Capturing Boot Viruses

  • Go to the DOS prompt
  • Format A: /s one diskette
  • If the system hangs while trying to format the diskette, write on the label of the diskette "damaged during infected format as boot disk". Set it aside to mail
  • Copy system files to a single preformatted diskette
  • For Windows, please include the following files on the same preformatted diskette:
    krnl286.exe or krnl386.exe

Capturing File/Macro Viruses:

  • If your suspected virus is a file infector, copy to the diskette with a non-executable extension
  • If your suspected virus is a Microsoft Word macro, copy and every file from the Microsoft Office Startup folder, normally located in Program Files\Microsoft Office\Office\Startup to the diskette
  • If your suspected virus is a Microsoft Excel macro, copy all the files from the \XLSTART folder to the diskette, including all files in alternate startup file locations
  • If your suspected virus is a PowerPoint macro, copy Blank Presentation.pot to the diskette
  • Label the diskette "contains infected files", and set it aside to mail. Try to fit as many of these files as possible onto a single diskette

