TIP: Click on subject to list as thread!

ANSI

echo:	alt-comp-anti-virus
to:	ALL
from:	WOLF K
date:	2014-08-04 23:06:00
subject:	Re: Registry-infecting re
On 2014-08-04 8:29 PM, FromTheRafters wrote: > David W. Hodgins submitted this idea : >> On Mon, 04 Aug 2014 10:46:04 -0400, FromTheRafters >> wrote: >> >>> Virus Guy wrote on 8/4/2014 : > > No, I wrote that. > >>> Isn't a Microsoft Word document a file? >> >> Yes >> >>> Is a bootsector a file? >> >> No. It's the first sector of the drive being booted from, though >> many boot loaders will also use additional sectors, up to the 64th >> sector, as that was the standard location for starting the first >> partition on old ata hard drives. Semantics. The boot sector contains a file. The data in the file points to the location of the program that loads the OS, but, as you well know, you can start all kinds of things before loading the OS. Etc. >>> Is BIOS a file? >> >> No. It's usually an eprom chip on the motherboard, that is used >> during startup to find the hard drive to boot from, and then load >> the boots ector from that drive, and then transfer control to the >> code from that boot sector. I say usually, as some older mother >> boards used a prom, so a bios update required replacing the chip. BIOS is a file (data and program) that starts the boot process. Where and how BIOS is stored is irrelevant. It's still a file. Eg, PROM vs EEPROM makes no difference. In very early micro-computers, as you may recall, BIOS was a configuration of switches on the front panel. In later computers, much of what we now consider BIOS was on the external storage media from which the OS was loaded. For that matter, a universal bootloader could be included in BIOS, if the industry agreed on a standard. Etc. Think of BIOS as a minimal OS. > Exactly so. My point to VG was, malware start method persistence not > based on a file is nothing new. > > Granted, the approach being used is interesting. I wonder if Virus Guy's > modified Win98 still has the decoder - he might have eradicated it. I > don't think it is strictly necessary, looks like just obfuscation related. Start method persistence is impossible without some data stored somewhere. IOW, sure, there's a file. You just have to figure out where it is. Have a good day, -- Best, Wolf K kirkwood40.blogspot.ca --- NewsGate v1.0 gamma 2 * Origin: News Gate @ Net396 -Huntsville, AL - USA (1:396/4)
SOURCE: echomail via QWK@docsplace.org

Email questions or comments to sysop@ipingthereforeiam.com
All parts of this website painstakingly hand-crafted in the U.S.A.!
IPTIA BBS/MUD/Terminal/Game Server List, © 2025 IPTIA Consulting™.