Hi David,
Quoting David Desrosiers to John Kismul, on 27 Dec 96
 RF>  >> execute a command such as DIR A:  I know that there is some
 RF>  >> viruses that works like that.
 DD>         There are.
There are /not/. This is an impossibility on a clean system. This condition 
is only there because of the pendants - AFAIAA, there is no such virus that 
jumps to the data buffer either. It would be remarkably stupid.
 DD>         That's funny... DSAV's information must be wrong then.
/If/ they state this, and you're not just interpreting it in this way, then 
yes, it is wrong.
 DD>         NYB is one such virus that *WILL* infect your system as well
 DD> as load into memory, and then use stealth to hide itself while
Just from doing a "dir" on a disk? Such a thing is /not/ possible.
You are in charge of anti-virus measures, you say? Worrying. As a programmer, 
I can tell you that what you are describing is not [cannot] be done on a 
clean, standard DOS system.
Think about it, will you? For this to be possible, dos would have to execute 
the code that it's just loaded into the data buffer. Why would it do that? It 
would have no way of knowing what it had just loaded, and that would make the 
system extremely unstable - bad move.
Even if it had loaded a normal bootsector, that would mean that every time 
you did a directory of a disk, you would either be asked to replace the 
floppy and insert a bootable one, or find your system rebooting. I don't know 
about you, but these are not common phenomena round here!
Paul
--- FMail 1.02
---------------