Boot Record Alert: NAV 2003

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

Wayne R. Russ

Your Boot Record, which contains critical startup information,has changed,
This change is acceptable if you have upgraded your OS, Installed HD, or run
SW that modifies HD.If not an unknown virus may have infected your system.

If your aware unsure, ignore, run Live Update and scan

Change expected, update
11 answers Last reply
More about boot record alert 2003
  1. Archived from groups: microsoft.public.win98.gen_discussion (More info?)

    This is a potentially serious issue. If you don't know enough to understand
    that message, you should have someone who does check it out. The first
    question is whether or not you can recall doing *anything* that might
    naturally prompt this message. The change we're looking for occurred
    sometime just before or just after the last successful startup. Did you
    install any hardware? Did you notice any "Adding new hardware" messages
    during that last successful startup? Did you install or update/upgrade any
    new software? If the answer to all of these questions is no, then you may
    have a boot sector virus, you may have a hard drive on its way to failure.

    Are you waiting for advice before pressing the Update button? Or have you
    already proceeded to finish starting up?

    --
    Gary S. Terhune
    MS-MVP Shell/User

    "Wayne R. Russ" <NOwaynerrSPAM@olg.com> wrote in message
    news:11gcjp62i4aoia8@corp.supernews.com...
    >
    >
    >
    > Wayne R. Russ
    >
    > Your Boot Record, which contains critical startup information,has changed,
    > This change is acceptable if you have upgraded your OS, Installed HD, or
    > run
    > SW that modifies HD.If not an unknown virus may have infected your system.
    >
    > If your aware unsure, ignore, run Live Update and scan
    >
    > Change expected, update
    >
    >
    >
  2. Archived from groups: microsoft.public.win98.gen_discussion (More info?)

    > Change expected, update

    What's wrong then?
  3. Archived from groups: microsoft.public.win98.gen_discussion (More info?)

    Hi, I posted by mistake. I had not completely composed the post yet. I have
    not added any hardware, nor gotten any Adding New Hardware messages.

    I was doing something a while back with the software, I do not recall
    what, then I got the alert. I thought that might have changed the Boot
    Record. I chose to allow NAV to let the change occur. Now, I will go for a
    short time fine then scan with NAV and it will give an alert. I choose
    ignore. The alert goes away and the scan is clean. I scan again and no alert
    for a short time.

    I am trying to narrow in on when the alert starts to appear, what
    triggers it. The system seem to run fine otherwise. NAV scans are clean.
    Ad-Aware scans are clean. Spybot scans are clean.

    How would I go about getting rid of a Boot Sector Virus ?

    I would have tried to think this post out a little more first, but it
    posted originally by mistake. If you have any advice, I am all ears,


    Thank You So Much,

    Wayne R. Russ
    "Gary S. Terhune" <grystnews@mvps.org> wrote in message
    news:uQYuliQpFHA.2580@TK2MSFTNGP09.phx.gbl...
    > This is a potentially serious issue. If you don't know enough to
    understand
    > that message, you should have someone who does check it out. The first
    > question is whether or not you can recall doing *anything* that might
    > naturally prompt this message. The change we're looking for occurred
    > sometime just before or just after the last successful startup. Did you
    > install any hardware? Did you notice any "Adding new hardware" messages
    > during that last successful startup? Did you install or update/upgrade any
    > new software? If the answer to all of these questions is no, then you may
    > have a boot sector virus, you may have a hard drive on its way to failure.
    >
    > Are you waiting for advice before pressing the Update button? Or have you
    > already proceeded to finish starting up?
    >
    > --
    > Gary S. Terhune
    > MS-MVP Shell/User
    >
    > "Wayne R. Russ" <NOwaynerrSPAM@olg.com> wrote in message
    > news:11gcjp62i4aoia8@corp.supernews.com...
    > >
    > >
    > >
    > > Wayne R. Russ
    > >
    > > Your Boot Record, which contains critical startup information,has
    changed,
    > > This change is acceptable if you have upgraded your OS, Installed HD, or
    > > run
    > > SW that modifies HD.If not an unknown virus may have infected your
    system.
    > >
    > > If your aware unsure, ignore, run Live Update and scan
    > >
    > > Change expected, update
    > >
    > >
    > >
    >
    >
  4. Archived from groups: microsoft.public.win98.gen_discussion (More info?)

