blind to truth
06-16-2000, 02:45 PM
<<<heard from a friend.He said that if you delete the Natas virus (satan backwards) it will take down other system files with it.Natas ,i think,took 1gig of his HDD(2gig HDD)
Click to See Complete Forum and Search --> : dont delete Natas
Warthog
06-16-2000, 02:56 PM
Thanks for the headsup http://sysopt.earthweb.com/forum/smile.gif.
Personally, I don't really worry about certain viruses. I happen to frequently back up all of my files (mp3, pictures, documents, game save files and everything else). If a virus did come and delete a bunch of stuff, I'd just replace it off of my CD-Rs and -RWs.
Warthog
Personally, I don't really worry about certain viruses. I happen to frequently back up all of my files (mp3, pictures, documents, game save files and everything else). If a virus did come and delete a bunch of stuff, I'd just replace it off of my CD-Rs and -RWs.
Warthog
blind to truth
06-16-2000, 04:31 PM
i think he said Natas stays in your hard drive even if you delete it or format you hard drive.I am unfortunatly running this computer with a virus that took %10 of my HDD(given to my by this *******>slammed32@aol.com)
socalgal
06-16-2000, 08:54 PM
Did a search on 'Natas virus', on www.google.com (http://www.google.com) . Here's one link to/description of Natas.
From IBM: NATAS (http://www.av.ibm.com/InsideTheLab/VirusInfo/Descriptions/NATAS.html)
Name: Natas
Classification:
Resident EXE, COM, diskette and hard disk master boot infector for PC DOS
Lenght of Virus: Approximately 4744 bytes
Behavior Summary:
When a system is booted from an infected diskette, the virus installs itself in memory, and in the last nine sectors of the first hard disk. When booted from an infected hard disk, the virus installs itself in memory. In either case, it lowers the BIOS memory-size value by 6K to protect the memory area that it uses.
When an infected program is run, the virus alters the DOS memory control blocks to reserve space at the top of memory, as well as reducing the BIOS memory-size value by 6K.
While the virus is in memory, it will infect the boot record of any diskette that is used, and any file read, executed, or accessed in a number of other ways. Infected files will grow by approximately 4744 bytes, although while the virus is active in memory it will hide this growth (the DIR command, for instance, will show the old uninfected lengths of infected files). The virus uses complex low-level methods of intercepting system calls, and (depending on exactly how the virus has loaded, the version of DOS, and so on) inspecting the INT13 and INT21 chains in the usual way may not reveal the presence of the virus.
The virus marks infected files by adding 100 to the year field in the directory entry. The usual DIR command does not display the century part of the year, but some other directory utilities may display years as, for instance, 194 or 2094. If the virus is active in the system, it hides this change.
The virus is highly polymorphic in files, and slightly polymorphic (really only garbled, to hide the code from heuristic boot scanners) in boot records. It contains numerous tricks intended to make it difficult to detect and analyze, but the main result of the complexity is that some infected systems will function slowly or not at all, and some infected programs will be corrupted. One routine in the virus will write garbage to large areas of the first hard disk if it detects someone trying to analyze it; any competent analyst, however, will be able to bypass the damage routine. The damage routine is also called roughly one in five hundred times that an infected machine is booted.
From IBM: NATAS (http://www.av.ibm.com/InsideTheLab/VirusInfo/Descriptions/NATAS.html)
Name: Natas
Classification:
Resident EXE, COM, diskette and hard disk master boot infector for PC DOS
Lenght of Virus: Approximately 4744 bytes
Behavior Summary:
When a system is booted from an infected diskette, the virus installs itself in memory, and in the last nine sectors of the first hard disk. When booted from an infected hard disk, the virus installs itself in memory. In either case, it lowers the BIOS memory-size value by 6K to protect the memory area that it uses.
When an infected program is run, the virus alters the DOS memory control blocks to reserve space at the top of memory, as well as reducing the BIOS memory-size value by 6K.
While the virus is in memory, it will infect the boot record of any diskette that is used, and any file read, executed, or accessed in a number of other ways. Infected files will grow by approximately 4744 bytes, although while the virus is active in memory it will hide this growth (the DIR command, for instance, will show the old uninfected lengths of infected files). The virus uses complex low-level methods of intercepting system calls, and (depending on exactly how the virus has loaded, the version of DOS, and so on) inspecting the INT13 and INT21 chains in the usual way may not reveal the presence of the virus.
The virus marks infected files by adding 100 to the year field in the directory entry. The usual DIR command does not display the century part of the year, but some other directory utilities may display years as, for instance, 194 or 2094. If the virus is active in the system, it hides this change.
The virus is highly polymorphic in files, and slightly polymorphic (really only garbled, to hide the code from heuristic boot scanners) in boot records. It contains numerous tricks intended to make it difficult to detect and analyze, but the main result of the complexity is that some infected systems will function slowly or not at all, and some infected programs will be corrupted. One routine in the virus will write garbage to large areas of the first hard disk if it detects someone trying to analyze it; any competent analyst, however, will be able to bypass the damage routine. The damage routine is also called roughly one in five hundred times that an infected machine is booted.
SysOpt.com
Copyright Internet.com Inc. All Rights Reserved.
Copyright Internet.com Inc. All Rights Reserved.