Googled but still very confused.
Running Win XP Pro with SP3.
Just done a Norton Ghost successfully but when it had finished and rebooted
it put up 'Boot Sector Virus Continue Y/N'.
I wanted the machine back up so clicked Y and everything seems to be fine
but have I still got a boot sector virus or not? Difference of opinion on
many forums/sites. How do I scan and repair the boot sector if I have got a
virus?
Many thanks
Andrew Wilson

"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news(E-Mail Removed)...
> From: "Andrew Wilson" <(E-Mail Removed)>
>
>> Googled but still very confused.
>> Running Win XP Pro with SP3.
>> Just done a Norton Ghost successfully but when it had finished and
>> rebooted it put up 'Boot Sector Virus Continue Y/N'.
>> I wanted the machine back up so clicked Y and everything seems to be fine
>> but have I still got a boot sector virus or not? Difference of opinion on
>> many forums/sites. How do I scan and repair the boot sector if I have got
>> a virus?
>> Many thanks
>> Andrew Wilson
>
> Is it FAT32 or NTFS ?
>
>
> --
> Dave
> Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk
> http://www.pctipp.ch/downloads/dl/35905.asp

NTFS, Dave.
Regards
Andrew

"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:(E-Mail Removed)...
> From: "Andrew Wilson" <(E-Mail Removed)>
>
>>
>> "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
>> news(E-Mail Removed)...
>>> From: "Andrew Wilson" <(E-Mail Removed)>
>>>
>>>> Googled but still very confused.
>>>> Running Win XP Pro with SP3.
>>>> Just done a Norton Ghost successfully but when it had finished and
>>>> rebooted it put up 'Boot Sector Virus Continue Y/N'.
>>>> I wanted the machine back up so clicked Y and everything seems to be
>>>> fine but have I still got a boot sector virus or not? Difference of
>>>> opinion on many forums/sites. How do I scan and repair the boot sector
>>>> if I have got a virus?
>>>> Many thanks
>>>> Andrew Wilson
>>>
>>> Is it FAT32 or NTFS ?
>>>
>>>
>> NTFS, Dave.
>> Regards
>> Andrew
>
> Then there probably is no Boot Sector Infector.
>
> However, you can use my Multi-AV Scanning Tool to verify this.
>
> Use the Avira and/or Sophos module.
>
>
> --
> Dave
> Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk
> http://www.pctipp.ch/downloads/dl/35905.asp
Thanks, Dave will give it a try tomorrow.
Regards
Andrew Wilson

You must have enabled to halt the system if there is a change to the
boot sector in your BIOS. When you format the HD for the very first
time, the OS needs to write to the boot sector; Also, if you are
restoring the system from the Ghost image files, again boot sector needs
to be written to. This being the case, if you have enabled to be
alerted of any changes to the boot sector in your BIOS then you are
likely to get this false positive alert message.

I doubt if you really have any viruses. I would rely on MSE to keep the
gateways secure and to keep monitoring for any other system abnormalities.

hth


Andrew Wilson wrote:
> Googled but still very confused.
> Running Win XP Pro with SP3.
> Just done a Norton Ghost successfully but when it had finished and rebooted
> it put up 'Boot Sector Virus Continue Y/N'.
> I wanted the machine back up so clicked Y and everything seems to be fine
> but have I still got a boot sector virus or not? Difference of opinion on
> many forums/sites. How do I scan and repair the boot sector if I have got a
> virus?
> Many thanks
> Andrew Wilson
>
>
>

--

cHECK THESE LINKS OUT BOY!
HTTP://WWW.MYITTECH.CO.UK
HTTP://WWW.MYTAXNEWS.CO.UK
HTTP://WWW.HTML-CSS.CO.UK
HTTP://WWW.MYTAXHELP.CO.UK
HTTP://WWW.MYUKTAXHELP.CO.UK
HTTP://WWW.TAXWIKI.ORG.UK
HTTP://WWW.UKTAXSITE.CO.UK
HTTP://WWW.MYUKTAXHELP.COM
HTTP://WWW.UKTAXHELP.COM
HTTP://WWW.UKTAXSITE.COM

