TIP: Click on subject to list as thread!

ANSI

echo:	alt-comp-anti-virus
to:	ALL
from:	FROMTHERAFTERS
date:	2014-08-04 23:58:00
subject:	Re: Registry-infecting re
Wolf K explained on 8/5/2014 : > On 2014-08-04 8:29 PM, FromTheRafters wrote: >> David W. Hodgins submitted this idea : >>> On Mon, 04 Aug 2014 10:46:04 -0400, FromTheRafters >>> wrote: >>> >>>> Virus Guy wrote on 8/4/2014 : >> >> No, I wrote that. >> >>>> Isn't a Microsoft Word document a file? >>> >>> Yes >>> >>>> Is a bootsector a file? >>> >>> No. It's the first sector of the drive being booted from, though >>> many boot loaders will also use additional sectors, up to the 64th >>> sector, as that was the standard location for starting the first >>> partition on old ata hard drives. > > Semantics. The boot sector contains a file. The data in the file points to > the location of the program that loads the OS, but, as you well know, you > can start all kinds of things before loading the OS. Etc. > >>>> Is BIOS a file? >>> >>> No. It's usually an eprom chip on the motherboard, that is used >>> during startup to find the hard drive to boot from, and then load >>> the boots ector from that drive, and then transfer control to the >>> code from that boot sector. I say usually, as some older mother >>> boards used a prom, so a bios update required replacing the chip. > > BIOS is a file (data and program) that starts the boot process. Where and > how BIOS is stored is irrelevant. It's still a file. Eg, PROM vs EEPROM > makes no difference. In very early micro-computers, as you may recall, BIOS > was a configuration of switches on the front panel. In later computers, > much of what we now consider BIOS was on the external storage media from > which the OS was loaded. For that matter, a universal bootloader could be > included in BIOS, if the industry agreed on a standard. Etc. Think of BIOS > as a minimal OS. > >> Exactly so. My point to VG was, malware start method persistence not >> based on a file is nothing new. >> >> Granted, the approach being used is interesting. I wonder if Virus Guy's >> modified Win98 still has the decoder - he might have eradicated it. I >> don't think it is strictly necessary, looks like just obfuscation related. > > Start method persistence is impossible without some data stored somewhere. > IOW, sure, there's a file. You just have to figure out where it is. > > Have a good day, I disagree with this usage when in this context. These entities exist and are accessed before there is a file system extant to access true files. --- NewsGate v1.0 gamma 2 * Origin: News Gate @ Net396 -Huntsville, AL - USA (1:396/4)
SOURCE: echomail via QWK@docsplace.org

Email questions or comments to sysop@ipingthereforeiam.com
All parts of this website painstakingly hand-crafted in the U.S.A.!
IPTIA BBS/MUD/Terminal/Game Server List, © 2025 IPTIA Consulting™.