Every once in a while, McAfee Virus Scan will tell me it found an infected boot record, but that it can’t clean it or really do anything about it. Can I fix this? Formatting my hard drive is not an option. Also, I’m running XP. Where does the boot record live, anyway?
Though my first reaction was going to be to slam McAfee…
Instead I’ll say… use the free online scanner from Housecall to see what it reports back to you and is able to get rid of.
Post back.
In the old days, running the undocumented fdisk /mbr would rewrite the original boot record. Don’t know if its still around, but you could try running the command. Should be safe.
No, it doesn’t appear to be a part of XP.
I avoided this thread yesterday. I thought it was going to be about jungle rot on soldiers’ feet, and some really disgusting Guinness World Record pictures.
peasea
Have you tried the online scan yet?
Boot records of disk drives are typically protected against modification (by things like viruses) with a CMOS setting. Your scanner may be unable to make the changes it wants since this has been set. Reboot, enter the CMOS setup (mistakenly called “BIOS setup” by many), turn off the boot sector protection. Try your antivirus software again. Then set the protection back again.
Not 100% sure this will work, but it might.
Sorry I never replied, Daizy, but I stubbornly wanted to make McAfee work.
When I did a web search for info on sigSEGV’s fdisk suggestion, I found out that the XP CD has a Restore Manager, which has a fixboot command that does the same thing. For some reason, though, I wasn’t able to get the system to boot from the disk. Well, I just tried it again tonight. I don’t know what I was doing wrong before, but it just worked, and I was able to run fixboot successfully. I then installed AVG Anti-Virus, which was suggested by a coworker, and it found 361 infected files. I’ll use that now, at least for a while, but I’ll check into Housecall as well.
“fixmbr” in the recovery console restores the boot record. http://www.microsoft.com/windowsxp/home/using/productdoc/en/default.asp?url=/WINDOWSXP/home/using/productdoc/en/bootcons_fixmbr.asp
The boot record is the first sector of the disk. When a PC boots, it goes through all of its self checks, etc. then it starts looking for a device to boot from. It goes through the list of devices as set in your BIOS, and checks each device’s boot record to see if it’s in the proper format for a boot record. For example, if your PC is set to boot from the floppy, then hard disk, it will first look at the floppy. If the boot sector contains a valid boot segment, then it will load this segment into memory and execute it as if it were a program. If there is no floppy in the drive then it will skip the floppy and do the same thing with the hard drive. In the old days, if there wasn’t a valid boot sector on the hard drive, the computer would then try to boot into the BASIC ROM, which most computers didn’t have, so you would get this cryptic “NO ROM BASIC” error if the hard drive was futzed.
The boot sector contains a small program which loads the rest of the operating system (or else loads a bigger program which then loads the rest of the operating system). Since the boot sector executes long before a virus scanner or even the operating system itself is up and running, many BIOSes will have an option to disable writing to it, which helps to prevent a nasy virus from getting in there and executing. Once a virus is in there, it will execute long before the virus scanner has a chance to do anything about it.