Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Boot sector virus
- Thread starter D17S
- Start date
D17S,
If you have an AV app & it is not cleaning this I would try the online scan at the trend micro site:
Or Look at bcastner's excellent Faq:
faq608-4650
If this is not successful, and you know the virus name that you have picked up. With caveats you could try Booting from a diskette that contains Fdisk at the A:\> type FDISK /MBR.
Last resort, "ZERO" out your HD and start over.
Hope This Helps
rvnguy
"I know everything..I just can't remember it all
If you have an AV app & it is not cleaning this I would try the online scan at the trend micro site:
Or Look at bcastner's excellent Faq:
faq608-4650
If this is not successful, and you know the virus name that you have picked up. With caveats you could try Booting from a diskette that contains Fdisk at the A:\> type FDISK /MBR.
Last resort, "ZERO" out your HD and start over.
Hope This Helps
rvnguy
"I know everything..I just can't remember it all
- Thread starter
- #4
Thanks for the replys,
bygeek
Looks that way because when I run the Acronis MBR cleaner boot disk and choose repair the problem goes away, for a day. The problem recurs in a day or 2. It got both my main and backup (Ghosted) HDs. Really don't know. Good question.
rvnguy
I run Trend as my normal AV, then tried Panda and Macafee on-line too. No joy. I'm normally allerted that the problem has reoccured by seeing backward keys-strokes. ABC types out CBA. Also all drop down meuns flicker and will not select anything but the first selection. Feels like someone is leaning in the up-arrow key. Also, all programs double click, then start as some other single program. Last time it was "trashcan." -Puter becomes unusable and must be shut down.
The first first time this happened I had the "XXXXs write" boot disk out to start a complete rebuild, but I happened to see that acronis MBR fixer in the stack. Ran it because the box was gone anyway. But it worked! . . . for a day, then the problem recurred. I'm on the bad disk now, but only because of the MBR fix temporary reprieve.
Thanks again
bygeek
Looks that way because when I run the Acronis MBR cleaner boot disk and choose repair the problem goes away, for a day. The problem recurs in a day or 2. It got both my main and backup (Ghosted) HDs. Really don't know. Good question.
rvnguy
I run Trend as my normal AV, then tried Panda and Macafee on-line too. No joy. I'm normally allerted that the problem has reoccured by seeing backward keys-strokes. ABC types out CBA. Also all drop down meuns flicker and will not select anything but the first selection. Feels like someone is leaning in the up-arrow key. Also, all programs double click, then start as some other single program. Last time it was "trashcan." -Puter becomes unusable and must be shut down.
The first first time this happened I had the "XXXXs write" boot disk out to start a complete rebuild, but I happened to see that acronis MBR fixer in the stack. Ran it because the box was gone anyway. But it worked! . . . for a day, then the problem recurred. I'm on the bad disk now, but only because of the MBR fix temporary reprieve.
Thanks again
A few jumbled notes in no particular order.
If you use a 98 or ME Startup Disk (even though your partition is NTFS) you may be able (not sure) to just about access the MBR (and nothing else) and remove the Trojan from there either with Fdisk /MBR or maybe even the first part of a DOS virus scan from any Emergency Scan Floppy .
Deleting MBR on NTFS Partition
thread779-684449
Recovering NTFS Boot Sector on NTFS Partitions
If it is a virus infection you may need to boot to the Recovery Console and fix the boot sector (fixboot) to get rid of the boot sector virus, or use one of the floppy based recovery solutions.
"Go to look for MBRWORK in the free tolls and download
it, put it on a DOS floppy (one made by formatting in XP and taking the
MSDOS Startup disk option will do).
Boot that and run MBRWORK
Use options
1 (to back up the current state, so it could be restored with 2)
3 then 4 to delete the current code and tables
there will then be a possibility of using
A
which will scan the disk for 'signatures' of partitions and rebuilt the partition table then
5
to install standard MBR code so the disk could be booted
--
Alex Nichol MS MVP (Windows Technologies)"
If you use a 98 or ME Startup Disk (even though your partition is NTFS) you may be able (not sure) to just about access the MBR (and nothing else) and remove the Trojan from there either with Fdisk /MBR or maybe even the first part of a DOS virus scan from any Emergency Scan Floppy .
Deleting MBR on NTFS Partition
thread779-684449
Recovering NTFS Boot Sector on NTFS Partitions
If it is a virus infection you may need to boot to the Recovery Console and fix the boot sector (fixboot) to get rid of the boot sector virus, or use one of the floppy based recovery solutions.
"Go to look for MBRWORK in the free tolls and download
it, put it on a DOS floppy (one made by formatting in XP and taking the
MSDOS Startup disk option will do).
Boot that and run MBRWORK
Use options
1 (to back up the current state, so it could be restored with 2)
3 then 4 to delete the current code and tables
there will then be a possibility of using
A
which will scan the disk for 'signatures' of partitions and rebuilt the partition table then
5
to install standard MBR code so the disk could be booted
--
Alex Nichol MS MVP (Windows Technologies)"
- Thread starter
- #6
I had a NTFS HD XP Pro with a Boot Sector problem that the repair concel fixboot fixmbr and a couple repair installers did not help, I converted the HD to F32 using partition magic witch fixed it. It was the weirdest problem I have ever seen. The computer would start to boot only for a second then would lockup displaying what looking like 2 small electrical plugs.
- Status
Similar threads
