Solved

Stealthboot virus on MBR of disk 0

Posted on 2009-04-04
4
941 Views
Last Modified: 2012-05-06
I mistakenly rebooted my Windows XP Pro SP3 system with a floppy diskette in the drive that was infected by a stealth boot virus according to McAfee.  I got a message to install a bootable diskette, but by that time the damage was done.  The system boots fine but I keep getting error messages from McAfee Enterprise 8.51 Antivirus telling me certain files are infected with Stealthboot virus under Name "MBR of Disk 0".  If I check any of those files McAfee tells me they are infected.  But when I took the hard drive out of the system and hooked it up as an external drive using a USB cable setup on another system and rechecked those files with McAfee on that system, it reports they are clean.  Nevertheless, I replaced the suspect files from an known clean system with the same files in the same versions.

My question is how can I remove the stealthboot virus from the master boot record of the  hard drive without loosing all the data on the drive or having to reinstall from scratch?

Can I reinstall the drive back in the system and boot from an Windows 98 bootable floppy then run Fdisk / MBR to rebuild the master boot record and preserve that drive data?

Thanks for your help.
0
Comment
Question by:StevePimer
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 4

Expert Comment

by:blissbear
ID: 24069934
Boot from the windows XP CD, press the "R" key in the setup in order to start the recovery console. Select your windows XP installation from the list, and enter the administrator password.
Enter the command: "fixmbr" (without the quotes) at the command prompt and confirm the next question with a "Y" (without the quotes). Use exit to restart the computer.
0
 

Author Comment

by:StevePimer
ID: 24069952
Thank you for the quick response.  Right now I am scanning the entire drive in question hooked up as an external hard drive via USB connection on a known good system.  At this point no issues have surfaced and I am about 90% done the scan.  The scan should end in about 10 minutes.  I assume it will be clean since I think the files that McAfee indicates are infected are false positives created by the possible MBR issue.

As soon as this completes I will follow your instructions and advise you of the outcome.

Just for the record, would my Windows 98 floppy diskette solution have worked also?
0
 
LVL 4

Accepted Solution

by:
blissbear earned 500 total points
ID: 24069984
I'm not certain if the XP and 98 mbr bootstrap code are identical or even compatible.  You could give it a shot, but I'd play it safe with the XP bootdisk :)
0
 

Author Closing Comment

by:StevePimer
ID: 31566691
The full scan of the entire hard drive as an external came up clean.  I reinstalled the drive, started the system with the Windows XP Pro CD and booted to recovery console as you suggested.  I then fan fixmbr.  It advised me that the boot sector was non-standard and attempting to fix it may leave all partitions unaccessible.  I figured I had nothing to loose at that point, expecially since I had a recent Acronis TrueImage backup of the drive and could restore it if necessary, so I proceeded.  It told me that the Master boot record had been rebuilt sucessfully.  I the removed the CD and rebooted and the system came up perfectly.  I then double checked the suspected infected files from the McAfee printout and they all came up clean.

Thank you for all your help.  I have been a computer consultant for 30 plus years and you still learn something new everyday.

Once again, thanks.

Steve
0

Featured Post

Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

It is only natural that we all want our PCs to be in good working order, improved system performance, so that is exactly how programs are advertised to entice. They say things like:            •      PC crashes? Get registry cleaner to repair it!    …
The password reset disk is often mentioned as the best solution to deal with the lost Windows password problem. In Windows 2008, 7, Vista and XP, a password reset disk can be easily created. But besides Windows 7/Vista/XP, Windows Server 2008 and ot…
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question