Dec 092017
 
Master Boot Sector and Boot Sector anti-virus kit.
File FIXUTIL3.ZIP from The Programmer’s Corner in
Category System Diagnostics
Master Boot Sector and Boot Sector anti-virus kit.
File Name File Size Zip Size Zip Type
CHK.DOC 4550 2101 deflated
CHKBOOT.EXE 1357 1284 deflated
CHKMEM.COM 1584 1082 deflated
CHKSMBR.EXE 749 685 deflated
FIXFBR.EXE 2189 2109 deflated
FIXFBR1A.DOC 4885 2065 deflated
FIXMBR.EXE 2219 2134 deflated
FIXMBR24.DOC 26118 8868 deflated
NOFBOOT.COM 368 290 deflated
NOFBOOT.DOC 2602 1216 deflated
SUMFBOOT.COM 368 290 deflated
VALIDATE.24 366 241 deflated

Download File FIXUTIL3.ZIP Here

Contents of the CHK.DOC file


CHKMEM & CHKBOOT

The CHK programs, CHKBOOT and CHKMEM are part of a suite of programs
which I have developed as personal tools for the investigation of
viruses. For some reason (possibly laziness) I have become something
of a specialist in Master Boot Record and Dos Boot Record infections.

Each carries its own documentation internally. To read, for CHKMEM
simply TYPE the progran (e.g. TYPE CHKBOOT.COM), for CHKBOOT, invocation
without a drive letter (e.g. CHKBOOT) will provide help.

With the current rise in number and prevalence of such infections - in
particular the destructive MICHELANGELO, I am releasing these programs,
as FREEWARE to the general public so long as they are not changed in any
way, and in particular so long as the ASCII notices remain intact and are
displayed.

Like any personal tool, I can make no guarentee as to the fitness for
any use but they have proven effective for me. They are not 100% effective
against any and all viruses but CHKMEM will find all of the MBR infectors
and quite a few of the file infectors that go resident in the "upper 640".
MICHELANGELO in particular will return a total memory value that is 2k
lower than expected (most 640k machines should return A000 seg 640k 655,360
bytes when clean) when resident as will STONED and most of its varients.

If DOS 4.x is in use, this return may be 1k lower - 9FC0 seg - and certain
COMPAQ and other machines with dedicated mouse buffers may do so also as
will most BIOS-beginning security program such as my DiskSecure program.
Be aware that such a memory loss may be normal but any should be
investigated to determine what the cause is. If you have a low value and
are in doubt, one test would be to boot from a known, clean, write-protected
floppy and see if the values are the same. Note that the lower two values
will change depending on what TSRs are loaded but their sum should remain
the same.

The best use of CHKMEM is before a virus strikes to record "clean" values.
This way and differences will be redily noticable.

CHKBOOT simply checks the boot record of floppy and fixed disks for
adherance to certain rules. Note that STONED and MICHELANGELO will not
be detectable on fixed disks this way since they are MBR not DOS Boot
Record infectors. CHKBOOT will detect these infections (and others) very
effectively on floppies. Also please note that it will not detect certain
viruses that "play by the rules" on floppy disks but I have seen very few
of these. Again be aware that some security products maintenance disks
(e.g. my DiskSecure again) may also violate these rules so if a disk is
flagged as infected, be aware that there is a small chance that it may
be a valid disk. It is also possible that some disk formatting routines
may legitemately violate my somewhat arbritrary rules. If so, I would
like to know about it.

Since some "stealth" viruses may return correct values to CHKBOOT, it
is recommended that CHKMEM be run first unless the system is known to
be clean. Those "stealth" MBR infections that I have observed are detectable
with CHKMEM when resident.

Just to make things a bit more difficult for would-be virus-writers, the
rules these publicly-released versions use are slightly different than
those in my personal toolkit but are designed to be just as effective
at finding viruses.

Note: while these programs are designed to provide indication that a virus
such as STONED or MICHELANGELO is present, they do nothing to remove such
viruses, the proper treatment will depend on the virus encountered. For
protection, please see my FREEWARE programs SafeMBR and NoFBoot.

RETURNS: While these programs were originally designed for manual use,
errorlevel returns have been added for use in batch files (CHKBOOT
should only be used this way on fixed disks) or from Network
servers. Returns will be 0 for valid termination and 1 or 2 for
suspect termination.

Padgett Peterson
Orlando, Florida, USA
18 January, 1992
Internet: padgett%[email protected]

VALIDATE (C) Mcafee Associates values

File Name: chkmem.com
Size: 1,584
Date: 2-25-1992
File Authentication:
Check Method 1 - 0E1E
Check Method 2 - 1974

File Name: chkboot.exe v1.3d - fix ZDS (Zenith) conflict
Size: 1,357
Date: 1-28-1992
File Authentication:
Check Method 1 - 756D
Check Method 2 - 0B86


 December 9, 2017  Add comments

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

(required)

(required)