Detecting a DOS-Based Computer Virus

If you suspect you have a DOS-based computer virus, but you are not 100 percent sure, try the following steps.

1. Scan with a good antivirus program after cold booting with a write-protected, clean boot diskette.

There is no better way to detect and remove DOS viruses than running a good antivirus program. Use a reliable antivirus scanner with an up-to-date signature database. When you scan for DOS computer viruses, always cold boot the PC from a known clean, write-protected, bootable diskette. This makes sure that no computer virus is in memory when you scan. If a virus is in memory when you search, it can use various subroutine tricks to hide from antivirus programs or cause more damage.

Virus scanners are getting better and better all the time at detecting viruses that are in memory at scan time, but you’ll get best results after cold booting with a clean diskette. I find that my scanning success and removal rate, after a cold boot, is even higher with viruses that aren’t employing stealth defense mechanisms. Less code in memory lets the scanner do its job more efficiently.

When rebooting, make sure you turn the power off instead of pressing Ctrl-Alt-Del to warm boot. There are dozens of viruses, like Fish , Ugly , Joshi , and Aircop , which have no problem “living” through a warm boot, and thriving in memory when the PC restarts. These types of viruses monitor the keyboard input buffer or check the “warm-boot flag” in the BIOS data area ...

Get Malicious Mobile Code now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.