Solved

Turning off Virus/MBR change detection

Posted on 1997-06-10
10
219 Views
Last Modified: 2013-12-16
Hi All,
I need a way to turn off the virus/mbr change detection that windows 95 seems to want to do at startup.  I've made a change to the way we do things here and now 'some' of the machines seem to think that the MBR has been changed and windows 95 says that it maybe a virus.  I know that it's not and would like to turn this message off.  So, any ideas would be well appreciated.  Take care,
 DL
0
Comment
Question by:dragonlord
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
10 Comments
 
LVL 14

Expert Comment

by:smeebud
ID: 1748749
How far do you get before the message??
Is it a message, if so, whay exactly does it say.
Also, Are you running NT or 95, and what is your anti-virus software?
As far as I know running a MRB does not hurt. What about a onetime running to see if the message stops??

let me know if I'm off base.
0
 
LVL 1

Author Comment

by:dragonlord
ID: 1748750
Everything still works.  It's the message that says something to the effect that 'the master boot record has been chagned...'  It doesn't happen on all of our machines, so, it's just a pain, not a real problem.  I'd still like to get rid of it.  We aren't running any virus software right now. We're running windows 95 btw :)
0
 
LVL 2

Expert Comment

by:czamudio
ID: 1748751
Win95 does not have virus protection, check if your config.sys or autoexec.bat has any reference to an antivirus program.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 14

Expert Comment

by:smeebud
ID: 1748752
If you can catch that message it would be good. MSKB has a list of almost all the error or other messages. I'll see what I can do with that.
SEE Built-In Anti-Virus Support in Windows 95  at
http://www.microsoft.com/kb/articles/q143/2/81.htm
I think you should go to that address because it will ask you if it answered you question, then give you more options for other avenues to pursue.
In case you can't get thru, here is an excerpt"
-------------------------
Recognizing Master Boot Record (MBR) Modifications

Most viruses infect your computer by modifying the MBR and hooking the INT13h chain. This allows
the virus to monitor hard disk access and damage the data on your hard disk. Windows 95 prevents
this type of virus from damaging your data by maintaining a list of the programs that are currently
hooking the INT13h chain. Each time you start your computer, Windows 95 checks to see which
programs are monitoring the INT13h chain, and then compares this list of programs with the list that
it recorded the last time Windows 95 started. If any new programs that Windows 95 does not
recognize have hooked the INT13h chain, the following message is displayed:

WARNING: Your computer may have a virus. The Master Boot Record on your
computer has been modified. Would you like to see more information?


If you click Yes, the Performance tab in System Properties is displayed, which provides more
information and allows you to begin troubleshooting the problem.

This situation is most likely to occur when you start an operating system other than Windows 95
using a bootable floppy disk. If the floppy disk is infected with a virus, the virus will most likely modify
the MBR on the hard disk and hook the INT13h chain. When you remove the floppy disk and start
your computer normally, Windows 95 recognizes that the MBR has been modified and that the
INT13h chain has been hooked by an unknown program. The warning you receive gives you an
opportunity to remove the virus before it can damage your data.

When a virus modifies the MBR, the Performance tab in System properties and the Ios.log file
typically report that a file called Mbrint13.sys is causing drives to be accessed in MS-DOS
Compatibility mode. To access the Performance tab, double-click the System icon in Control Panel,
and then click the Performance tab.
-------------------------
---------------------------------------------------------------
Tell me if this helps. I'm sure there's a way to get around this.
I'm markinmg this answered, this will lock you to me. if that is not to your liking, feel free to re-ject.

0
 
LVL 1

Author Comment

by:dragonlord
ID: 1748753
That's pretty much what we're seeing, but, not in all places at all times.  It's very strange.  Thanks for the kb article.
0
 
LVL 14

Expert Comment

by:smeebud
ID: 1748754
Are things different now than they where?
Is it fixed?
0
 
LVL 1

Author Comment

by:dragonlord
ID: 1748755
It doesn't seem to have cropped up in any place except my testing facility.  Very strange. The problem comes from the fact that we're letting windows 95 blow away a bootware ram disk(this is the image that we boot our machines from).  If we do it any other way, the a: drive stops working under windows 95. So, I guess it's a non-problem.  Thanks alot for everyones help and answers.
0
 
LVL 14

Accepted Solution

by:
smeebud earned 50 total points
ID: 1748756
Go to:
http://www.microsoft.com/kb/default.asp
at step 1 choose windows 95
at step 5 type MBR.
You'll find some enlightening articles.
0
 
LVL 14

Expert Comment

by:smeebud
ID: 1748757
Please let me know what method worked for you.
Thanks.
0
 
LVL 1

Author Comment

by:dragonlord
ID: 1748758
After I noticed this error message in my test lab, I sent
students out to see if it was showing up in our production
labs.  In most cases, it wasn't.  In the few labs where we
did see this problem, all we had to do was ignor the message,
do a shift restart and then use _that_ registry for our clean
version of the registry.  Thanks for everyones help.  TTFN.
0

Featured Post

Save the day with this special offer from ATEN!

Save 30% on the CV211 using promo code EXPERTS30 now through April 30th. The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question