Ramon Gandia wrote:
> On Fri, 26 Nov 1999, Denis Havlik wrote:
>
> > :>Try turning off the virus detection in your BIOS. (hellloooo!!) ;)
> >
> > On the other hand, he IS right - noone should cry VIRUS for LILO. Making
> > some BAD publicity for those who do it could help.
>
> What most of these BIOS boot sector antiviruses do is
> do a checksum of the bootsector. They can detect if there
> has been a change. If it has changed, a virus is assumed.
> I am surprised there is no way to allow for a boot sector
> change. A lot of things can go in the bootsector besides
> LILO or the Win95 boot: Win NT boot is different, so
> is System Commander and other boot utilities. I would
> be quite surprised if this BIOS did not have a way to
> cope with it. Maybe you ought to look at the BIOS code
> yourself (and modify it with the flash utility). 8086
> BIOS code is not hard to figure out.
>
> --
> Ramon Gandia ============= Sysadmin ============== Nook Net
> http://www.nook.net [EMAIL PROTECTED]
> 285 West First Avenue tel. 907-443-7575
> P.O. Box 970 fax. 907-443-2487
> Nome, Alaska 99762-0970 ==== Alaska Toll Free. 888-443-7525
Thanks for the idea, Ramon.
I discovered the pointer to the boot sector and directed it to the end of my
disk (I always leave a couple cylinders undedicated to any partition, from
the days when bad sectors were remapped) and I set the checksum in the
CMOS equal to that checksum.... Then I found the spot where the code to turn
off AV protection had been skipped and replaced the jmp with some NOPs -- we
get along better, the board and I, but I am still vexed that LILO would be
called a virus. I suppose if it were simply "changed at the boot
sector-scream you head off" it would be OK...
But when I put in this upgrade, I had to reload windows(it kept reloading the
registry and then loading a bunch of new devices and then rebooting to
complete installation and reporting a damaged registry and reloading it so it
could recognize the changed devices and....) and LILO was there to begin
with.... Why didn't it yell about the Win98 MBR when I used it to replace
LILO? I will look at this hexmash a little more, I think.
Civileme
