Page 4
antiEXE virus once removed
I was handed a Laptop (I won't mention that it was a TI) that was 'infected' with
a fresh dose of ANTIEXE. Probably within hours. My first case of Laptop virus residenta.
Using medical terms with electronics devices doesn't quite fit the industry.
So I opted not to wear the surgical gloves.
The installed operating system was Windows 95. Evidently at purchase time, actually a
little while after, I suppose enough time to get it home and unwrapped...
after it boots up, one is confronted with an operating system installation choice.
(Windows 95 or Windows for Workgroups) at least with this Laptop vendor. The reason
I mention this because I found WFWG.zip a 60+meg file in the root directory, thats a
lot of wasted space.
The first action I took was to back everything up to zip drive knowing that I probably
transferred ANTIEXE to the zip disks. Then I unzipped McAfee to the laptop from two 1.44
3 1/2's (pkzip using the -& will 'span' large files across several 3 1/2's) So if you
have a 10 meg file and only a dozen 3 1/2's you can still transport the file
using pkzip -& [a:\stuffzipped stufftozip]).
antiEXE on this laptop allowed Windows95 only to boot in the SAFE mode,
not a good feeling when trying to accomplish real work in the field.
Booting into Windows 95, I installed McAfee and ran it. McAfee detected, and reported:
A VIRUS is Present in Memory, Boot from a fresh 3 1/2'... (3 1/2's are here to stay)
glad McAfee doesn't own any stock in 5 1/4 er's.
So I made a Windows95 boot disk from another PC, and as instructed by McAfee booted to
the DOS prompt. Cd’ed down to the McAfee sub directory and tried to run scan.exe. Opps!
received a *not enough memory* error. No Himem.sys loaded. I edited the a:\ config.sys
to add Himem.sys, and rebooted. The laptop locked up after himem checked memory.
Okay enough of this ! Now the 3 1/2 contained antiEXE also. I made a DOS 6.22 boot disk
[another different unsuspecting 3 1/2 from another room] and re-re-booted the laptop,
Cd’ed down to scan.exe and ran that, this time it ran, the footprint of DOS6.22 in
conventional memory allowed for the Windows95 McAfee scan.exe to execute. McAfee
found that the BOOT SECTOR contained antiEXE. and cleaned the C:\ drive boot sector.
Not to mention every other medium that contained antiEXE within a ten foot radius.
Very invasive virus, copying from a 3 1/2 or editing a file on a 3 1/2 will transfer
the boot sector virus. Running SYS.com from a clean 3 1/2 did NOT remove the virus
from the laptop boot sector. I did a search on ANTIEXE on the Internet and turned up
several folks that had run into this virus, so here is my account of what happened on
this dreadful day 'my first encounter' with a virus and want to keep it that way.
Just where it came from I do not know. Could this be ???
a Close Encounter of the NERD kind ??
I use Windows 95 and NT 4.0 almost exclusively these days, but DOS 6.22 is kept within
reach. antiEXE not a good thing
