Vakas
March 30th, 2006, 01:08 PM
Hi! what is the best way to check if you have a boo sector virus and whixh program would you use?
Click to See Complete Forum and Search --> : Boot Sector Virus
shamus
March 30th, 2006, 03:02 PM
Most AV software can be set up to do a boot scan.
fdisk /mbr is the easiest way to get rid of it.
fdisk /mbr is the easiest way to get rid of it.
geoscomp
March 30th, 2006, 03:29 PM
fdisk /mbr is the easiest way to get rid of it.
Nope..not if it's an NTFS file system. This from Microsoft:
In Microsoft Windows NT, using the MS-DOS FDISK /MBR command is not always appropriate when you cannot boot a computer. The problem is that the command rewrites the master boot record (MBR) only, and not the entire boot record. The FDISK /MBR command rewrites only the first 446 bytes of the master boot record, not the partition table. Windows NT disk signatures used for fault tolerance are also overwritten, and if the drive contained an FT member, it may not be recognized by Windows NT as an FT member afterward.
If a drive is infected with a Stealth virus, the partition table and pointers have been offset. The offset pointer is contained in the MBR. Using the FDISK /MBR command on the computer refreshes the MBR--the pointer to the partition table is lost, as is the ability to boot. The only possible solution is to reinfect the drive and then try to remove the virus again using Fdisk or anti-virus software.
The only time that the FDISK /MBR command is effective against a virus is if it is a boot-sector-only virus (such as the Stoned virus).
If the sector is infected, recovery cannot be guaranteed. If the FDISK /MBR command is used and a Stealth virus is present, the computer can most likely not be recovered because the offsets are not constant.
Examples of Stealth viruses include: • NY Bomber or NYB
• Stealth.B
• Hare
• Monkey.B
Also, the only way to accurately detect a boot sector virus is with an antivirus program that scans the drive before the drive boots..a program running from cd with updated definitions or from a floppy set the same way are the only ways to make sure the drive has not booted. Anything that uses an onboard virus scanner is suspect.
Nope..not if it's an NTFS file system. This from Microsoft:
In Microsoft Windows NT, using the MS-DOS FDISK /MBR command is not always appropriate when you cannot boot a computer. The problem is that the command rewrites the master boot record (MBR) only, and not the entire boot record. The FDISK /MBR command rewrites only the first 446 bytes of the master boot record, not the partition table. Windows NT disk signatures used for fault tolerance are also overwritten, and if the drive contained an FT member, it may not be recognized by Windows NT as an FT member afterward.
If a drive is infected with a Stealth virus, the partition table and pointers have been offset. The offset pointer is contained in the MBR. Using the FDISK /MBR command on the computer refreshes the MBR--the pointer to the partition table is lost, as is the ability to boot. The only possible solution is to reinfect the drive and then try to remove the virus again using Fdisk or anti-virus software.
The only time that the FDISK /MBR command is effective against a virus is if it is a boot-sector-only virus (such as the Stoned virus).
If the sector is infected, recovery cannot be guaranteed. If the FDISK /MBR command is used and a Stealth virus is present, the computer can most likely not be recovered because the offsets are not constant.
Examples of Stealth viruses include: • NY Bomber or NYB
• Stealth.B
• Hare
• Monkey.B
Also, the only way to accurately detect a boot sector virus is with an antivirus program that scans the drive before the drive boots..a program running from cd with updated definitions or from a floppy set the same way are the only ways to make sure the drive has not booted. Anything that uses an onboard virus scanner is suspect.
shamus
March 30th, 2006, 04:48 PM
I stand corrected. NTFS wasn't mentioned... :)
You can run FIXMBR booting from an XP CD though.
You can run FIXMBR booting from an XP CD though.
geoscomp
March 30th, 2006, 04:53 PM
yep..as long as the drive is FAT32
Vakas
March 30th, 2006, 07:41 PM
Thanks for the info guys it help me clarify things.
So am I right in thinking that a boot sector virus only cause problems with the system booting up? or can it also affect Windows in any other way?
So am I right in thinking that a boot sector virus only cause problems with the system booting up? or can it also affect Windows in any other way?
po_jo_45
August 21st, 2006, 06:56 PM
i tried fdisk /mbr and nothing happened, the virus stayed. I tried all these DOS applications but they wont do.
Is there an antivirus software which can be run through dos?
Is there an antivirus software which can be run through dos?
geoscomp
August 22nd, 2006, 01:56 AM
Well, since this is the first we've heard of your problem, why don't you tell us a bit about it? Why do you think you have a boot sector virus, and what else have you tried? also a little about your system..such as drive partitions..are they ntfs or fat32? There are some antivirus tools which can be run from a boot cd, but we need more information. What dos applications have you tried? what is your operating system?
windrivers.com
Copyright WebMediaBrands Inc., All Rights Reserved.
Copyright WebMediaBrands Inc., All Rights Reserved.