Not really, and there are good reasons why not. The most famous data diddler, is the now extinct Ripper boot virus. Even at the peak of the boot infectors short era, Ripper was more of a conversation piece than a real threat (Simon Widlake would mention it often). The reason for its rarity is that destructiveness counters prevalence: The more destructive malware is, the lesser are its chances to survive and spread.
Only a fool will claim that there exist no malware that corrupts data, but a producer must really have no sense to optimize an AV product for such rare singularity.
[...]I am both willing and experienced, but unable to tell viral from benign if all that I could use was Stiller's Integrity Master.
[...]Sophos decision to not disinfect was a business decision, and the "ideology" attached to was propaganda. Fact that it worked!
You seem having forgotten the very basics of virus and antivirus technology. Here is a brief reminder (state of the art ca '95) :
The definition of virus (
The last part requires that everything that was contained in the program in its preinfected state, be still there, plus the necessary changes made by the virus to incorporate its own code in the program flow. A direct deduction is that all virus infections are theoretically reversible, by reverting the changes made to the program, and since nothing from the original code was lost. This is, in a nutshell, the entire theory on which virus disinfection and recovery is based upon.
As to disinfection vs integrity restoration, everything disinfection can do, restoration will do better, and much of what restoration will do, can't be done by disinfection at all (like disinfection from highly polymorphic viruses, or from new ones). [...]
I didn't expect you will, yet ... ;)
Regards, Zvi
-- NetZ Computing Ltd. ISRAEL