Sysadmin's PC-scrub script gave machines a virus, not a wash

The road to hell is paved with floppy disks and bad anti-virus software

Who, me? Welcome again to “Who, me?”, The Register’s confessional column in which readers reveal their mistakes*.

This week meet “Chad”, who told us that “Very early in my career, while I was still in community college, I worked as a computer lab assistant at the school.”

His assistance was needed because students did all sorts of horrid things to the fleet of PCs. So horrid that “One of our tasks between semesters was to essentially reinstall each PC or clean off any games, software or files students had put on the machines,” Chad told Who, me?

So as the junior chap on staff, he was “assigned to clean the 30 or so 486DX PCs running Windows 3.11 and DOS in our newest lab section.”

Adding some spice to the task was that “for some time we suspected we had a virus loose in the older parts of the lab. Some older 286 DOS only machines would sometimes fail with a corrupt hard drive or boot sector, but nothing we had would find a virus.”

Typing error

Sysadmin hailed as hero for deleting data from the wrong disk drive

READ MORE

Chad decided the best way to speed things up – this college had no imaging software – was to “take note of all the software that was supposed to be installed and the destination directory. I then wrote a batch file that would write protect all required directories, then delete everything else then set permissions back.”

“After a little testing and tweaking I had it. I put the batch file on a floppy disk, named it autoexec.bat and proceeded to boot all 30+ PCs from that disk. It seemed to work well.”

And indeed it did. But as the next semester rolled around, the College acquired new anti-virus software and started to deploy it.

“We started in the main lab where the older machines were - and sure enough we started finding a few PCs with the boot sector virus ‘antiEXE’.”

“If you remember your boot sector viruses, they propagated themselves by infecting the boot sector on a disk,” Chad told us. “So if a machine was booted from that disk, then it would infect the boot sector on every disk that was used in that PC - floppy or otherwise.”

It gets worse: “If you had an infected machine it would make 'carriers; of any floppy that was used. If you forgot a floppy was in the drive and rebooted, it would load that boot code and infect the hard drive in the machine. It was very easy for students to do - and in that age you could not change boot order in most BIOS - it would try floppy then HDD always.”

Now it gets even worse: “When I wrote my cleanup batch file I used an infected PC. I therefore proceeded to infect every machine in that room with it by booting to my glorious cleanup disk. Every student disk that touched those machines became a carrier - and often infected other PCs.”

“It was so bad we had to stop every student at the desk and have them surrender their floppies for scanning before use in the lab.”

Poor Chad “thought for sure my career was over.” But he got to hang around and still owns his mistake: “Even 5 years later, I visited the lab and they still had cases crop up from time to time.”

Have you spread a virus, or worse? Go on – click here to share your story with Who, me? and you might just get a run here in the future! ®

*Yes, we usually run this on Monday, but seeing as UK-and-US-based readers have both had a long weekend and that makes for a very slow news day, we thought we’d give it a run on Tuesday for this week only.




Biting the hand that feeds IT © 1998–2019