Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 229
  • Last Modified:

Turning off Virus/MBR change detection

Hi All,
I need a way to turn off the virus/mbr change detection that windows 95 seems to want to do at startup.  I've made a change to the way we do things here and now 'some' of the machines seem to think that the MBR has been changed and windows 95 says that it maybe a virus.  I know that it's not and would like to turn this message off.  So, any ideas would be well appreciated.  Take care,
 DL
0
dragonlord
Asked:
dragonlord
  • 5
  • 4
1 Solution
 
smeebudCommented:
How far do you get before the message??
Is it a message, if so, whay exactly does it say.
Also, Are you running NT or 95, and what is your anti-virus software?
As far as I know running a MRB does not hurt. What about a onetime running to see if the message stops??

let me know if I'm off base.
0
 
dragonlordAuthor Commented:
Everything still works.  It's the message that says something to the effect that 'the master boot record has been chagned...'  It doesn't happen on all of our machines, so, it's just a pain, not a real problem.  I'd still like to get rid of it.  We aren't running any virus software right now. We're running windows 95 btw :)
0
 
czamudioCommented:
Win95 does not have virus protection, check if your config.sys or autoexec.bat has any reference to an antivirus program.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
smeebudCommented:
If you can catch that message it would be good. MSKB has a list of almost all the error or other messages. I'll see what I can do with that.
SEE Built-In Anti-Virus Support in Windows 95  at
http://www.microsoft.com/kb/articles/q143/2/81.htm
I think you should go to that address because it will ask you if it answered you question, then give you more options for other avenues to pursue.
In case you can't get thru, here is an excerpt"
-------------------------
Recognizing Master Boot Record (MBR) Modifications

Most viruses infect your computer by modifying the MBR and hooking the INT13h chain. This allows
the virus to monitor hard disk access and damage the data on your hard disk. Windows 95 prevents
this type of virus from damaging your data by maintaining a list of the programs that are currently
hooking the INT13h chain. Each time you start your computer, Windows 95 checks to see which
programs are monitoring the INT13h chain, and then compares this list of programs with the list that
it recorded the last time Windows 95 started. If any new programs that Windows 95 does not
recognize have hooked the INT13h chain, the following message is displayed:

WARNING: Your computer may have a virus. The Master Boot Record on your
computer has been modified. Would you like to see more information?


If you click Yes, the Performance tab in System Properties is displayed, which provides more
information and allows you to begin troubleshooting the problem.

This situation is most likely to occur when you start an operating system other than Windows 95
using a bootable floppy disk. If the floppy disk is infected with a virus, the virus will most likely modify
the MBR on the hard disk and hook the INT13h chain. When you remove the floppy disk and start
your computer normally, Windows 95 recognizes that the MBR has been modified and that the
INT13h chain has been hooked by an unknown program. The warning you receive gives you an
opportunity to remove the virus before it can damage your data.

When a virus modifies the MBR, the Performance tab in System properties and the Ios.log file
typically report that a file called Mbrint13.sys is causing drives to be accessed in MS-DOS
Compatibility mode. To access the Performance tab, double-click the System icon in Control Panel,
and then click the Performance tab.
-------------------------
---------------------------------------------------------------
Tell me if this helps. I'm sure there's a way to get around this.
I'm markinmg this answered, this will lock you to me. if that is not to your liking, feel free to re-ject.

0
 
dragonlordAuthor Commented:
That's pretty much what we're seeing, but, not in all places at all times.  It's very strange.  Thanks for the kb article.
0
 
smeebudCommented:
Are things different now than they where?
Is it fixed?
0
 
dragonlordAuthor Commented:
It doesn't seem to have cropped up in any place except my testing facility.  Very strange. The problem comes from the fact that we're letting windows 95 blow away a bootware ram disk(this is the image that we boot our machines from).  If we do it any other way, the a: drive stops working under windows 95. So, I guess it's a non-problem.  Thanks alot for everyones help and answers.
0
 
smeebudCommented:
Go to:
http://www.microsoft.com/kb/default.asp
at step 1 choose windows 95
at step 5 type MBR.
You'll find some enlightening articles.
0
 
smeebudCommented:
Please let me know what method worked for you.
Thanks.
0
 
dragonlordAuthor Commented:
After I noticed this error message in my test lab, I sent
students out to see if it was showing up in our production
labs.  In most cases, it wasn't.  In the few labs where we
did see this problem, all we had to do was ignor the message,
do a shift restart and then use _that_ registry for our clean
version of the registry.  Thanks for everyones help.  TTFN.
0

Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

  • 5
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now