"Tester" <(E-Mail Removed)> wrote in message
news:j39e7f$lq8$(E-Mail Removed)...
> You must have enabled to halt the system if there is a change to the
> boot sector in your BIOS. When you format the HD for the very first
> time, the OS needs to write to the boot sector; Also, if you are
> restoring the system from the Ghost image files, again boot sector needs
> to be written to. This being the case, if you have enabled to be
> alerted of any changes to the boot sector in your BIOS then you are
> likely to get this false positive alert message.
>
> I doubt if you really have any viruses. I would rely on MSE to keep the
> gateways secure and to keep monitoring for any other system abnormalities.
>
> hth
>
>
> Andrew Wilson wrote:
>> Googled but still very confused.
>> Running Win XP Pro with SP3.
>> Just done a Norton Ghost successfully but when it had finished and
>> rebooted
>> it put up 'Boot Sector Virus Continue Y/N'.
>> I wanted the machine back up so clicked Y and everything seems to be fine
>> but have I still got a boot sector virus or not? Difference of opinion on
>> many forums/sites. How do I scan and repair the boot sector if I have got
>> a
>> virus?
>> Many thanks
>> Andrew Wilson
>>
>>
>>
>
> --
>
> cHECK THESE LINKS OUT BOY!
> HTTP://WWW.MYITTECH.CO.UK
> HTTP://WWW.MYTAXNEWS.CO.UK
> HTTP://WWW.HTML-CSS.CO.UK
> HTTP://WWW.MYTAXHELP.CO.UK
> HTTP://WWW.MYUKTAXHELP.CO.UK
> HTTP://WWW.TAXWIKI.ORG.UK
> HTTP://WWW.UKTAXSITE.CO.UK
> HTTP://WWW.MYUKTAXHELP.COM
> HTTP://WWW.UKTAXHELP.COM
> HTTP://WWW.UKTAXSITE.COM

Tester
Thanks for this. By the way what would have happened if I had pressed N
instead of Y?
Regards
Andrew Wilson

Andrew Wilson wrote:
> Tester
> Thanks for this. By the way what would have happened if I had pressed N
> instead of Y?
> Regards
> Andrew Wilson
>
>
>

If you pressed N instead of Y then the operating system won't install.
The reason being, the OS needs to write the necessary disk statistics in
the boot sector so that it can create the necessary FAT - File
Allocation Table.

hth

"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:(E-Mail Removed)...
> From: "Andrew Wilson" <(E-Mail Removed)>
>
>>
>> "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
>> news(E-Mail Removed)...
>>> From: "Andrew Wilson" <(E-Mail Removed)>
>>>
>>>> Googled but still very confused.
>>>> Running Win XP Pro with SP3.
>>>> Just done a Norton Ghost successfully but when it had finished
>>>> and rebooted it put up 'Boot Sector Virus Continue Y/N'.
>>>> I wanted the machine back up so clicked Y and everything seems to
>>>> be fine but have I still got a boot sector virus or not?
>>>> Difference of opinion on many forums/sites. How do I scan and
>>>> repair the boot sector if I have got a virus?
>>>
>>> Is it FAT32 or NTFS ?
>>>
>>>
>> NTFS, Dave.
>
> Then there probably is no Boot Sector Infector.
>
Curious, why would the file system matter? AIUI, the Boot Sector is
independent of file system. Also, I've seen NTFS systems infected
with boot sector infectors (recent Alureon variants, especially) so
they certainly aren't immune...

--
Zaphod

Arthur: All my life I've had this strange feeling that there's
something big and sinister going on in the world.
Slartibartfast: No, that's perfectly normal paranoia. Everyone in the
universe gets that.