    First thing I'd probably do is use a bootable floppy or CD with F-Prot for
    DOS to scan the entire system. For F-Prot, go to
    http://www.f-prot.com/products/home_use/dos/. If you use a floppy boot disk,
    make sure it's write-protected before running it. Best practice suggests
    that you download and create the disk on a different, known-safe machine.

    Next thing I'd do is run a full hard drive diagnostic test from a bootable
    floppy or CD, preferably using tools from the disk's manufacturer, but some
    of the major ones work on many brands. Make sure the drive isn't failing.

    If both of the above tests come up clean, then it's down to some software
    you installed. Too bad you don't remember what that app was. But it would
    have to be an app that can change boot records, perhaps a partitioning app
    like Partition Magic, BootIt NG, etc.

    Or, it's a false report from Norton. Which wouldn't surprise me. I don't
    like Norton.

    --
    Gary S. Terhune
    MS-MVP Shell/User

    "Wayne R. Russ" <NOwaynerrSPAM@olg.com> wrote in message
    news:11gcoe4e6v9bjaf@corp.supernews.com...
    > Hi, I posted by mistake. I had not completely composed the post yet. I
    > have
    > not added any hardware, nor gotten any Adding New Hardware messages.
    >
    > I was doing something a while back with the software, I do not recall
    > what, then I got the alert. I thought that might have changed the Boot
    > Record. I chose to allow NAV to let the change occur. Now, I will go for a
    > short time fine then scan with NAV and it will give an alert. I choose
    > ignore. The alert goes away and the scan is clean. I scan again and no
    > alert
    > for a short time.
    >
    > I am trying to narrow in on when the alert starts to appear, what
    > triggers it. The system seem to run fine otherwise. NAV scans are clean.
    > Ad-Aware scans are clean. Spybot scans are clean.
    >
    > How would I go about getting rid of a Boot Sector Virus ?
    >
    > I would have tried to think this post out a little more first, but it
    > posted originally by mistake. If you have any advice, I am all ears,
    >
    >
    >
    > Thank You So Much,
    >
    > Wayne R. Russ
    > "Gary S. Terhune" <grystnews@mvps.org> wrote in message
    > news:uQYuliQpFHA.2580@TK2MSFTNGP09.phx.gbl...
    >> This is a potentially serious issue. If you don't know enough to
    > understand
    >> that message, you should have someone who does check it out. The first
    >> question is whether or not you can recall doing *anything* that might
    >> naturally prompt this message. The change we're looking for occurred
    >> sometime just before or just after the last successful startup. Did you
    >> install any hardware? Did you notice any "Adding new hardware" messages
    >> during that last successful startup? Did you install or update/upgrade
    >> any
    >> new software? If the answer to all of these questions is no, then you may
    >> have a boot sector virus, you may have a hard drive on its way to
    >> failure.
    >>
    >> Are you waiting for advice before pressing the Update button? Or have you
    >> already proceeded to finish starting up?
    >>
    >> --
    >> Gary S. Terhune
    >> MS-MVP Shell/User
    >>
    >> "Wayne R. Russ" <NOwaynerrSPAM@olg.com> wrote in message
    >> news:11gcjp62i4aoia8@corp.supernews.com...
    >> >
    >> >
    >> >
    >> > Wayne R. Russ
    >> >
    >> > Your Boot Record, which contains critical startup information,has
    > changed,
    >> > This change is acceptable if you have upgraded your OS, Installed HD,
    >> > or
    >> > run
    >> > SW that modifies HD.If not an unknown virus may have infected your
    > system.
    >> >
    >> > If your aware unsure, ignore, run Live Update and scan
    >> >
    >> > Change expected, update
    >> >
    >> >
    >> >
    >>
    >>
    >
    >
  5. Archived from groups: microsoft.public.win98.gen_discussion (More info?)

    "Wayne R. Russ" <NOwaynerrSPAM@olg.com> wrote in message
    news:11gcoe4e6v9bjaf@corp.supernews.com...
    > Hi, I posted by mistake. I had not completely composed the post yet. I have
    > not added any hardware, nor gotten any Adding New Hardware messages.
    >
    > I was doing something a while back with the software, I do not recall
    > what, then I got the alert.

