We have frequently been asked on the steps to be taken if a virus is detected in memory on bootup. There is no such thing as a memory virus. The virus usually comes from the Boot Sector or Partition Table or one of the System Files or a file listed in Autoexec.Bat
- Check the SETUP of your computer and make sure that the Boot Sequence or Boot Priority is set to A:C. You can go to SETUP usually by tapping the Delete key while booting. Some computers may use other keys. You should consult your computer's manual if tapping the Delete key is unsuccessful. It is very important that the Boot Sequence is set to A:C. If the Boot Sequence cannot be set to A:C you should change the attribute of one of the System Files to read/write, i.e. to 20, then rename the System File to another name. You can use the "F1" and "S" function of Vbuster.Exe to change the attribute of IO.SYS. This will force a Hard Disk boot failure and the bootup will default to drive A. The name and attribute of the System File can be restored to its original state after the virus has been removed.
- Boot up a clean DOS diskette in drive A. Use MS DOS 6.22 or earlier if you have a virus in the Boot Sector or Partition Table. Do not use the Windows Startup disk or Windows 95 or 98 DOS.
- Run Vbuster. Exe either from Drive A or from your Hard Disk and use it to rebuild the Boot Sector or Partition Table if it is a Boot virus or clean the infected files if it is a file virus. You can also use Sys.Com if the virus is in the Boot Sector. If you have a 32 bit FAT table you will have to boot up Windows 95 or 98 DOS before you can clean the infected files as MS DOS 6.22 or earlier cannot read a 32 bit FAT table.
- If it is a Boot virus and you have created Sentry.Com with Hdsentry.Com, all you have to do is to run Sentry.Com. Sentry.Com will rebuild the Partition Table or Boot Sector for you.
Looi Hoong Thoong