"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:(E-Mail Removed)...
> From: "Zaphod Beeblebrox" <(E-Mail Removed)>
>
>>
>> "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
>> news:(E-Mail Removed)...
>>> From: "Andrew Wilson" <(E-Mail Removed)>
>>>
>>>>
>>>> "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
>>>> news(E-Mail Removed)...
>>>>> From: "Andrew Wilson" <(E-Mail Removed)>
>>>>>
>>>>>> Googled but still very confused.
>>>>>> Running Win XP Pro with SP3.
>>>>>> Just done a Norton Ghost successfully but when it had finished
>>>>>> and rebooted it put up 'Boot Sector Virus Continue Y/N'.
>>>>>> I wanted the machine back up so clicked Y and everything seems
>>>>>> to be fine but have I still got a boot sector virus or not?
>>>>>> Difference of opinion on many forums/sites. How do I scan and
>>>>>> repair the boot sector if I have got a virus?
>>>>>
>>>>> Is it FAT32 or NTFS ?
>>>>>
>>>>>
>>>> NTFS, Dave.
>>>
>>> Then there probably is no Boot Sector Infector.
>>>
>> Curious, why would the file system matter? AIUI, the Boot Sector
>> is independent of file system. Also, I've seen NTFS systems
>> infected with boot sector infectors (recent Alureon variants,
>> especially) so they certainly aren't immune...
>>
>
> The TDSS level 4 (aka; TDS4 and Alureon) rootkit modifies the MBR
> not the Boot Sector.
>
>
Hang on, isn't the MBR just a type of boot sector - see
http://en.wikipedia.org/wiki/Master_boot_record and
http://en.wikipedia.org/wiki/Boot_sector?

--
Zaphod

Vell, Zaphod's just zis guy, ya know? - Gag Halfrunt

"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:(E-Mail Removed)...
> From: "Zaphod Beeblebrox" <(E-Mail Removed)>
>
>>
>> "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
>> news:(E-Mail Removed)...
>>> From: "Zaphod Beeblebrox" <(E-Mail Removed)>
>>>
>>>>
>>>> "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
>>>> news:(E-Mail Removed)...
>>>>> From: "Andrew Wilson" <(E-Mail Removed)>
>>>>>
>>>>>>
>>>>>> "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in
>>>>>> message news(E-Mail Removed)...
>>>>>>> From: "Andrew Wilson" <(E-Mail Removed)>
>>>>>>>
>>>>>>>> Googled but still very confused.
>>>>>>>> Running Win XP Pro with SP3.
>>>>>>>> Just done a Norton Ghost successfully but when it had
>>>>>>>> finished and rebooted it put up 'Boot Sector Virus Continue
>>>>>>>> Y/N'.
>>>>>>>> I wanted the machine back up so clicked Y and everything
>>>>>>>> seems to be fine but have I still got a boot sector virus or
>>>>>>>> not? Difference of opinion on many forums/sites. How do I
>>>>>>>> scan and repair the boot sector if I have got a virus?
>>>>>>>
>>>>>>> Is it FAT32 or NTFS ?
>>>>>>>
>>>>>>>
>>>>>> NTFS, Dave.
>>>>>
>>>>> Then there probably is no Boot Sector Infector.
>>>>>
>>>> Curious, why would the file system matter? AIUI, the Boot Sector
>>>> is independent of file system. Also, I've seen NTFS systems
>>>> infected with boot sector infectors (recent Alureon variants,
>>>> especially) so they certainly aren't immune...
>>>>
>>>
>>> The TDSS level 4 (aka; TDS4 and Alureon) rootkit modifies the MBR
>>> not the Boot Sector.
>>>
>>>
>> Hang on, isn't the MBR just a type of boot sector - see
>> http://en.wikipedia.org/wiki/Master_boot_record and
>> http://en.wikipedia.org/wiki/Boot_sector?
>>
>
> Its not the same for a Boot Sector Infector which targets FAT not
> NTFS.
>
>
And so we come full-circle. Are you saying that an NTFS boot sector
is immune to infection somehow, or only that viruses that target FAT
boot sectors can't infect NTFS boot sectors?

--
Zaphod

Voted "Worst Dressed Sentient Being in the Known Universe" for seven
years in a row.