troubleshooting Question
how can I remove the BOO/TDss.M boot sector virus from a hard disk drive set as a slave?
GMartin
asked on
asked on
Hello Everyone,
Tonight, I connected an infected hard disk drive (HDD) which had malware to a good working pc and set it as a slave. Upon running Avira Antiviral, 11 infections were found on the HDD set as a slave. This antivirus program was able to quarantine 8 of the 11. It also found code of the BOO/TDss.M boot sector virus on the secondary HDD. Avira also indicated the boot sector was not written, thus, leading me to think this virus is still embedded on the HDD. Naturally, this explains why the pc kept restarting itself when this HDD was set to be the primary HDD. When it kept restarting itself, I could not access the desktop of either, Safe Mode or Normal Mode.
At any rate, is there a way I can possibly rewrite the boot sector area, which I think is the Master Boot Record (MBR) from this good working pc with the infected HDD set as Slave? It seems like there are some command line parameters which can be used from the XP bootable installation CD. I believe the area is Recovery Console, but, I am not sure on any of this.
Any help resolving this issue will be deeply appreciated. Also, I have uploaded a log of the scan results from Avira as well for analysis and review. Hopefully, that will be helpful as well with respect to coming up with the proper solution.
Thank you.
George
AVSCAN-20110904-023610-9A3836C0.LOG
Tonight, I connected an infected hard disk drive (HDD) which had malware to a good working pc and set it as a slave. Upon running Avira Antiviral, 11 infections were found on the HDD set as a slave. This antivirus program was able to quarantine 8 of the 11. It also found code of the BOO/TDss.M boot sector virus on the secondary HDD. Avira also indicated the boot sector was not written, thus, leading me to think this virus is still embedded on the HDD. Naturally, this explains why the pc kept restarting itself when this HDD was set to be the primary HDD. When it kept restarting itself, I could not access the desktop of either, Safe Mode or Normal Mode.
At any rate, is there a way I can possibly rewrite the boot sector area, which I think is the Master Boot Record (MBR) from this good working pc with the infected HDD set as Slave? It seems like there are some command line parameters which can be used from the XP bootable installation CD. I believe the area is Recovery Console, but, I am not sure on any of this.
Any help resolving this issue will be deeply appreciated. Also, I have uploaded a log of the scan results from Avira as well for analysis and review. Hopefully, that will be helpful as well with respect to coming up with the proper solution.
Thank you.
George
AVSCAN-20110904-023610-9A3836C0.LOG
Join the community to see this answer!
Join our exclusive community to see this answer & millions of others.
Unlock 1 Answer and 7 Comments.
Learn from the best
Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.
Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 7 Comments.
Try for 7 days”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.