Go to NetZ Home

Site Map
Support
Registration
Downloads
    InVircible
    ResQpro
    AVPL
    Tools
 Information

  

Subscribe to mailing list

Send To a Friend

NetZ Utilities

  IVINIT - Boot Virus & Worm-Trojan Remover
  CleanTrack0 - Clear stray code from track 0
  MakeResQ - Boot rescue floppy producer
  ToggleMode - Safe with command prompt mode
  FixBoot - Generic floppy boot cleaner / repair
 

ResQfloppy - Floppy cloning and recovery kit
  FreeDos - Free DOS boot disk
  xMonkey - Monkey boot virus remover
  xOneHalf - Remover / decryptor for One_Half

download software IVINIT - Boot Virus & Worm-Trojan Remover

Too many users have unnecessarily formatted their hard drive because of simple boot virus infection. There is no reason that you become one of them. The program offered here for download will let you remove any boot virus from your first (boot) hard drive, without needing to boot clean, in a few simple keystrokes.

Note that this utility should only be used under DOS, or Windows 95/98/ME and on drives that were configured with DOS or Windows' own configuration tools. MBR viruses may also be removed with IVINIT from drives with NTFS partitions, provided the disk wasn't configured with third party tools or boot managers. If your hard drive was configured with other programs such as Partition Magic or had a boot manager installed, you are then advised to consult the configuration program's documentation on how to repair/reinstall the boot manager.

Using on FAT, under DOS or Win 9x/ME:

  • First, download IVINIT.EXE to your hard drive by clicking the link
  • Next, restart the computer to plain DOS by pressing the F8 key as soon as you see the message "Loading Windows ..."
  • When at the command prompt, change to the directory where you put the download and run the program by typing IVINIT and then 'Enter'
  • Follow instructions on screen, and answer 'yes' twice, first when prompted to remove the virus, and then to reboot the computer. The computer will now reboot clean.
  • After having rebooted clean, process all your floppies with FIXBOOT, to prevent reinfection of your hard drive.
  • As a bonus, IVINIT also removes common worm/Trojans such as ExploreZip and Happy99 as well as common backdoor hacking tools. To remove one of those, just restart the computer in MS-DOS mode and run IVINIT.EXE from the affected hard drive.

Using on NTFS, under NT/W2K/XP:

  • IVINIT may be used to clear a boot virus from the MBR, on systems running under NT/W2K/XP, with only NTFS partitions, or mixed FAT / FAT32 / NTFS partitions. The condition to safe use of IVINIT on such drive is that it was configured by Windows standard tools and does not use third party boot managing software, nor boot overlay.
  • As IVINIT is a DOS utility, it must be run on these systems from floppy, after booting from DOS. A FreeDOS boot disk maker is provided on this page for that purpose.

IVINIT is part of InVircible, the world's most complete Generic Virus Protection Suite. For thorough protection of your computer and valuable data you may wish to download the complete InVircible package.

download software CleanTrack0 - Clear stray code of track zero

Normally, track zero of the hard drive is unused except for the first sector, which is where the master boot record (MBR) is stored. Track zero is also where boot viruses sometimes relocate the uninfected MBR, or write their own auxiliary code. Boot overlays such as EZ-bios and Disk Manager use track 0 for storing the overlay code, for the same reason.

When disinfecting from such virus, or uninstalling a boot overlay, then track 0 is not cleaned from the stray code that was put by the virus or the boot overlay. Although being inert, the stray code is sometimes picked by poorly designed utilities and causes worry due to a false alarm.

The CleanTrk utility clears the stray code from track zero after it assures that there is no active boot overlay installed to the drive. CleanTrk can be run from the server right away, or downloaded to the drive and then run locally. CleanTrk will not affect the MBR and leave it unmodified.

Note: CleanTrk will only run from true DOS, or Windows 9x/ME. To run on an NT/XP/W2K system, use from the FreeDOS floppy provided on this page, after having booted from it.

download software MakeResQ - Boot rescue floppy producer

MakeResQ creates a system boot floppy, with all the necessary drivers required to conduct virus recovery, as well as disk and data recovery.  To make a rescue boot floppy, put a formatted floppy in drive A: with no system files and run MakeResQ from either the server, or from the desktop, after having downloaded the utility.  MakeResQ will only run under Windows 95, 98 or ME, but not under NT, Win2000.  Run MakeResQ under Windows 98 or ME, preferably, in order to have FAT-32 supported.

MakeResQ will first transfer the system files to the floppy to make it bootable, then copy the XMS, RAMDrive and SmartDrive device drivers to the floppy.   Next, MakeResQ will test if there is sufficient available space on the floppy before it copies FDISK and ScanDisk as well.  Finally, MakeResQ will create a config.sys on the floppy that will load the various devices when booting from the floppy.  The RAM drive created when booting from a floppy created with MakeResQ has 16 megabytes of capacity (provided the hardware has sufficient RAM) that can be used for temporary storage, like of anti-virus software, or other utilities.

download software ToggleMode - "Safe with command prompt" mode

The ToggleMode utility allows changing the Windows startup mode from normal to "safe with command prompt"-like, and back. While that mode is standard in Windows 2000 and XP, it doesn't exist for Windows 9x, Millennium, nor NT.  The ToggleMode utility "creates" it for all Windows 32 platforms. ToggleMode functions equally well under W2K and XP and is easier to use than the native multiboot menu.

