Re: FixMBR says I have on-standard or invalid boot record
- From: "VanguardLH" <VanguardLH@xxxxxxxxxxxx>
- Date: Tue, 15 Jan 2008 11:21:17 -0600
"ronrobjoe" wrote in message news:B5C2A01A-B963-4268-9104-25D5A3ED3229@xxxxxxxxxxxxxxxx
I was concerned about getting very bad virus that is going around Europe
that writes (Storm Virus?( and hides itself on the Master Boot Record. So I
use the Recovery Cosole to enter the command fixmbr and stopped because I got
this message:
This computer appears to have a non-standard or invalid boot record.
Fixmbr may damage your partition tables if you proceed.
This could cause all the partitions on the current hard disk to become
inaccesible .
If you are not having problems accessing your drive, do not continue
Are you sure you want to write a new mbr?
I answer no. I am concerned that I may already have the virus because I have
a router and I notice all lot of activity, send receive lights flashing on it
when I am doing nothing on the internet, especially later in the evening.
Can anyone tell me what the recovery console meant in its message about my
hard disk mbr being non-standard or invalid and being unable to access it if
I processed with the fixmbr.
Have you installed any software that usurps the bootstrap record (first 446 bytes) of the MBR (first and unusable sector)? Boot managers, backup programs, disk encryption programs, and others will replace the bootstrap program with their own.
These good usurpers do not alter the partition table. Viruses might change the offset of where to find the partition descriptors in the MBR. That means a good bootstrap program that looks at the standard offsets will not properly find the start of your partitions. So FIXMBR is warning you that something in the bootstrap area does not look like a standard bootstrap program. Every version of DOS and Windows has had a slightly different set of bytes for their "standard" bootstrap program. Grub used with Linux would be a different set of bytes. I'm not sure how FIXMBR could determine what is a standard bootstrap program since every version of them is different, so it is probably telling you that what is in the MBR's bootstrap area is different that what it will put there.
While I haven't specifically done this, you could use a utility that reads and saves a copy of the MBR, like 'mbrtool', and then go look in the saved file to see if there are any strings that identify whose bootstrap program is located in the first 446 bytes. I'd have to download mbrtool, use it to create the bootable floppy, and reboot my host to find out what was in the saved mbr file but that would interrupt my reply here plus I really don't have that much impetus to go through all that.
.
- Follow-Ups:
- Re: FixMBR says I have on-standard or invalid boot record
- From: John John
- Re: FixMBR says I have on-standard or invalid boot record
- From: VanguardLH
- Re: FixMBR says I have on-standard or invalid boot record
- Prev by Date: Re: User accounts error
- Next by Date: Re: Vista cannot and will not replace XP. Case Closed
- Previous by thread: Re: FixMBR says I have on-standard or invalid boot record
- Next by thread: Re: FixMBR says I have on-standard or invalid boot record
- Index(es):
Relevant Pages
|
