Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Turning off Virus/MBR change detection

Posted on 1997-06-10
10
218 Views
Last Modified: 2013-12-16
Hi All,
I need a way to turn off the virus/mbr change detection that windows 95 seems to want to do at startup.  I've made a change to the way we do things here and now 'some' of the machines seem to think that the MBR has been changed and windows 95 says that it maybe a virus.  I know that it's not and would like to turn this message off.  So, any ideas would be well appreciated.  Take care,
 DL
0
Comment
Question by:dragonlord
  • 5
  • 4
10 Comments
 
LVL 14

Expert Comment

by:smeebud
ID: 1748749
How far do you get before the message??
Is it a message, if so, whay exactly does it say.
Also, Are you running NT or 95, and what is your anti-virus software?
As far as I know running a MRB does not hurt. What about a onetime running to see if the message stops??

let me know if I'm off base.
0
 
LVL 1

Author Comment

by:dragonlord
ID: 1748750
Everything still works.  It's the message that says something to the effect that 'the master boot record has been chagned...'  It doesn't happen on all of our machines, so, it's just a pain, not a real problem.  I'd still like to get rid of it.  We aren't running any virus software right now. We're running windows 95 btw :)
0
 
LVL 2

Expert Comment

by:czamudio
ID: 1748751
Win95 does not have virus protection, check if your config.sys or autoexec.bat has any reference to an antivirus program.
0
Easy, flexible multimedia distribution & control

Coming soon!  Ideal for large-scale A/V applications, ATEN's VM3200 Modular Matrix Switch is an all-in-one solution that simplifies video wall integration. Easily customize display layouts to see what you want, how you want it in 4k.

 
LVL 14

Expert Comment

by:smeebud
ID: 1748752
If you can catch that message it would be good. MSKB has a list of almost all the error or other messages. I'll see what I can do with that.
SEE Built-In Anti-Virus Support in Windows 95  at
http://www.microsoft.com/kb/articles/q143/2/81.htm
I think you should go to that address because it will ask you if it answered you question, then give you more options for other avenues to pursue.
In case you can't get thru, here is an excerpt"
-------------------------
Recognizing Master Boot Record (MBR) Modifications

Most viruses infect your computer by modifying the MBR and hooking the INT13h chain. This allows
the virus to monitor hard disk access and damage the data on your hard disk. Windows 95 prevents
this type of virus from damaging your data by maintaining a list of the programs that are currently
hooking the INT13h chain. Each time you start your computer, Windows 95 checks to see which
programs are monitoring the INT13h chain, and then compares this list of programs with the list that
it recorded the last time Windows 95 started. If any new programs that Windows 95 does not
recognize have hooked the INT13h chain, the following message is displayed:

WARNING: Your computer may have a virus. The Master Boot Record on your
computer has been modified. Would you like to see more information?


If you click Yes, the Performance tab in System Properties is displayed, which provides more
information and allows you to begin troubleshooting the problem.

This situation is most likely to occur when you start an operating system other than Windows 95
using a bootable floppy disk. If the floppy disk is infected with a virus, the virus will most likely modify
the MBR on the hard disk and hook the INT13h chain. When you remove the floppy disk and start
your computer normally, Windows 95 recognizes that the MBR has been modified and that the
INT13h chain has been hooked by an unknown program. The warning you receive gives you an
opportunity to remove the virus before it can damage your data.

When a virus modifies the MBR, the Performance tab in System properties and the Ios.log file
typically report that a file called Mbrint13.sys is causing drives to be accessed in MS-DOS
Compatibility mode. To access the Performance tab, double-click the System icon in Control Panel,
and then click the Performance tab.
-------------------------
---------------------------------------------------------------
Tell me if this helps. I'm sure there's a way to get around this.
I'm markinmg this answered, this will lock you to me. if that is not to your liking, feel free to re-ject.

0
 
LVL 1

Author Comment

by:dragonlord
ID: 1748753
That's pretty much what we're seeing, but, not in all places at all times.  It's very strange.  Thanks for the kb article.
0
 
LVL 14

Expert Comment

by:smeebud
ID: 1748754
Are things different now than they where?
Is it fixed?
0
 
LVL 1

Author Comment

by:dragonlord
ID: 1748755
It doesn't seem to have cropped up in any place except my testing facility.  Very strange. The problem comes from the fact that we're letting windows 95 blow away a bootware ram disk(this is the image that we boot our machines from).  If we do it any other way, the a: drive stops working under windows 95. So, I guess it's a non-problem.  Thanks alot for everyones help and answers.
0
 
LVL 14

Accepted Solution

by:
smeebud earned 50 total points
ID: 1748756
Go to:
http://www.microsoft.com/kb/default.asp
at step 1 choose windows 95
at step 5 type MBR.
You'll find some enlightening articles.
0
 
LVL 14

Expert Comment

by:smeebud
ID: 1748757
Please let me know what method worked for you.
Thanks.
0
 
LVL 1

Author Comment

by:dragonlord
ID: 1748758
After I noticed this error message in my test lab, I sent
students out to see if it was showing up in our production
labs.  In most cases, it wasn't.  In the few labs where we
did see this problem, all we had to do was ignor the message,
do a shift restart and then use _that_ registry for our clean
version of the registry.  Thanks for everyones help.  TTFN.
0

Featured Post

Free Tool: Postgres Monitoring System

A PHP and Perl based system to collect and display usage statistics from PostgreSQL databases.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Juniper VPN for Mac and windows OS 5 50
Picture size 4 35
Selecting Right Partition 6 68
Batch File search for Drive Letter 8 44
If you get continual lockouts after changing your Active Directory password, there are several possible reasons.  Two of the most common are using other devices to access your email and stored passwords in the credential manager of windows.
In this article, I will show you HOW TO: Perform a Physical to Virtual (P2V) Conversion the easy way from a computer backup (image).
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question