<br><br><div class="gmail_quote">On 5 July 2011 22:04, Robert Ladyman <span dir="ltr"><<a href="mailto:it@file-away.co.uk">it@file-away.co.uk</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
I don't see it as a major problem - you can copy an MBR using dd either to or<br>
from the drive. </blockquote><div> You don't want to copy the MBR with the virus code. If you dd it to remove the code sector you have to nominate 440 bytes as this is specified code area within the MBR as the rest of the sector to 512 bytes is made up of partition tables, MBR signature, etc. which you do not want to remove. <br>
</div><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">If the virus can write to the MBR, then so can you. </blockquote><div>There are programmes for editing the MBR.<br>
</div><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">Not only<br>
that, you could just use another hard disc (the MBR is on the disk, not the<br>
PC).<br></blockquote><div>The easiest thing to do this to overwrite the MBR with re-installing GRUB or an independent boot manager (if used) if the virus affected these booting methods. Using another hard disk would not solve the problem as the virus would be re-installed into the nominated MBR of whatever disk you are using when you again re-boot into the Windows Partition (you would have to get your windows partition cleansed first).<br>
<br>Apologies for not clearly stating in my post what I was looking for. It was to know if the virus code affected the booting of Linux systems ( I am now looking at what the code does). Seemingly, from trawling the internet, it does not affect the booting of Linux systems. I was just wondering if any of the ethical hackers had studied it and knew how it worked. Thanks for the reply.<br>
<br>Gordon<br><br> </div><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<div><div></div><div class="h5"><br>
<br>
</div></div>--<br>
Robert Ladyman<br>
File-Away Limited<br>
3 Ralston Business Centre, Newtyle, Blairgowrie<br>
Perthshire PH12 8TL SCOTLAND<br>
Tel: +44 (0) 1828 898 158<br>
Mobile: +44 (0) 7732 771 649<br>
<a href="http://www.file-away.co.uk" target="_blank">http://www.file-away.co.uk</a><br>
<br>
============================================<br>
Registered Office: 32 Church Street, Newtyle, Blairgowrie<br>
Perthshire, PH12 8TZ SCOTLAND<br>
Registered in Scotland, Company Number SC222086<br>
<br>
<br>
_______________________________________________<br>
dundee GNU/Linux Users Group mailing list<br>
<a href="mailto:dundee@lists.lug.org.uk">dundee@lists.lug.org.uk</a> <a href="http://dundeelug.org.uk" target="_blank">http://dundeelug.org.uk</a><br>
<a href="https://mailman.lug.org.uk/mailman/listinfo/dundee" target="_blank">https://mailman.lug.org.uk/mailman/listinfo/dundee</a><br>
Chat on IRC, #tlug on <a href="http://irc.lug.org.uk" target="_blank">irc.lug.org.uk</a><br>
</blockquote></div><br>