Way to prevent Boot Sector being Clobbered in Win XP
I have a customer whose boot sector got overwritten for the second time in two months. Computer is a Dell Inspiron 530 desktop running XP SP3.
Is there a way to back up the boot record? Fixboot and Fixmbr did not work.
I have the hard drive that wouldn't boot because of the overlay.
Is there a way to figure out what clobbered it?
If I make her primary id a limited id might that prevent it from happening again? That’s going on the assumption that it’s some program she’s running that’s doing this and without administrative privileges it couldn’t access that area of the hard drive.
Thanks,
Al
Is there a way to back up the boot record? Fixboot and Fixmbr did not work.
I have the hard drive that wouldn't boot because of the overlay.
Is there a way to figure out what clobbered it?
If I make her primary id a limited id might that prevent it from happening again? That’s going on the assumption that it’s some program she’s running that’s doing this and without administrative privileges it couldn’t access that area of the hard drive.
Thanks,
Al
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You mention that the customer is "risk averse," which makes me wonder if she's running a product called "Goback," (most recently offered by Symantec/Norton, I think) which is the ultimate product for the risk averse. While it's (in my opinion) a great product, it does muck with the boot record, and its mucking around can be conflicted with by other products that also insist on messing with the boot records, like Adobe paid-for products which, as part of their registration/copy protection scheme re-write the boot record. If she is having repeated boot record problems and there's no possibility of a virus per Malwarebytes and other checkers, I'd be looking for a conflict between Adobe products and something else, like Goback, that needs its own modification to the boot record to "stick".
For info on what Adobe does to the boot record, search around for an article called something like, "Hey Adobe, leave my boot record alone".
For info on what Adobe does to the boot record, search around for an article called something like, "Hey Adobe, leave my boot record alone".
ASKER
No Goback on the computer. I've seen quite a few problems with the product, including one bug where it kept computers from booting. It also seems to use lots of resources and it didn't allow Acronis to do full disk backups, which is my main defense against computer meltdowns.
Thanks again,
Al
Thanks again,
Al
alanlsilverman,
Well you have to closely research/find your customers software use pattern then, if it wasn't a virus, it ought to be some 3rd party software other than Operating System's Applications/Services for sure.There should be a software thats causing this havoc for sure, maybe its a trusted s/w hence not blocked by any Security SW.
moreover I am not a supporter of use of ZoneAlarm and Malwarebytes, these softwares have a very strong track record of false positives and inadequate detection/security! Better go with some trusted old brands like Norton !
Its very hard to digest that one morning the PC's MBR gets corrupted without any external intervention...so it ought to be due to some action by the user, you have to find that and get rid of same to prevent any future pain!
Better take a backup!
Regards,
Sujith
Well you have to closely research/find your customers software use pattern then, if it wasn't a virus, it ought to be some 3rd party software other than Operating System's Applications/Services for sure.There should be a software thats causing this havoc for sure, maybe its a trusted s/w hence not blocked by any Security SW.
moreover I am not a supporter of use of ZoneAlarm and Malwarebytes, these softwares have a very strong track record of false positives and inadequate detection/security! Better go with some trusted old brands like Norton !
Its very hard to digest that one morning the PC's MBR gets corrupted without any external intervention...so it ought to be due to some action by the user, you have to find that and get rid of same to prevent any future pain!
Better take a backup!
Regards,
Sujith
Absolutely right that Goback is incompatible with Acronis and does hog some resources. In case you have customers who, nevertheless, want to use Goback, it is fully compatible with Norton Ghost (in that Ghost can do a full, bootable image even with Goback running).
did you try the other 2 commands?
ASKER
nobus, I didn’t do all of the commands when I first began working on the problem. That was before you commented on my post. I will use them if I ever see this again.
Akahan I’ve downloaded mbrwiz onto her computer and backed up the mbr to her secondary drive. I hope this never hits again but if it does I’ll have that to try also.
Sujith,
In this case the customer had been using ZoneAlarm suite so I had her continue with it. I added Malwarebytes because it’s been one of the few things that’s been able to handle recent malware and doesn’t use a great deal of system resources.
About Norton, I’m curious what the others have to say. I stopped using Norton years ago because it slowed down customer’s systems and for awhile their Internet Security stopped people from accessing the Internet. Their recent products may be better.
When I set up computers from scratch I put on Avast free anti-virus, Zone Alarm free firewall, and pay for Malwarebytes. That’s all I’ll pay for. I also sometimes use Spybot and Adaware Anti-Malware, but they seem to be resource hogs. I’ve also started making their primary ids limited ids.
If a customer can pay for it, I always set up secondary drives with two Acronis full drive backups once a week and two document backups, alternating daily. That’s what this customer has. I could have just restored a full backup but I didn't want to overwrite recent documents on her hard drive.
Best regards,
Al
Akahan I’ve downloaded mbrwiz onto her computer and backed up the mbr to her secondary drive. I hope this never hits again but if it does I’ll have that to try also.
Sujith,
In this case the customer had been using ZoneAlarm suite so I had her continue with it. I added Malwarebytes because it’s been one of the few things that’s been able to handle recent malware and doesn’t use a great deal of system resources.
About Norton, I’m curious what the others have to say. I stopped using Norton years ago because it slowed down customer’s systems and for awhile their Internet Security stopped people from accessing the Internet. Their recent products may be better.
