Re: FixMBR says I have on-standard or invalid boot record
- From: "VanguardLH" <VanguardLH@xxxxxxxxxxxx>
- Date: Tue, 15 Jan 2008 11:40:09 -0600
"VanguardLH" <VanguardLH@xxxxxxxxxxxx> wrote in message news:m8OdnR4p9L0RdhHanZ2dnUVZ_tOtnZ2d@xxxxxxxxxxxxxx
"ronrobjoe" wrote in message news:B5C2A01A-B963-4268-9104-25D5A3ED3229@xxxxxxxxxxxxxxxxI was concerned about getting very bad virus that is going around Europe
that writes (Storm Virus?( and hides itself on the Master Boot Record. So I
use the Recovery Cosole to enter the command fixmbr and stopped because I got
this message:
This computer appears to have a non-standard or invalid boot record.
Fixmbr may damage your partition tables if you proceed.
This could cause all the partitions on the current hard disk to become
inaccesible .
If you are not having problems accessing your drive, do not continue
Are you sure you want to write a new mbr?
I answer no. I am concerned that I may already have the virus because I have
a router and I notice all lot of activity, send receive lights flashing on it
when I am doing nothing on the internet, especially later in the evening.
Can anyone tell me what the recovery console meant in its message about my
hard disk mbr being non-standard or invalid and being unable to access it if
I processed with the fixmbr.
Have you installed any software that usurps the bootstrap record (first 446 bytes) of the MBR (first and unusable sector)? Boot managers, backup programs, disk encryption programs, and others will replace the bootstrap program with their own.
These good usurpers do not alter the partition table. Viruses might change the offset of where to find the partition descriptors in the MBR. That means a good bootstrap program that looks at the standard offsets will not properly find the start of your partitions. So FIXMBR is warning you that something in the bootstrap area does not look like a standard bootstrap program. Every version of DOS and Windows has had a slightly different set of bytes for their "standard" bootstrap program. Grub used with Linux would be a different set of bytes. I'm not sure how FIXMBR could determine what is a standard bootstrap program since every version of them is different, so it is probably telling you that what is in the MBR's bootstrap area is different that what it will put there.
While I haven't specifically done this, you could use a utility that reads and saves a copy of the MBR, like 'mbrtool', and then go look in the saved file to see if there are any strings that identify whose bootstrap program is located in the first 446 bytes. I'd have to download mbrtool, use it to create the bootable floppy, and reboot my host to find out what was in the saved mbr file but that would interrupt my reply here plus I really don't have that much impetus to go through all that.
Also, running FIXMBR when not necessary could end up damaging access to the partitions in your system. What would happen if you lost power while it ran (it runs very quickly but does take time to run) and you did not have a UPS to keep your computer powered up? If you had whole-disk encryption software employed in your system that used the MBR bootstrap program to decrypt your volumes, well, a standard bootstrap program won't do any decrypting and you lose access to all the content of your disks. If you don't know that you need to replace the bootstrap program in the MBR whether because you want to get rid of a prior usurper (like a bootmanager) and return to a standard boot loader or because you suspect a viral infection but have no proof then don't do it. As mentioned by others, and although you are not running a 3rd party boot manager, the maker of your computer may be using their own boot manager for special reasons, like accessing a normally hidden partition wherein lies the recovery image for restoring your computer back to its buy-time state.
"Storm" covers several varieties of the pest; see http://preview.tinyurl.com/yt8rdl. I looked at a couple and they did not mention that the MBR's bootstrap area got overwritten by the pest. So running FIXMBR may not only be superfluous but not worth the risk.
If your anti-virus program doesn't detect the varieties of the Storm pest then get a different and better anti-virus program. In your other post, you mention using Norton. That is a brand name, not a product name. Has Norton Anti-Virus alerted you to an infection? Seem Symantec knows about this pest; see http://preview.tinyurl.com/yrr66w. Stop trying to fix problems or eradicate pests that do not yet exist on your host - but maybe you should go update the virus signature database for NAV if the automatic update is not working.
.
- References:
- Re: FixMBR says I have on-standard or invalid boot record
- From: VanguardLH
- Re: FixMBR says I have on-standard or invalid boot record
- Prev by Date: Re: OT: Linux desktop share doubles!
- Next by Date: Re: Vista cannot and will not replace XP. Case Closed
- Previous by thread: Re: FixMBR says I have on-standard or invalid boot record
- Next by thread: Re: FixMBR says I have on-standard or invalid boot record
- Index(es):
Relevant Pages
|
