>>I'm helping to remove an infection from a fellow's computer. I have removed two root kits and forteen trojans, but one MBR virus was lurking on the HD and I found it this morning. I don't know what it is called besides the very special names I have given it. The MBR virus will not let me reformat. Any ideas for complete removal of the thing?
>
>I know the names you given to this virus (They are the same I gave to it when I fight with it) :-)
>I think (NOT SURE) that if you boot from Windows Installation CD/DVD and go to recovery console you can repair MBR. Just make sure that everything imnportant have a pretty good backup first :-).

In DOS days, this was "boot from floppy, then fdisk c: /mbr", which would then create a new master boot record on the C: partition (or in the partition table, whichever came first). I guess it would still work, provided the versions of Windowses on the HD and the DVD use the same format of MBR (i.e. are the same version).

Backup may be useful, but may as well preserve the virus... tacky business. Virus scanners may find several instances of a MBR virus in memory (one of them being in their own buffers, another in the buffer of the disk itself etc etc), so these report several false positives, copies of the virus which won't be executed, and yet there may be one somewhere that's executable but not found.

Still, fdisk /mbr may still work as it did before. After rebooting again, rescan and see if it's still there. Then check whether everything else works.