Control your COMMAND.COM

Some viruses clobber every COM or EXE file that runs. CALLing this batch file as the first command in your AUTOEXEC.BAT lets you get in first.

It should be the first file in your AUTOEXEC.BAT but if your version of DOS is not 3.3 or later then you will not have the CALL command available to you and you will have to modify your AUTOEXEC.BAT to use the command COMMAND/C CHKCC instead of CALL CHKCC.

As it PAUSES with a message to turn the power off, before terminating, it gives you the chance to stop things getting worse if a virus has attached itself to COMMAND.COM. The batch file CHKCC.BAT (for CHecK Command.Com) relies on the DOS COPY command to get its work done. DOS will not copy a file of zero length. The batch file first creates a file (TMPTMP) as the output of the command:

DIR C:\COMMAND.COM | FIND "COMMAND COM 25276" > TMP.TMP

This command searches the DIRectory list for a COMMAND.COM of the appropriate length. (Uppercase letters and the right number of spaces are most important).

If the FIND command finds a match for the command name and length, then TMP.TMP is created holding the directory listing of COMMAND.COM.

If no match is found then TMP.TMP is created holding nothing. In other words a zero length file.

If TMP.TMP is of zero length then the COPY command fails and TEST.TMP is not be created. The "IF EXIST...." test is then used to look for TEST.TMP and the result used to GOTO the appropriate messages. All the temporary files are deleted by the batch file. If you are not using DOS 3.3 you will have to invoke the batch file with the appropriate size of COMMAND.COM on the second and eleventh lines.

One of the last things this file does is to alter the PROMPT to a warning message but this may not survive the AUTOEXEC.BAT execution if it contains a later PROMPT command.

The FIND command must be in the root directory, or in the PATH (but that would mean putting the PATH command in ahead of the line that calls the batch file).

Just to make life interesting you could put CRC.EXE in the root directory as well and find the CRC instead of the length in a DIR. You can alter COMMAND.COM without changing the length but keeping the same CRC is all but impossible.

With CRC.EXE and FIND.EXE in the root directory or in the PATH the second line of CHKCC.BAT would read
CRC COMMAND.COM | FIND "CRC = 8F 7D" > TMP.TMP

The "CRC = 8F 7D" would need to be altered to exactly match your COMMAND.COM's CRC. The two message lines which presently refer to the length of COMMAND.COM. would also need to be rewritten to refer to the CRC instead.

CHKCC.BAT

Echo off
dir c:\command.com | find "COMMAND COM 25276" >tmp.tmp
copy tmp.tmp test.tmp > nul
if exist test.tmp goto ok
del tmp.tmp
del test.tmp
cls
echo ----
echo ----
echo ----
Echo COMMAND.COM on drive C:\ is not 25276 bytes
Echo You may have a virus.
Echo Turn the power off at the switch
Echo NOW
Echo Prepare quarantine and cleansing routines.
pause > nul
prompt VIRUS ALERT!!!!! SHUT DOWN IMMEDIATELY
goto end
:ok
prompt $P $G
del tmp.tmp
del test.tmp
cls
Echo COMMAND.COM Checks out OK for length.
:end

(Ed: Note (1) there are two spaces between COMMAND and COM on the second line of the batch file. There are four spaces between COM and 25276 on the same line. (2) the - character on the 8th, 9th and 10th lines should be entered as Control-G, (or ALT-7) i.e. the "bell" character. (3) the length of 25276 bytes refers to the author's version of MS-DOS 3.3. The value for PC-DOS 3.3 is 25307, other values may be equally valid. You are strongly advised to check the length of your COMMAND.COM by doing a DIR of your WRITE PROTECTED master DOS diskette.)

Reprinted from the April 1990 issue of PC Update, the magazine of Melbourne PC User Group, Australia