Re: virus and LILO ?

To: Eugene Sevinian <sevinian@aya.yerphi.am>
Cc: debian-user@lists.debian.org
Subject: Re: virus and LILO ?
From: "Charles B \(Ben\) Cranston" <zben@ni.umd.edu>
Date: Thu, 13 May 1999 16:46:26 -0400
Message-id: <[🔎] 373B3A21.8A22B9FE@ni.umd.edu>
References: <[🔎] Pine.LNX.3.96.990514011005.5335F-100000@aya.yerphi.am>

Eugene Sevinian wrote:

> Analysing bad behaviour of my PC, the assumption was done about
> possible virus activity under w95. (W95 and Linux are sharing the same
> harddisk). Formating disk did not helped at all, so I am thinking about
> some kind of bootsector based viruses. Is it theoreticaly possible to be
> infected by such viruses in case of using LILO?

One might wonder about a boot-sector virus.  These probably make some
assumptions about the layout of stuff in the boot sector, and I'm sure
lilo's layout violates those assumptions.

There are two ways to install lilo.  Either it can be installed directly
into the boot sector ( like boot=/dev/hda ) or it can be installed into
the boot area of a specific volume ( like boot=/dev/hda3 ).

In the first case, just reinstalling lilo should wipe out any boot
sector virus by overwriting it.

In the second case, we depend upon the standard DOS boot sector code to
scan the volume table, notice which one is set as the boot volume,
then in turn leap to the next booter (in our case lilo) in that volume
block.  If a virus wipes out the first stage booter it can be put back
by a DOS command, something like:

    fdisk /mbr

which rewrites a standard Master Boot Record.  This is the customary
and usual way to recover from a boot sector virus.

Good luck!

-- 
Charles B. (Ben) Cranston
mailto:zben@ni.umd.edu
http://www.wam.umd.edu/~zben

Reply to:

References:
- virus and LILO ?
  - From: Eugene Sevinian <sevinian@aya.yerphi.am>

Prev by Date: MS Outlook to Linux
Next by Date: Re: virus and LILO ?
Previous by thread: virus and LILO ?
Next by thread: Re: virus and LILO ?
Index(es):
- Date
- Thread