of any partition (or a floppy disk, which is treated like a single partition). For floppy disks, the boot sector is directly loaded and executed by the BIOS. For hard disks, the boot sector is loaded and executed by the MBR (at least if you use a standard MBR).

Many "boot sector" viruses were programmed in a way that they can infect both boot sectors of floppy drives and MBRs of hard drives. Some AV vendors called this type of virus "multipartite".

A boot sector virus usually works by writing a backup copy of the original boot sector to some hopefully safe place, and then putting the virus code into the boot sector. The virus will install itself into the computer at boot time, and then load the backup boot sector and continue booting. To clean a boot sector virus, there are two ways: Either you can write a known-good boot sector to the medium (which is a safe choice for non-bootable media), or you can locate the backup boot sector and copy that one back to the original boot sector (which is a general method to restore any kind of boot sector. You need different boot sectors for MS-DOS and DR-DOS for example). It's possibly the F-PROT detected NYB, and recovered the boot sector backup performed by NYB, but failed to check if that floppy had multiple infections, so the backup by NYB contained AntiCMOS.A. It's not unlikely that both viruses use the same location for the boot sector backup, so trying to boot that double-infected floppy might have ended in an endless loop with NYB loading AntiCMOS.A, and AntiCMOS.A repeatedly loading AntiCMOS.A again.

"multipartite" refers to viruses that infect executable files (.EXE or .COM or both) and MBR of hard disks and BOOT SECTOR of floppies...it used to be that way until sometime in 2005 Kaspersky came up with it's own well defined virus naming standard (most AV uses CARO naming standard). viruses which only infect exec files and MBR of HDD but doesn't infect boot sector of floppies are not "multipartite" like in the case of "Virus.Boot-DOS.Predator.2424", unlike "Virus.Multi.Junkie.1027" which also infects BOOT SECTOR of floppies.

"ANTICMOS.A" and all variants doesn't save the original MBR of HDD when it infects, so it's unlikely that it will be caught up in a infection loop with NYB.A and besides, NYB is stealthy so not likely be loading each other, that's the reason why AVs can remove NYB and not ANTICMOS since it cannot find the original MBR