BEGPAN5.CVP 931103
Getting Resources
There are probably a number of things around you that you can use
either to diagnose the problem or to aid in recovery. We've looked
at some of the basic information, resources and history that might
help. Now, let's look for some tools which might be less obvious.
Another computer is a big help, particularly if you are pretty sure
it hasn't been infected or affected. If you have several, that can
be a real big help. Another computer can be used to examine
(carefully) floppy disks and files from the infected machine, to try
and determine what is being infected, and how. If you don't have a
"clean system disk", that pre-requisite for any virus disinfection,
you can make one from the other computer.
You may be able to confirm or deny a virus infection with the other
machines. If you suspect a virus simply on the basis that
"something weird is happening," then you probably don't have a virus
at all. Computers do many strange and wonderful things, only very
few of them at the behest of viral programs. In any event,
"swapping out" bits and pieces of the computers may identify some
malfunctioning hardware. You still have a problem, but at least it
is an isolated and identifiable one.
Along with whatever system and utility software you can find, get
several blank, formatted disks. Make some of them system disks.
Copy a range of programs on to them, of different types and sizes.
These disks and files you will want to use as bait. (If the
infected computer uses different types and sizes of disks, get
examples of all the various formats.) Record the file sizes and
dates of the "bait" files, as well as the "free space" remaining on
the disk. (Viral programs may use various means to hide the fact
that a file has grown. Few, however, bother to try to hide the fact
that disk space has shrunk.) Take a look at the boot sectors of the
disks so that you will be able to notice any changes if they are
changed.
Get a pot of coffee. Get a few friends, even if computer
illiterate, for the moral support and the extra eyes. (Observations
are key.) Get some lunch. Get some perspective. Don't Panic.
copyright Robert M. Slade, 1993 BEGPAN5.CVP 931103
=============
Vancouver ROBERTS@decus.ca | "Kill all: God will know his own."
Institute for Robert_Slade@sfu.ca | - originally spoken by Papal
Research into rslade@cue.bc.ca | Legate Bishop Arnald-Amalric
User p1@CyberStore.ca | of Citeaux, at the siege of
Security Canada V7K 2G6 | Beziers, 1209 AD
============= for back issues:
Contacts list: cert.org, /pub/virus-l/docs/reviews
Reviews: cert.org, /pub/virus-l/docs/reviews/pc
Column: cert.org, /pub/virus-l/docs/slade.cvp.articles
For those without ftp, see Jim Wright's posting, or use Cyberstore.
Also FREQ from 1:153/733 The Cage 604-261-2347.