F-SECURE CLIENT SECURITY 7.00 Administrator's Manual page 248

248
3. Boot sector virus
Create a DCF image or TeleDisk of the infected diskette. Try to get a
1.44MB infected diskette first (note: some of the viruses do not infect
this type of diskette). Do not use compression, or the fast save option,
because it can leave out some of the important areas of the virus
body. Note that Fast Save is on by default. You can download
Teledisk utility from our ftp site:
ftp://ftp.f-secure.com/misc/dos-util/teled215.zip
You can also send an infected diskette via normal mail to our office in
Finland:
F-Secure Corporation
Anti-Virus Research
Tammasaarenkatu 7
PL 24
00180, Helsinki
Finland
Please package the diskette properly to avoid damage during
postage. Note that we do not send diskettes back.
If an infection is on a hard drive, use the GetMBR utility to collect boot
sector samples. The GetMBR utility should be put on a clean system
floppy, an infected computer should be booted from this floppy disk,
and GetMBR should be run. Send the generated MBR.DAT in a ZIP
archive to samples@f-secure.com. GetMBR can be downloaded from
our ftp site:
http://www.f-secure.com/download-purchase/tools.shtml
4. Trojan or other standalone malware (malicious programs)
If you are sending a sample of a suspected standalone malware
(worm, backdoor, trojan, dropper), specify the location of the file on
the infected system and the way it was started (Registry, INI files,
Autoexec.bat, etc.). A description of the source of the file is also
useful.
5. A false alarm from one of our antivirus products