Level Extreme platform
Subscription
Corporate profile
Products & Services
Support
Legal
Français
Mbr Virus help please
Message
From
05/04/2009 11:06:04
Grady McCue
Old fellow
The Grove, Alberta, Canada
 
 
To
05/04/2009 03:07:54
Al Doman
M3 Enterprises Inc.
North Vancouver, British Columbia, Canada
General information
Forum:
Windows
Category:
Computing in general
Title:
Re: Mbr Virus help please
Miscellaneous
Thread ID:
01393108
Message ID:
01393326
Views:
36
>>>>Yes
>>>>
>>>>>Did you format the floppy on a know clean machine, if so you still have a root kit active.
>>>>>
>>>>>>This does not work - The virus interupts the process each time I press enter
>>>>>>
>>>>>>>Hi,
>>>>>>>1. Format a floppy and make it bootable.
>>>>>>>2. Copy FDISK to the floppy.
>>>>>>>3. boot the computer from the floppy.
>>>>>>>4. Run FDISK /MBR six or seven times in quick succession, then remove the floppy and boot from the HDD.
>>>>>>>
>>>>>>>>I'm helping to remove an infection from a fellow's computer. I have removed two root kits and forteen trojans, but one MBR virus was lurking on the HD and I found it this morning. I don't know what it is called besides the very special names I have given it. The MBR virus will not let me reformat. Any ideas for complete removal of the thing?
>>>
>>>Did you see my earlier message? Download, create, and boot from a free Linux-based live CD such as GPartEd, Knoppix, or UltimateBootCD. Because they're Linux-based, they will ignore any DOS/Windows API calls, or attempts to hook into interrupt handlers. Usually these distros contain commands with names like fixmbr or mbrfix, which should "just work".
>>>
>>>As a side note, some of these utility CDs come in versions that are specially Windows-compatible, e.g. "Ultimate Boot CD for Windows". In your case I'd actually avoid these, because any attempt at compatibility might offer an opening to the MBR virus.
>>>
>>>And finally, if all this seems too complicated, I was quite serious about buying a new hard drive. A new 160GB IDE (PATA) unit is C$71, 500GB C$105, SATA2 equivalents are even less expensive. If the person you're helping whines at that cost, they're basically saying your time is almost worthless. This option would get them back up and running quickly, and you could take the problem drive home and work on it at your leisure. Also, having to cough up a few $ means the other person will have some incentive to not get infected again.
>>
>>I have tried UBCDW and a PE app. One of them dumped adware on my computer and changed the path under the UBCDW icon. I have uninstalled both and am now running scans on two of my machines. Oh well . . . I might get a new drive out of this too.
>
>As I mentioned above, I'd specifically avoid UBCDW and BartPE for this particular task, they try to be as Windows-like as possible and may actually load the MBR virus or allow it to function. GPartEd or Knoppix should work.

And those are the two I downloaded.
I ain't skeert of nuttin eh?
Yikes! What was that?
Previous
Reply
Map
View

Click here to load this message in the networking platform