ResQfloppy - Floppy cloning and recovery kit

IVINIT - Boot Virus & Worm-Trojan Remover

Too many users have unnecessarily formatted their hard drive because of simple boot virus infection. There is no reason that you become one of them. The program offered here for download will let you remove any boot virus from your first (boot) hard drive, without needing to boot clean, in a few simple keystrokes.

Note that this utility should only be used on hard drives running under DOS, and Windows 95/98/ME and that were configured with FDISK. If your hard drive was configured with other programs such as Partition Magic or had a boot manager installed, you are then advised to consult you program's documentation on how to repair/reinstall a defective boot system.

• First, download IVINIT.EXE to your hard drive by clicking the link
• Next, restart the computer to plain DOS by pressing the F8 key as soon as you see the message "Loading Windows ..."
• When at the command prompt, change to the directory where you put the download and run the program by typing IVINIT and then 'Enter'
• Follow instructions on screen, and answer 'yes' twice, first when prompted to remove the virus, and then to reboot the computer. The computer will now reboot clean.
• After having rebooted clean, process all your floppies with FIXBOOT, to prevent reinfection of your hard drive.
• As a bonus, IVINIT also removes common worm/Trojans such as ExploreZip and Happy99 as well as common backdoor hacking tools. To remove one of those, just restart the computer in MS-DOS mode and run IVINIT.EXE from the affected hard drive.

IVINIT is part of InVircible, the world's most complete Generic Virus Protection Suite. For thorough protection of your computer and valuable data you may wish to download the complete InVircible package.

CleanTrack0 - Clear stray code of track zero

Normally, track zero of the hard drive is unused except for the first sector, which is where the master boot record (MBR) is stored. Track zero is also where boot viruses sometimes relocate the uninfected MBR, or write their own auxiliary code. Boot overlays such as EZ-bios and Disk Manager use track 0 for storing the overlay code, for the same reason.

When disinfecting from such virus, or uninstalling a boot overlay, then track 0 is not cleaned from the stray code that was put by the virus or the boot overlay. Although being inert, the stray code is sometimes picked by poorly designed utilities and causes worry due to a false alarm.

The CleanTrk utility clears the stray code from track zero after it assures that there is no active boot overlay installed to the drive. CleanTrk can be run from the server right away, or downloaded to the drive and then run locally. CleanTrk will not affect the MBR and leave it unmodified.

Note: CleanTrk will only run from true DOS, or Windows 9x/ME.

MakeResQ - Boot rescue floppy producer

MakeResQ creates a system boot floppy, with all the necessary drivers required to conduct virus recovery, as well as disk and data recovery.  To make a rescue boot floppy, put a formatted floppy in drive A: with no system files and run MakeResQ from either the server, or from the desktop, after having downloaded the utility.  MakeResQ will only run under Windows 95, 98 or ME, but not under NT, Win2000.  Run MakeResQ under Windows 98 or ME, preferably, in order to have FAT-32 supported.

MakeResQ will first transfer the system files to the floppy to make it bootable, then copy the XMS, RAMDrive and SmartDrive device drivers to the floppy.   Next, MakeResQ will test if there is sufficient available space on the floppy before it copies FDISK and ScanDisk as well.  Finally, MakeResQ will create a config.sys on the floppy that will load the various devices when booting from the floppy.  The RAM drive created when booting from a floppy created with MakeResQ has 16 megabytes of capacity (provided the hardware has sufficient RAM) that can be used for temporary storage, like of anti-virus software, or other utilities.

FixBoot - Generic floppy boot cleaner / repair

FixBoot is a generic boot cleaner / repair tool for floppies. It refreshes the boot sector by overwriting the existing sector with a clean one. FixBoot can process floppies with capacities from 360 Kbytes to 2.88 Mbytes.

FixBoot will automatically identify the capacity of the floppy and install a clean boot sector for the same floppy size. FixBoot can also be used to repair and regain access to an inaccessible floppy, such as after infection by a boot virus, or corrupted boot sector, through running FixBoot with the /S (size) switch.

Bootable floppies will maintain their booting capability after being processed by FixBoot, for the following operating systems: MS DOS, PC DOS/DR DOS (IBM) and Windows 95/98, including FAT-32 compatibility.

FixBoot can be used to processes floppies in bulk. All the user need to do is to answer 'Yes' when prompted if to process another floppy.

ResQfloppy - Floppy cloning and data recovery kit

ResQfloppy is a set of tools that will let recover inaccessible data from bad floppies. Attempting to recover such data with disk repair utilities like ScanDisk, or Norton Disk Doctor, will cause further and irreversible damage to the floppy, ruining all chances to recover anything from it. ResQfloppy will first make an exact clone of the bad floppy and let you work on the clone, without further deteriorating the already ruined disk.

ResQfloppy was originally written to recover a friend's book manuscript from a bad set of floppies.

FreeDOS boot disk

Certain viruses like INT_CE and W95.Spaces, take advantage of a vulnerability in MS-DOS based operating systems, starting from MS-DOS 5. The exploit is known as the circular partition trick. This is an extremely frustating condition, as the computer with a tricked drive will not boot anymore, not even from floppy. Even experts are misled when faced with a circular partition and will replace the hard drive, believing that the hardware is at fault. The only way to revert a circular partition is to boot with other than MS-DOS, like PC-DOS, or FreeDOS, and fix it with a disk recovery tool such as the NetZ ResQ utilities.

From www.freedos.org: "FreeDOS aims to be a complete, free, 100% MS-DOS compatible operating system"

The FreeDOS utility offered will create a boot disk, with FreeDOS system files, to support FAT-16 as well as FAT-32 partitions. The boot disk can be used as a free boot disk for accessing Windows 95/98 and ME systems. A 16 megabytes RAM drive is created on booting from the FreeDOS floppy, which makes it suitable as a rescue and general purpose virus recovery boot disk.

XMonkey

Monkey is a common boot-MBR infector. When there is more than a single hard drive on a computer, all the hard drives' partition sectors will be affected too. While Monkey is active in memory, all drive will still be accessible. If the virus is removed from the first (master) hard drive, without taking care of drive 2 and higher, all access to the higher drives will be lost.  XMonkey will automatically remove Monkey from up to eight chained hard drives.

XMonkey will also recover access to hard drives that were affected by Monkey and ruined by improper procedures such as FDISK /MBR, or Norton Disk Doctor etc. In such case, run XMonkey with the /U switch.

Since XMonkey uses the SeeThru (c) technique, embedded in InVircible, it will function even if the virus is active in memory. XMonkey can be used from the infected hard drive itself, or from a floppy diskette, after booting clean from DOS.

One_Half is a file infector that was common in the mid-nineties, and uses a boot overlay for encrypting portions of an infected hard drive. XOneHalf is a dedicated disinfector from the One_Half virus. The attached program was made available, courtesy of Dr. Peter Hubinski, from SAC - the Slovak Antivirus Center. To disinfect a hard drive, use the program of a write protected, clean boot floppy. Run with the /? switch for help.