Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

MBR Virus 1

Status
Not open for further replies.
tinkertech

tinkertech

Technical User
Oct 29, 2002
285
US
Got a virus, NYB in my MBR and my system will not start. I tried the virus recovery diskettes but no-go. Any idea on how to repair my MBR. Years ago I know of a command but have lost it since. I can boot to safe mode and to prompt. Any ideas?

For every problem there is a solution, for every solution there is a tech behind it.
 
Sort by date Sort by votes
here's an info i found from
Information about the NYB Virus
SIZE: 512 bytes.
INFECTS: Floppy Boot sectors and Master Boot Records.
WHAT IT DOES: Simple virus which infects diskettes and Master Boot records. After infected each time booting up the computer will then load into high memory. Once in high memory the virus will then have the capability of infecting all non-write protected diskettes used in the computer. Once the diskette is infected there is a 1/512 chance that the the virus activates. When activated the virus will attempt to access a location on the floppy drive that does not exist causing floppy drive possibly causing physical damage to the floppy drive. Generally this only occurs on older floppy disk drives.

METHODS OF CLEANING VIRUS: It is recommended that all viruses be cleaned utilizing a Virus Protection program. However an alternate method of cleaning the virus is booting from a clean write protected boot diskette with fdisk.exe on it. Boot from the diskette and once at the A:\> type FDISK /MBR

ADDITIONAL INFORMATION: The FDISK /MBR command by default is a non-destructive command. It is not recommended you run this command if you have one of the following:

Any type of advanced security program.
Boot manager such as partition magic.
You believe your computer is infected with the Monkey B virus. If infected with the Monkey B virus it is a possibility that the hard disk drive information could be lost.
Click to expand...

hope this helps. peace! [peace]

kilroy [trooper]
philippines

"Illegitimis non carborundum!"
 
Upvote 0 Downvote
Thanks for the quick yet scary news. I hope my stuff is not gone for good. Can and how, a master boot record be replaced from one PC to another?

For every problem there is a solution, for every solution there is a tech behind it.
 
Upvote 0 Downvote
you mean you want to copy another pc's mbr? i believe you can't do that. to understand more on mbr's, look here

hope this helps. peace! [peace]

kilroy [trooper]
philippines

"Illegitimis non carborundum!"
 
Upvote 0 Downvote
You can try looking here:
If you scroll down it tells you how to make a bootable floppy on another computer.
I used F-PROT years ago and it was pretty good.
Not sure what OS you have, so it may or may not work.

Good luck.
 
Upvote 0 Downvote
tinkertech - if you do as suggested from the info torturedmind provided - ie, boot from a clean write protected boot diskette with fdisk.exe on it and run fdisk /mbr, you should be ok.

You can copy mbrs from one machine to another - but you don't want to - as they contain partition info, which pertains to the source machine. Running fdisk /mbr rewrites the boot strap code in the mbr - but leaves the partition info untouched. Your virus lives in the boot strap code - so this removes it. I think the reference to not running it if you have monkey B is because that moves the whole mbr (including partition table) to another sector of disk - so if you use fdisk /mbr, you'll end up with a 'blank' partition table. If you have a boot manager - which is installed in mbr, you should still use fdisk /mbr - you can always reinstall boot manager later.
 
Upvote 0 Downvote
just wanna say thanks for the star... [peace]

kilroy [trooper]
philippines

"Illegitimis non carborundum!"
 
Upvote 0 Downvote
Guys, thanks for all the great input into my problem. Fdisk/mbr did fix the problem last week. This morning I boot up my system (Win98se)and there is that little nyb virus in the boot sector again. So I booted with a win98 boot disk and did the magic with fdisk/mbr and fixed it again. I did find I had the virus on a floppy I was booting from. The floppy has been destroyed since. Thanks again for the prompt action.

For every problem there is a solution, for every solution there is a tech behind it.
 
Upvote 0 Downvote
I would like to have been there when you "destroyed" that floppy!
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

dik
  • Locked
  • Question
Virus
Replies
15
Views
793
dik
dik
javierdlm001
  • Locked
  • Question
MBR Filter, is this trustworthy? 3
Replies
2
Views
169
kjv1611
kjv1611
Andrzejek
  • Locked
  • Question
Suggestions of any free virus scanners?
Replies
11
Views
330
kjv1611
kjv1611
AELLC
  • Locked
  • Question
Looking for good Anti-Virus
Replies
7
Views
246
goombawaho
goombawaho
Ngolem
  • Locked
  • Question
I identified the virus: Search.conduit.com 1
Replies
2
Views
137
Ngolem
Ngolem

Part and Inventory Search

Sponsor

Back
Top