Blog Post

A little history - Vexus in the beginning

A little history - Vexus in the beginning

Last week, Vexus completed 30 years of existence.

And one of the first data recoveries we did was from a floppy disk.

In the early 90s, there was no Internet; instead, there was the RNP (Rede Nacional de Pesquisa - National Research Network), but only research institutes and government agencies had access. The Internet only arrived after the middle of the decade.

The common way to transport files between computers was by floppy disks, and this was a time when computer viruses spread easily. The Brain, Stoned, Vienna, and Friday the 13th viruses were quite common.

The floppy disk we received was inaccessible because the boot sector was corrupt. The suspicion was that it was contaminated.

There were antivirus programs like IBM's Virscan, John McAfee's VirusScan, and Peter Norton's Norton. However, in situations like this, they couldn't do anything because something had gone wrong and the boot sector was corrupt. This is similar to the situation today when the hard drive goes into RAW mode, where there is no access to the file system.

floppy disk 1.44MB

McAfee Antivirus installation diskette - 1997 - photo: Disclosure

At that time we didn't have specific hardware for data recovery and everything was done via software.

We developed an assembly program for situations like this. He accessed the device and read the chosen sectors. These sectors could be saved for later analysis, and corrections could be made to get the sector right on the disk. With the boot sector corrected, the floppy disk was accessible again, and the data was copied. A simple recovery.

And the virus?

In subsequent analysis, we discovered that it was the Michelangelo virus.

The curiosity of this virus is that it had no reference to Michelangelo, just the date of the artist's birth which coincided with the date of activation of the virus – March 6th, when it overwrote the initial sectors of the HD.

As it was a boot virus, it used BIOS interrupts to propagate (13h – disk access and 1Ah – RTC to check the date) and not MS-DOS interrupts.

It received a lot of attention in the media, but it only caused damage on the day of its activation on March 6th and went unnoticed on other days. At the time, people were considering changing the PC's date from the 6th to the 7th or even not turning on the computer on the 6th to avoid losing data.

Related Posts