    What software? Even a simple thing such as naming a volume will toss up that
    alert.


    I thought that might have changed the Boot
    > Record. I chose to allow NAV to let the change occur. Now, I will go for a
    > short time fine then scan with NAV and it will give an alert. I choose
    > ignore. The alert goes away and the scan is clean. I scan again and no alert
    > for a short time.

    By letting NAV accept the change and then choosing to ignore it during a scan
    will show the scan results as clean. I suggest not ignoring it, quarantine it
    without deleting it and checking out what it may be in the quarantine report.
    Reports > Quarantined items (view report).
    Click once on the file to hilite.
    On the toolbar click Properties for information on it.


    > I am trying to narrow in on when the alert starts to appear, what
    > triggers it. The system seem to run fine otherwise. NAV scans are clean.
    > Ad-Aware scans are clean. Spybot scans are clean.
    >
    > How would I go about getting rid of a Boot Sector Virus ?
    >
    > I would have tried to think this post out a little more first, but it
    > posted originally by mistake. If you have any advice, I am all ears,


    If you want to really check your machine, run a virus scan in DOS.
    http://www.f-prot.com/products/home_use/dos/ free

    Make sure you get the latest definitions which are accessible from the same
    page.

    Create a new folder named fprot or whatever you wish, preferrably on a
    separate drive/partition.
    Extract the downloaded files to that folder.
    Reboot to pure DOS from the startup menu by selecting DOS Command Prompt.
    At the prompt change to the drive/directory where the fprot folder is at.
    Once in the directory type: fprot\f-prot.exe and press Enter.

    You will have to navigate with the keyboard if you have not set up the mouse to
    run in DOS.

    Set up the scan as you wish and run it.

    When finished press Alt+F and close.
    Press Ctrl+Alt+Del or type win at the prompt to reboot.

    --

    Brian A. Sesko { MS MVP_Shell/User }
    Conflicts start where information lacks.
    http://basconotw.mvps.org/

    Suggested posting do's/don'ts: http://www.dts-l.org/goodpost.htm
    How to ask a question: http://support.microsoft.com/kb/555375
  6. Archived from groups: microsoft.public.win98.gen_discussion (More info?)

    I Thank You Kindly before trying the suggestions Gary. I truly appreciate
    your help. You helped me one other time with a problem not so potentially
    drastic. You solved it for me. :-)

    Well, now to work.

