Urban75 Home About Offline BrixtonBuzz Contact

o bolloxs - Ravage (b) Virus

dlx1

dlx1

Well-Known Member
Background:I was making a ms - client from an image to floppy disk. when i put disk back in computer Avast pop up with virus didn't see name then screen just showed desktop with no icons. and froze. Computer now just start up show splash screen of make then shut back down then start up to same point then back down. So can't get to last best config or others.

I used and old Nort disk and it of the below (as it in the MBR I be guessing that real bad)


NAME: Dodgy
ALIAS: Ravage
TYPE: Resident Stealth Boot sectors MBR

Dodgy is a simple boot sector virus. The only special thing about is that it is able to spread under both DOS and Windows 95.
When Dodgy activates it will display this text:
RAVage is wiping data! RP&muRPhy
After this the virus will overwrite most of data on the hard drive.
Dodgy has been reported to be in the wild during fall 1997.
[Analysis: Mikko Hypponen, F-Secure]

Ravage is a stealth boot virus. The virus is memory-resident and resides in two sectors.
Click to expand...

F-secure gave me the info above but not how to kill.
google can back not with to much as well!

How can I kill this fuker.:o
 
Dodgy This is a very dangerous memory resident stealth boot virus. It occupies two sectors, so the virus length is 1024 (400h) bytes. It infects the MBR of the hard drive and boot sector of floppy disks. While infecting the hard drive the virus saves the original MBR sector and the rest of its code to the sectors on the first track/zero head starting from sector 14. Usually that space is not occupied by any programs/data. While infecting floppy disks the virus saves original boot sector and its code to the last sectors of root directory. While loading from infected disk the virus decreases the size of system memory by using the word at address 0:0413h, copies itself to there, hooks INT 8, 13h, 40h and calls bootstrap loader (reboots the system)
Click to expand...

sound a cleaver littel CU#T :mad:
 
Oh yes, I for got to mention, the disk you make must be clean which means you can't make it on the infected machine and I should be a bit careful of a disk that you have used in the infected machine. And you might want to scan the machine you do make the boot disk on before you do make the disk, it could make a difference.
 
nobbythenob said:
Try doing a safe boot, or try and get hold of Hiren's.BootCD.8.1. and do a dos scan
Click to expand...

computer doesn't get that far to pick safe mode/ last best config/

I look at Hiren's.BootCD.8.1

thanks.

Kameron fdisk /mbr from a boot disk
Click to expand...

I havew a look, after deleting the mbr on a reboot with the computer make a new mbr?

thanks both :)

off to google
 
fdisk /mbr makes a new master boot record, that is the DOS version of fdisk not the *nix one. This is fine if you have windows or dos but will kill you if you have a boot loader, then again the virus will have already done that.
 
You must log in or register to reply here.

Similar threads

editor
Help Software to let me select videos to be displayed on projector via HDMI
Replies
14
Views
668
elbows
elbows
steveseagull
VPN at Router level
Replies
2
Views
162
kalmatthew
K
C
All porn sites must 'robustly' verify UK user ages by July 2025
8 9 10 11 12
Replies
344
Views
9K
Ax^
Ax^
two sheds
Windows 10 support ends October 14 unless you do something before then
Replies
9
Views
179
gentlegreen
gentlegreen
gentlegreen
Bluestacks Android emulator left a phantom phone on my Google account. (EDIT: THREE)
Replies
3
Views
224
High Voltage
High Voltage
Back
Top Bottom