Virus in MBR: Need Clean Full WIN XP Home Install

[Fred 2002]

My wife's computer (running XP Home) somehow got a virus in the Master Boot
Record which was detected by Norton AV 2004. However, NAV also provided a
message that said it could not delete the virus. I checked BIOS settings and
found nothing that would prevent NAV from accessing the MBR. I haven't
contacted Norton yet, but in the worst case scenario, I have the WIN XP Full
Install CD and am willing to format the hard disk and reinstall.

Back in the DOS days, to do this I would go to a DOS prompt, do a low level
format (Are You Sure?) and use FDISK to set up a partition. With XP, what do
I have to do to clear out the MBR and reinstall the XP operating system?

Thanks in advance!

 

[MikeP]

Set the BIOS to boot from the CD first. Insert your XP CD, it is bootable.
Follow the prompts
to do a clean install, including partitioning and formatting.

 

[David H. Lipman]

First, you posted in the WRONG place !

There are anti virus News Groups specifically for this type of discussion.

microsoft.public.scripting.virus.discussion
microsoft.public.security.virus
alt.comp.virus
alt.comp.anti-virus

Go to Zvi Netiv's Invircible.com { http://www.invircible.com/iv_tools.php } and download
"IVINIT - Boot Virus & Worm-Trojan Remover".

BTW: If you post to UseNet with your TRUE, not a munged, email address then you have
invited the Swen Internet worm [aka; W32/Gibe-F] to visit you.

Practicing Safe Hex is part of your solution Fred.

Dave



| My wife's computer (running XP Home) somehow got a virus in the Master Boot
| Record which was detected by Norton AV 2004. However, NAV also provided a
| message that said it could not delete the virus. I checked BIOS settings and
| found nothing that would prevent NAV from accessing the MBR. I haven't
| contacted Norton yet, but in the worst case scenario, I have the WIN XP Full
| Install CD and am willing to format the hard disk and reinstall.
|
| Back in the DOS days, to do this I would go to a DOS prompt, do a low level
| format (Are You Sure?) and use FDISK to set up a partition. With XP, what do
| I have to do to clear out the MBR and reinstall the XP operating system?
|
| Thanks in advance!
|
| --
| Fred 2002
|
|

 

[David H. Lipman]

The OP does NOT need to be so draconian !

Dave



| Set the BIOS to boot from the CD first. Insert your XP CD, it is bootable.
| Follow the prompts
| to do a clean install, including partitioning and formatting.

 

[Guest]

You sound like Carey Frisch

-----Original Message-----
First, you posted in the WRONG place !

There are anti virus News Groups specifically for this type of discussion.

microsoft.public.scripting.virus.discussion
microsoft.public.security.virus
alt.comp.virus
alt.comp.anti-virus

Go to Zvi Netiv's Invircible.com {

http://www.invircible.com/iv_tools.php } and download

"IVINIT - Boot Virus & Worm-Trojan Remover".

BTW: If you post to UseNet with your TRUE, not a

munged, email address then you have

invited the Swen Internet worm [aka; W32/Gibe-F] to visit you.

Practicing Safe Hex is part of your solution Fred.

Dave



| My wife's computer (running XP Home) somehow got a virus in the Master Boot
| Record which was detected by Norton AV 2004. However, NAV also provided a
| message that said it could not delete the virus. I checked BIOS settings and
| found nothing that would prevent NAV from accessing the MBR. I haven't
| contacted Norton yet, but in the worst case scenario, I have the WIN XP Full
| Install CD and am willing to format the hard disk and reinstall.
|
| Back in the DOS days, to do this I would go to a DOS prompt, do a low level
| format (Are You Sure?) and use FDISK to set up a partition. With XP, what do
| I have to do to clear out the MBR and reinstall the XP operating system?
|
| Thanks in advance!
|
| --
| Fred 2002
|
|


.

 

[David H. Lipman]

I'm not that smart ;-)

Dave


| You sound like Carey Frisch

 

[Fred 2002]

Thanks to all for your help!

 

[Never anonymous Bud]

Dos prompt (within XP or boot floppy), and use "Fdisk /mbr".

Simple.







To reply by email, remove the XYZ.

Lumber Cartel (tinlc) #2063. Spam this account at your own risk.

This sig censored by the Office of Home and Land Insecurity....

 

[Never anonymous Bud]

Set the BIOS to boot from the CD first. Insert your XP CD, it is bootable.
Follow the prompts
to do a clean install, including partitioning and formatting.

There is absolutely NO reason to do that, except as a last resort!





To reply by email, remove the XYZ.

Lumber Cartel (tinlc) #2063. Spam this account at your own risk.

This sig censored by the Office of Home and Land Insecurity....

 

[David H. Lipman]

Except is doesn't work for all Boot Sector Infectors !

Dave



| While still snuggled in a 'spider hole', "Fred 2002" <[email protected]>
| scribbled:
|
| >> Back in the DOS days, to do this I would go to a DOS prompt, do a low level
| >> format (Are You Sure?) and use FDISK to set up a partition. With XP, what do
| >> I have to do to clear out the MBR and reinstall the XP operating system?
|
| Dos prompt (within XP or boot floppy), and use "Fdisk /mbr".
|
| Simple.
|
|
|
|
|
|
|
| To reply by email, remove the XYZ.
|
| Lumber Cartel (tinlc) #2063. Spam this account at your own risk.
|
| This sig censored by the Office of Home and Land Insecurity....

 

[Steve Nielsen]

What virus? There may be specific removal instructions at the Symantec site.

If you boot from a Win98 boot disk and run fdisk /mbr it may fix it, or
by booting the XP CD into Recovery console and use the fixmbr command.

File system formatting will not touch the MBR and on IDE drives a low
level format is not a good thing to try. Deleting the partition will
also not touch the MBR.

Steve

 

[cquirke (MVP Win9x)]

What virus? There may be specific removal instructions at the Symantec site.

If you boot from a Win98 boot disk and run fdisk /mbr it may fix it, or
by booting the XP CD into Recovery console and use the fixmbr command.

May also kill your HD access stone dead. Use a DOS-based av such as
freebies from www.f-prot.com, www.nod32.com or www.sophos.com after
booting from a clean and protected diskette, CDR or USB stick. Do NOT
allow the HD to boot at all, else the virus will be active!

File system formatting will not touch the MBR and on IDE drives a low
level format is not a good thing to try. Deleting the partition will
also not touch the MBR.

The biggest reason I'd avoid "just replace the MBR" tools is that the
virus may have encrypted your data, and be required to decrypt it. An
av will unpick the process after studying the viral code; a dumb
splat-back will kill the only code that could have read your data.

Most MBR infectors relocate the "real" MBR and, in some cases, the
partition table. An MBR splatback won't look up and re-instate this
data; it will simply splat over the MBR code, leaving the existing
partition table in place (too bad if it's invalid, and you now have no
way of knowing where the real one is or how to decrypt it).

FDisk /MBR can be particularly dangerous, in that if the MBR doesn't
end in the expected 55AA hex signature, it zeros out the partition
table even if the entries that were there were valid.

There are other considerations unrelated to the virus itself, if you
use DDO to overcome BIOS limitations, or add-on boot managers that
reside within the MBR as some do.

-------------------- ----- ---- --- -- - - - -

Running Windows-based av to kill active malware is like striking
a match to see if what you are standing in is water or petrol.