Starting Windows into 'safe with command prompt mode' is essential for conducting the removal and cleaning from viruses, as well as performing Windows corrective maintenance.

ToggleMode will install itself to the Windows directory the first time it runs.  Just run ToggleMode from the server to install.

To toggle the Windows startup mode, run the command TOGGLMOD from the desktop 'run' menu, or from command line, and select the desired startup mode when prompted, then restart the computer.

download software FixBoot - Generic floppy boot cleaner / repair

FixBoot is a generic boot cleaner / repair tool for floppies. It refreshes the boot sector by overwriting the existing sector with a clean one. FixBoot can process floppies with capacities from 360 Kbytes to 2.88 Mbytes.

FixBoot will automatically identify the capacity of the floppy and install a clean boot sector for the same floppy size. FixBoot can also be used to repair and regain access to an inaccessible floppy, such as after infection by a boot virus, or corrupted boot sector, through running FixBoot with the /S (size) switch.

Bootable floppies will maintain their booting capability after being processed by FixBoot, for the following operating systems: MS DOS, PC DOS/DR DOS (IBM) and Windows 95/98, including FAT-32 compatibility.

FixBoot can be used to processes floppies in bulk. All the user need to do is to answer 'Yes' when prompted if to process another floppy.

download software ResQfloppy - Floppy cloning and data recovery kit

ResQfloppy is a set of tools that will let recover inaccessible data from bad floppies. Attempting to recover such data with disk repair utilities like ScanDisk, or Norton Disk Doctor, will cause further and irreversible damage to the floppy, ruining all chances to recover anything from it. ResQfloppy will first make an exact clone of the bad floppy and let you work on the clone, without further deteriorating the already ruined disk.

ResQfloppy was originally written to recover a friend's book manuscript from a bad set of floppies.

download software FreeDOS boot disk

Certain viruses like INT_CE and W95.Spaces, take advantage of a vulnerability in MS-DOS based operating systems, starting from MS-DOS 5. The exploit is known as the circular partition trick. This is an extremely frustating condition, as the computer with a tricked drive will not boot anymore, not even from floppy. Even experts are misled when faced with a circular partition and will replace the hard drive, believing that the hardware is at fault. The only way to revert a circular partition is to boot with other than MS-DOS, like PC-DOS, or FreeDOS, and fix it with a disk recovery tool such as the NetZ ResQ utilities.

From www.freedos.org: "FreeDOS aims to be a complete, free, 100% MS-DOS compatible operating system"

The FreeDOS utility offered will create a boot disk, with FreeDOS system files, to support FAT-16 as well as FAT-32 partitions. The boot disk can be used as a free boot disk for accessing Windows 95/98 and ME systems. A 16 megabytes RAM drive is created on booting from the FreeDOS floppy, which makes it suitable as a rescue and general purpose virus recovery boot disk.

download software XMonkey

Monkey is a boot-MBR infector that was common in the mid nineties. Its reputation is due to the encryption of the partition table in the MBR, by the virus. This will let access to partitions on an infected hard drives only when the virus is active in memory, and deny access otherwise.  Where more than a single hard drive is installed, Monkey will affect the MBR of all, and encrypt the master partition table of each one.

If the virus is removed from the first (master) hard drive, without taking care of drive 2 and higher, access to the higher drives will be lost.

XMonkey will automatically remove Monkey from up to eight installed hard drives.  XMonkey will also recover access to hard drives that were affected by Monkey and rendered inaccessible by procedures such as FDISK /MBR, or Norton Disk Doctor etc. In such case, run XMonkey with the /U switch.

Since XMonkey uses the SeeThru (c) technique, embedded in InVircible, it will function even if the virus is active in memory. XMonkey can be used from the infected hard drive itself, or from a floppy diskette, after booting clean from DOS.

download software xOneHalf

One-Half is a multipartite virus that affects the hard drive MBR, as well as 16 bit COM/EXE programs.  One-Half was common in the mid-nineties and was driven to almost extinction by the appearance of the Windows 32 OS.  The peculiarity of One-Half is the encryption of a couple of cylinders on each time it boots, with the higher cylinders being encrypted first. The key for decryption, as well as the pointer to the lastly encrypted cylinder are stored in the MBR and are used by the virus to decrypt and encrypt on-the-fly.  One-Half can be removed by most AV products, yet most won't decipher already encrypted cylinders, and lose the key and pointer for decryption.

The xOneHalf cleaner is a dedicated tool for the removal of the virus and the reversal of its encryption, received with the courtesy of Dr. Peter Hubinsky from the Slovak Antivirus Center (SAC).

Run with the /? switch for help.

Last modified: May 15 2007