BEGPAN5.CVP  931103
 
                         Getting Resources
 
There are probably a number of things around you that you can use
either to diagnose the problem or to aid in recovery.  We've looked
at some of the basic information, resources and history that might
help.  Now, let's look for some tools which might be less obvious.
 
Another computer is a big help, particularly if you are pretty sure
it hasn't been infected or affected.  If you have several, that can
be a real big help.  Another computer can be used to examine
(carefully) floppy disks and files from the infected machine, to try
and determine what is being infected, and how.  If you don't have a
"clean system disk", that pre-requisite for any virus disinfection,
you can make one from the other computer.
 
You may be able to confirm or deny a virus infection with the other
machines.  If you suspect a virus simply on the basis that
"something weird is happening," then you probably don't have a virus
at all.  Computers do many strange and wonderful things, only very
few of them at the behest of viral programs.  In any event,
"swapping out" bits and pieces of the computers may identify some
malfunctioning hardware.  You still have a problem, but at least it
is an isolated and identifiable one.
 
Along with whatever system and utility software you can find, get
several blank, formatted disks.  Make some of them system disks. 
Copy a range of programs on to them, of different types and sizes. 
These disks and files you will want to use as bait.  (If the
infected computer uses different types and sizes of disks, get
examples of all the various formats.)  Record the file sizes and
dates of the "bait" files, as well as the "free space" remaining on
the disk.  (Viral programs may use various means to hide the fact
that a file has grown.  Few, however, bother to try to hide the fact
that disk space has shrunk.)  Take a look at the boot sectors of the
disks so that you will be able to notice any changes if they are
changed.
 
Get a pot of coffee.  Get a few friends, even if computer
illiterate, for the moral support and the extra eyes.  (Observations
are key.)  Get some lunch.  Get some perspective.  Don't Panic.
 
copyright Robert M. Slade, 1993   BEGPAN5.CVP  931103
 
============= 
Vancouver      ROBERTS@decus.ca         | "Kill all: God will know his own."
Institute for  Robert_Slade@sfu.ca      |       - originally spoken by Papal
Research into  rslade@cue.bc.ca         |         Legate Bishop Arnald-Amalric
User           p1@CyberStore.ca         |         of Citeaux, at the siege of
Security       Canada V7K 2G6           |         Beziers, 1209 AD
============= for back issues:
Contacts list: cert.org, /pub/virus-l/docs/reviews
Reviews: cert.org, /pub/virus-l/docs/reviews/pc
Column: cert.org, /pub/virus-l/docs/slade.cvp.articles
           For those without ftp, see Jim Wright's posting, or use Cyberstore. 
           Also FREQ from 1:153/733 The Cage 604-261-2347.