Fixing Virus by idosz86

VIEWS: 20 PAGES: 2

More Info
									                                   New Text Document
Repairing The Master Boot Record

By: Brien M. Posey, MCSE

One of the most important parts of your system s hard disk is the Master Boot
Record.

Without a valid Master Boot Record or MBR, it s impossible to boot the system
from the hard

disk. Unfortunately, many viruses are designed to attack a system s MBR. Sure,
you can

usually disinfect the system and it will begin booting normally, but what do you
do if a

system still won t boot after a virus has been removed?

To answer that question, it s necessary to take a closer look at how this
particular type of

virus works. Normally, the MBR points at a system s boot sector. When the system
is powered

up, the hardware knows to look at the MBR, and then the MBR redirects the system
to the boot

sector so that the boot process can begin.

Most, but not all, viruses that infect the MBR do so by copying the contents of
the boot

sector to a different file and then overwriting the boot sector with viral code.
When you

remove a boot sector virus, the anti virus program is usually smart enough to
know where the

original boot sector was copied to. It then removes the viral code and moves the
boot sector

code back to the correct location.

Unfortunately, some viruses don t backup the boot sector code before altering it.
Likewise,

there are also legitimate programs that can cause boot problems similar to that
of a virus.

For example, I was recently using a program called System Commander from VCOM.
System

Commander alters the boot sector so that your system will boot the System
Commander program

instead of the normal operating system. The program then displays a menu and
allows you to

boot to a variety of operating systems. However, I had decided to remove an
operating system

from a computer and System Commander was damaged in the process.

After the damage occurred, the system was unbootable. The system would try to
boot to a

nonexistent copy of System Commander. Unfortunately, it was impossible to
reinstall System
                                      Page 1
                                New Text Document

Commander because the system was unbootable. As you can see, in such a case,
perfectly

legitimate software can function exactly like a boot sector virus. This means
that whether

your MBR is malfunctioning because of a virus or because of a boot program gone
haywire, the

repair method is exactly the same.

Obviously, the best repair method is to restore a backup or to use a repair disk
such as the

one created by Norton s System Works. However, if you don t happen to have such a
recovery

tool, you ll have to do things the old fashion way. You can also forget about
reformatting

or repartitioning the drive, as these operations don t effect the boot sector.
The method

that you d use to recover from such a situation depends on the operating system
that you re

using.

If your system is running Windows 98, use a separate system to create a bootable
floppy disk

and copy the FDISK file to it. Now, boot the damaged system from the boot floppy.
When

you ve booted the system to a command prompt, enter the following command:

FDISK /MBR

This will repair the Master Boot Record and make the system bootable. If you
happen to be

using a Windows 2000 system, you can boot from the installation disks and enter
the Recovery

Console. When the Recovery Console loads, you can use the FIXBOOT or the FIXMBR
command to

cure the problem.




                                     Page 2

								
To top