Most antivirus programs need you to make a clean boot disk. This should be made before disaster hits. To make one on a clean computer follow these steps.
1. Be certain the computer you're making the disk on is clean. To do this, check it with an antivirus program or two.
2. Put a blank disk into the disk drive that is the same size as the infected computer's drive A:
3. At a DOS prompt type
FORMAT A: /sor if the clean computer's B: drive is the same size as the infected computer's A: drive
FORMAT B: /s4. You will need one disk for starting the computer and one disk for the antivirus program. Put another disk in the disk drive and type
FORMAT A:or
FORMAT B:F-Prot can remove most of the viruses that are out there. I also recommend AVP from http://www.avp.com but you don't need to make a boot disk with AVP
The essential files for F-Prot are
SIGN.DEF SIGN2.DEF F-PROT.EXE ENGLISH.TX0 MACRO.DEFIf there is not enough space for MACRO.DEF, then download ftp://ftp.complex.is/pub/nomacro.def. Rename it to MACRO.DEF replacing the old MACRO.DEF. With the empty MACRO.DEF, F-PROT uses only heuristics to find macro viruses, but you don't need to boot from a floppy to clean macro viruses anyway. F-Prot from http://www.complex.is. Unzip the ZIP file and copy the essential files to the disk. If you don't have an Unzip program download WinZip from http://www.winzip.com
5. Write protect the disks. For 3 1/2 " disks you have to be able to see through the hole. For 5 1/4 " disks, the notch must be covered. Then scan the disk you have just made.
6. Go to the infected machine and turn it on. There should be a message saying something like
Press DEL to access setup screen.
If it doesn't display a message like that then look in your manual for the proper steps to access the CMOS setup screen and follow them. If your computer doesn't have a CMOS, or you don't feel comfortable changing settings, or what is written here doesn't seem to match what your computer says, then skip to step 7
Explanation: There are a few things that trick people when trying to do a disinfection. The virus could have set the Floppy drives to be non-existent or an invalid size in the setup screen.
Check to make sure the floppy drives are set to their correct sizes.
There are some options that some BIOSes have and others don't. They are:
i. The boot sequence could be set to C:, A: which means it tries to boot off drive C: first. To boot from the disk, the boot sequence needs to be set to A:, C:.
ii. The virus protection in the BIOS could be turned on. It will prevent anything from writing to the master boot sector, including the antivirus program. Turn this off.
Contrary to what some people think, "Floppy Seek on Bootup" has no effect on viruses or antiviruses. Save the changes you have made.
Note: Setting the boot sequence to C:, A: and turning on the virus protection in the BIOS are helpful in preventing an infection, but for removing a virus, they are a nuisance. So, if you want, set the boot sequence to C:, A: and turn on the BIOS virus protection after you disinfect the computer. The boot sector virus protection will warn if any program tries to write to the boot sector. It does not protect you if the virus has already infected the boot sector. Installing a new operating system, using FDISK, and converting to FAT32 are supposed to write the the boot sector.
7. Turn off the computer, insert the disk you have made, and turn on the computer.
Explanation: Some viruses can fake a CTRL-ALT-DEL so it is necessary to turn the computer off. Note, however, that there are no viruses that are still in memory after the power is turned off. That means there are no viruses that infect the CMOS or Flash BIOS, and no viruses that require memory chips to be replaced.
8. If it asks, type in the correct date and time or just press enter then enter.
9. For F-Prot type F-PROT /HARD /DISINF
Sometimes, when you use a Windows 95 boot disk, virus remnants will be loaded into memory. These remnants are not active. If your antivirus false alarms on the remnants then use
F-PROT /HARD /DISINF /NOMEM
10. The computer should be clean after a short time.
If one antivirus cannot clean the disk, then try the other one. If none of the antivirus programs you try work, contact tech support for your AV product, or post to a virus-related newsgroup with all the details of what configuration you have and what has happened so far. Be accurate with your description. The following information would be the most helpful. The size, make and model of your hard disk. The operating system you are using. The name and version of the antivirus and why it said the virus couldn't be removed. The name of the virus. If possible, the size of your hard drive partitions and the amount of total conventional memory according to CHKDSK. Whether you have any special partitioning software like EZ Drive or Dynamic Drive Overlay.
Some antiviruses can even disable the virus while it is active in memory. This is usually quite safe and sometimes there are no other options open to you. The antivirus that does this the best is AVP. If AVP can disable the virus in memory, you don't need to boot from a clean disk to remove the virus. (You should still have a boot disk handy just in case the computer doesn't boot at all.) You can get AVP from http://www.avp.com After you clean your hard disk, you will have to clean all your floppies that are infected. You will have to check every single one of them. Install your antivirus to your hard disk. It should be able to clean floppy disks as well.
Technical Notes on a few special cases.
* Almost all viruses could corrupt a floppy disk or file while trying to infect it. E-Mail me if the virus you have is not on this list or there is not enough information. First check to see if the virus is described here.