The information in this article applies to:
- Microsoft MS-DOS operating system versions 3.x, 4.x, 5.x
SUMMARY
Viruses commonly "hide" in little-used files such as FIND.EXE. Listed
below are steps you can take to check for a virus without the benefit
of a viral scanner. The procedure involves using CHKDSK and FIND
(commonly targeted for infection) to check for changes in conventional
memory and/or file size.
MORE INFORMATION
If you suspect your machine may have contracted a virus, do the
following:
- Put write-protect tabs on your DOS disks. This will keep the disks
from being written over, and they can be used as a reference for
file size and date checking.
- Compare the file sizes and dates of the DOS disks to the
corresponding files residing on the hard drive. One way you can
accomplish this task is to boot up with the DOS system floppy disk
and, at the A: prompt, type "DIR *.* > PRN" (without the quotation
marks). This command will pipe a directory listing to the printer.
- Repeat step 2 using the DOS supplemental disk.
- Type "C:" and change to your DOS directory. Type "DIR *.* > PRN"
again. Be sure to do this for COMMAND.COM as well (it may be in the
root directory). If there is any discrepancy in file sizes or dates
between the DOS disks and your hard disk, you may have a virus. In
that event, you should obtain a virus cleaning program and/or
reformat your hard disk.
- Run CHKDSK after powering on your computer (don't boot off the
floppy disk). At the bottom of the read-out, CHKDSK will give a
number for Total Bytes Memory, as well as Bytes Free. Write down
these numbers.
- Change to the directory in which the DOS commands reside. Type "DIR
FIND.EXE". Note the the size of the file and the date.
- Type "FIND". You will receive an error message telling you "No
Parameters Specified", However, the command has been activated,
even if in error.
- Run CHKDSK again. Check too see if there is any change in Total
Bytes Memory or Bytes Free. Since FIND.EXE is not a memory-resident
utility, there should not be a difference. If there is, you may
have a virus. You should obtain a virus cleaning program and/or
reformat the hard disk.
- Change to your DOS directory. Once again, type "DIR FIND.EXE".
Compare the files size and date with the number you had written
down previously. If there is a change, you should obtain a virus
cleaning program and/or reformat the hard disk.
MS-DOS version 5.0 disks are shipped without a notch; therefore, they
are write protected. The chances of these disks containing a virus are
extremely small. The DOS 5.0 disks are compressed; therefore, the file
sizing is different. You can tell a compressed file by the underscore
that will be the last character of the extension on a compressed file.
To expand a compressed file, use the expand utility on Disk 5 (for
5.25-inch disks) or Disk 3 (for 3.5-inch disks).
|