When I set up computers from scratch I put on Avast free anti-virus, Zone Alarm free firewall, and pay for Malwarebytes. That’s all I’ll pay for. I also sometimes use Spybot and Adaware Anti-Malware, but they seem to be resource hogs. I’ve also started making their primary ids limited ids.
If a customer can pay for it, I always set up secondary drives with two Acronis full drive backups once a week and two document backups, alternating daily. That’s what this customer has. I could have just restored a full backup but I didn't want to overwrite recent documents on her hard drive.
Best regards,
Al
tx for the feedback !
I wouldn't wish Norton on my worst enemy. In my experience, it causes more problems than it prevents: slowdowns, and prevents users from doing legitimate things that they need to do. Nothing hacks users off more than "security" programs that prevent them from getting their work done.
In my experience, Malwarebytes is probably the single best overall malware killer, though it seems to work much better when set up so that the user has to remember to periodically update and scan. When Malwarebytes is set up to run all the time, protecting the machine on the fly (which only the paid version does), my experience is that it causes crashes, prevents normal shutdown, and is otherwise annoying.
In my experience, Malwarebytes is probably the single best overall malware killer, though it seems to work much better when set up so that the user has to remember to periodically update and scan. When Malwarebytes is set up to run all the time, protecting the machine on the fly (which only the paid version does), my experience is that it causes crashes, prevents normal shutdown, and is otherwise annoying.
ASKER
akahan,
I wish I knew that about Malwarebytes before I put it on my client's computers. But it figures. The free version works and you pay for the buggy one.
After seeing the newest versions of Antivirus 2010, I decided my clients needed a program to prevent malware from getting on in the first place. Spybot resident and the Adaware Anti-Malware seem to do it, but sometimes they suck up so much cpu it’s like they take over the computer.
Now I’m not even sure Malwarebytes prevents malware from getting on. A customer of mine had the paid version and I also set him up with a limited id. The other day malware popped up with fake warnings. I don’t know what the customer did or where surfed. It also stopped by itself after a day or so. I have no idea why. I suspect the automatic scan did it. But it troubles me that with all the protection I put on he still saw it.
I do my best.
Al
I wish I knew that about Malwarebytes before I put it on my client's computers. But it figures. The free version works and you pay for the buggy one.
After seeing the newest versions of Antivirus 2010, I decided my clients needed a program to prevent malware from getting on in the first place. Spybot resident and the Adaware Anti-Malware seem to do it, but sometimes they suck up so much cpu it’s like they take over the computer.
Now I’m not even sure Malwarebytes prevents malware from getting on. A customer of mine had the paid version and I also set him up with a limited id. The other day malware popped up with fake warnings. I don’t know what the customer did or where surfed. It also stopped by itself after a day or so. I have no idea why. I suspect the automatic scan did it. But it troubles me that with all the protection I put on he still saw it.
I do my best.
Al
hi! all ...now here's what happens with the new breed of less known Anti virus suites. They are more likely to fail or allow an intrusion. I admit that any Anti Virus/Internet Security Suites(AVS) solution are resource hogging! & even may end up restricting even legitimate use but all i can say is these AVSuites are necessary evils! (atleast for common end users)
Now one needs to understand the working of these sw prior we tag them as resource hogging/evils ! and all.
In short any security software rely on the extensive and frequently updating definition database along with a good Artificial Intelligence (heuristic) to nail new and ever evolving intelligent malwares!
Keeping this fact in mind Norton / Mcafee / Kaspersky are the credible and trusted world players! Norton for that matter was one of the first Antivirus ever for a MS system,before it was bought by Symantec. Still Symantec supplies and maintains most of the threat database to different agencies!
The latest editions of these, due to the peer competition is extremely light on resources!
I know this is an ever ending debate ! This is good to debate till we get stumped by a malware !
Now one needs to understand the working of these sw prior we tag them as resource hogging/evils ! and all.
In short any security software rely on the extensive and frequently updating definition database along with a good Artificial Intelligence (heuristic) to nail new and ever evolving intelligent malwares!
Keeping this fact in mind Norton / Mcafee / Kaspersky are the credible and trusted world players! Norton for that matter was one of the first Antivirus ever for a MS system,before it was bought by Symantec. Still Symantec supplies and maintains most of the threat database to different agencies!
The latest editions of these, due to the peer competition is extremely light on resources!
I know this is an ever ending debate ! This is good to debate till we get stumped by a malware !
ASKER
I spoke too soon and closed that other problem too quickly. Acronis said that it restored the sector but the symptoms just changed, it didn’t successfully boot. I finally had my client bring the computer to me. I restored it from a Acronis full backup and then restored her most recent documents from the original hard drive.
Sujith_Nair and acl-puzz,
This customer is using the full paid for Zone Alarm Suite. I also put the paid for version of Malwarebytes on her computer. This customer is very risk averse, if you understand about such customers. My gut feel is that it wasn’t a virus or malware.
nobus,
The first symptom for this occurrence was a flashing cursor at boot. I had her do a chkdsk /r then fixmbr that said it was successful, then fixboot, which got an error. After that it was no luck.
I’m troubled that restoring the mbr and boot record with Acronis didn’t work. Akahan, I’ll try mbrwizard and hope it works.
Thanks for all your help,
Al