-=> Mocking Joshua Small to All <=-
   
 JS> as one_half talked about, and many people have referred to the
 JS> different  way it needs to be cleaned or something like that.  What is
 JS> so different about it techinically that u can't just remove it like any
 JS> other virus?
the problem with one_half is that it encrypts the last two unencrypted
cylinders on the first logical partition... while it's active it allows
the user to access the contents of these cylinders, but when it gets
removed it can no longer do that, so unless you use that special method
or unless you have an anti-virus product that can decrypt those
cylinders when it removes the virus, you're going to be shit out of
luck... the contents of those cylinders are going to be exremely
difficult to recover...
 JS> Secondly.... can anyone tell me what the hell this
 JS> nvclean.exe that comes with the new version of thunderbyte is?  The
known virus cleaner...
 JS> manual won't talk about it, and the newstuff.800 (think that's the
 JS> name) only will tell me that it's there and it's a cleaner.  What was
 JS> wrong with the old tbclean?  And where does the NV in it's name come
 JS> from? 
 
the ordinary tbclean (correct me if i'm wrong frans) acts either as a
heuristic cleaner, or a generic cleaner depending on what you tell it to
do... it does not have a set of instructions on how to clean any
particular virus the way most disinfection programs do, it either uses
it's heuristic analyzer to neutralize the virus, or the anti-vir.dat
files to restore infected files to their original form as dictated by
the cryptographic hash value contained in the anti-vir.dat file..
nvclean has a set of instructions for disinfecting each virus that it
handles... this makes it more accurate than the heurstic cleaner in a
number of cases and more flexible than the generic cleaner...
... i thought it was the metal bars that separated us from the animals...
--- Maximus 2.02
---------------