Boot sector virus

xanrath · ‎04-24-2010

How do I get rid of a nasty boot sector virus on a Barracuda 1.5tb drive? I can't use any windows utility because the second windows sees it it will corrupt all the other drives in my system. The only thing I can think of is to use a bootable cd version of seatools for dos and use the quick zero fill. Does that reset the boot sector or do I have to use a unix/Lenix utility to clear it and if so, what?

Grim0x · ‎07-23-2009

Hello. Welcome

Wow, its sure been a while since i've heard of one of those! : )

What made u aware that you had one though? (just Curious).

If you were to use a utility on the infected drive, i can see where it could "currupt" that drive.

But there's no rational for it infecting "all the other drives."

(btw - be mindful to have a good anti-virus up and running when you're working from windoze).

Now, Norton has a reputation for being good with boot sector viruses.

If you were to drop this into a system with norton on it (with updated definitions) and do a full disk scan, it would more than likely handle it.

Same goes for NOD32.

If you have windows installed on that other drive - just work from it.

You should also remember to enable Trend's Chip away boot virii BIOS features if your mobo comes with them

You dont have to do a low level format to get rid of this.

Just use one of those utilities (Avast is also good, I cant SWEAR for any others), to do a full disk scan.

If the drive becomes "corrupt" its just your MBR that has been damaged.

As simplistic a diagnostic tool the "recovery console" on a windows installation disks is, it can do the job of repairing the residual damage of the boot sector virus being deleted (the "corruption" ) with the command

"fixmbr"

-All the best!

A Pentium III, 256MB RAM and 10GB HDD are needed to run Windows XP.
The power of 3 C64 was needed to fly to SPACE.
Something is wrong with our world...
And its called WINDOWS!
____________________________
SAVE THE INTERNET - FIGHT Net NEUTRALITY

fzabkar · ‎01-27-2009

Why not just disconnect the other drives until the boot drive is disinfected or rebuilt?

fzabkar · ‎01-27-2009

Microsoft warns that "If your computer is infected with a virus and you use the FIXMBR command, you may be unable to start the computer. Before you use this command, make sure that the computer is not infected with a virus."

http://support.microsoft.com/kb/314503

The above warning only applies where the virus has disturbed the partition table, or deleted the "55AA" signature word at the end of the sector. If the virus has deleted the signature, then a FIXMBR will zero the partition table, causing the machine to be unbootable. Sometimes a virus, or Disk Drive Overlay (DDO), transfers the original sector contents to another sector in track 0, and replaces the partition table with its own. In such cases, restoring the original MBR code will cause the real partition table to be invisible. Multibooting systems that rely on a custom boot manager will be reduced to booting from the single partition that is currently marked active.

See this discussion:
http://forums.techarena.in/hardware-peripherals/1209233.htm

Here is an incomplete explanation:
http://www.ntfs.com/mbr-damaged.htm

Grim0x · ‎07-23-2009

Good stuff.

So, it is VERY IMPORTANT then, that you first REMOVE the boot sector virus. before running a fixmbr command.

A Pentium III, 256MB RAM and 10GB HDD are needed to run Windows XP.
The power of 3 C64 was needed to fly to SPACE.
Something is wrong with our world...
And its called WINDOWS!
____________________________
SAVE THE INTERNET - FIGHT Net NEUTRALITY

fzabkar · ‎01-27-2009

I used to use the FDISK/MBR method on Win9x and DOS machines until someone pointed out the pitfalls. Nowadays I examine the MBR and boot sector with a disc tool before doing anything. I still use FDISK/MBR (or FIXMBR) if none of the dangerous conditions exist, but using your AV software to disinfect the boot sector would probably be the safest way.

A colleague who specialised in antivirus products suggested that it would be good practice to hide backup copies of your MBR and boot sectors in unused sectors within track 0 (sectors 0 - 62). The OS only ever sees LBA 0 (the MBR), while LBA 1 through LBA 62 are normally empty. If a calamity damages LBA 0, for example, then it can be restored from a backup in LBA 10, say. Similarly, backup copies of boot sectors for partitions 1, 2, 3, and 4 could be stored at LBA 20, LBA 30, LBA 40, and LBA 50.

Grim0x · ‎07-23-2009

Thats a Great Idea actually. I used to export and store mine.

Then restore it with this little utility.

But its a great Idea to just have it there on the drive.

Heck - you could store a backup on ever drive you have!

I wonder why I never thought of that .

I'm going to backup my grub, and mbr this weekend.

A Pentium III, 256MB RAM and 10GB HDD are needed to run Windows XP.
The power of 3 C64 was needed to fly to SPACE.
Something is wrong with our world...
And its called WINDOWS!
____________________________
SAVE THE INTERNET - FIGHT Net NEUTRALITY

Barracuda XT, Barracuda, Barracuda Green, DiamondMax and other desktop SATA and IDE drives

Boot sector virus

Re: Boot sector virus

Re: Boot sector virus

Re: Boot sector virus

Re: Boot sector virus

Re: Boot sector virus

Re: Boot sector virus