    Wayne R. Russ

    "Gary S. Terhune" <grystnews@mvps.org> wrote in message
    news:eblwKMRpFHA.272@TK2MSFTNGP15.phx.gbl...
    > First thing I'd probably do is use a bootable floppy or CD with F-Prot for
    > DOS to scan the entire system. For F-Prot, go to
    > http://www.f-prot.com/products/home_use/dos/. If you use a floppy boot
    disk,
    > make sure it's write-protected before running it. Best practice suggests
    > that you download and create the disk on a different, known-safe machine.
    >
    > Next thing I'd do is run a full hard drive diagnostic test from a bootable
    > floppy or CD, preferably using tools from the disk's manufacturer, but
    some
    > of the major ones work on many brands. Make sure the drive isn't failing.
    >
    > If both of the above tests come up clean, then it's down to some software
    > you installed. Too bad you don't remember what that app was. But it would
    > have to be an app that can change boot records, perhaps a partitioning app
    > like Partition Magic, BootIt NG, etc.
    >
    > Or, it's a false report from Norton. Which wouldn't surprise me. I don't
    > like Norton.
    >
    > --
    > Gary S. Terhune
    > MS-MVP Shell/User
    >
    > "Wayne R. Russ" <NOwaynerrSPAM@olg.com> wrote in message
    > news:11gcoe4e6v9bjaf@corp.supernews.com...
    > > Hi, I posted by mistake. I had not completely composed the post yet. I
    > > have
    > > not added any hardware, nor gotten any Adding New Hardware messages.
    > >
    > > I was doing something a while back with the software, I do not recall
    > > what, then I got the alert. I thought that might have changed the Boot
    > > Record. I chose to allow NAV to let the change occur. Now, I will go for
    a
    > > short time fine then scan with NAV and it will give an alert. I choose
    > > ignore. The alert goes away and the scan is clean. I scan again and no
    > > alert
    > > for a short time.
    > >
    > > I am trying to narrow in on when the alert starts to appear, what
    > > triggers it. The system seem to run fine otherwise. NAV scans are clean.
    > > Ad-Aware scans are clean. Spybot scans are clean.
    > >
    > > How would I go about getting rid of a Boot Sector Virus ?
    > >
    > > I would have tried to think this post out a little more first, but it
    > > posted originally by mistake. If you have any advice, I am all ears,
    > >
    > >
    > >
    > > Thank You So Much,
    > >
    > > Wayne R. Russ
    > > "Gary S. Terhune" <grystnews@mvps.org> wrote in message
    > > news:uQYuliQpFHA.2580@TK2MSFTNGP09.phx.gbl...
    > >> This is a potentially serious issue. If you don't know enough to
    > > understand
    > >> that message, you should have someone who does check it out. The first
    > >> question is whether or not you can recall doing *anything* that might
    > >> naturally prompt this message. The change we're looking for occurred
    > >> sometime just before or just after the last successful startup. Did you
    > >> install any hardware? Did you notice any "Adding new hardware" messages
    > >> during that last successful startup? Did you install or update/upgrade
    > >> any
    > >> new software? If the answer to all of these questions is no, then you
    may
    > >> have a boot sector virus, you may have a hard drive on its way to
    > >> failure.
    > >>
    > >> Are you waiting for advice before pressing the Update button? Or have
    you
    > >> already proceeded to finish starting up?
    > >>
    > >> --
    > >> Gary S. Terhune
    > >> MS-MVP Shell/User
    > >>
    > >> "Wayne R. Russ" <NOwaynerrSPAM@olg.com> wrote in message
    > >> news:11gcjp62i4aoia8@corp.supernews.com...
    > >> >
    > >> >
    > >> >
    > >> > Wayne R. Russ
    > >> >
    > >> > Your Boot Record, which contains critical startup information,has
    > > changed,
    > >> > This change is acceptable if you have upgraded your OS, Installed HD,
    > >> > or
    > >> > run
    > >> > SW that modifies HD.If not an unknown virus may have infected your
    > > system.
    > >> >
    > >> > If your aware unsure, ignore, run Live Update and scan
    > >> >
    > >> > Change expected, update
    > >> >
    > >> >
    > >> >
    > >>
    > >>
    > >
    > >
    >
    >
  7. Archived from groups: microsoft.public.win98.gen_discussion (More info?)

    Brian,

    Thank You for explaining how to use F-Prot, among the rest.
    --

    Wayne R. Russ
    "Brian A." <gonefish'n@afarawaylake> wrote in message
    news:%23qUEnZRpFHA.3552@TK2MSFTNGP10.phx.gbl...
    > "Wayne R. Russ" <NOwaynerrSPAM@olg.com> wrote in message
    > news:11gcoe4e6v9bjaf@corp.supernews.com...
    > > Hi, I posted by mistake. I had not completely composed the post yet. I
    have
    > > not added any hardware, nor gotten any Adding New Hardware messages.
    > >
    > > I was doing something a while back with the software, I do not recall
    > > what, then I got the alert.
    >
    > What software? Even a simple thing such as naming a volume will toss up
    that
    > alert.
    >
    >
    > I thought that might have changed the Boot
    > > Record. I chose to allow NAV to let the change occur. Now, I will go for
    a
    > > short time fine then scan with NAV and it will give an alert. I choose
    > > ignore. The alert goes away and the scan is clean. I scan again and no
    alert
    > > for a short time.
    >
    > By letting NAV accept the change and then choosing to ignore it during a
    scan
    > will show the scan results as clean. I suggest not ignoring it,
    quarantine it
    > without deleting it and checking out what it may be in the quarantine
    report.
    > Reports > Quarantined items (view report).
    > Click once on the file to hilite.
    > On the toolbar click Properties for information on it.
    >
    >
    > > I am trying to narrow in on when the alert starts to appear, what
    > > triggers it. The system seem to run fine otherwise. NAV scans are clean.
    > > Ad-Aware scans are clean. Spybot scans are clean.
    > >
    > > How would I go about getting rid of a Boot Sector Virus ?
    > >
    > > I would have tried to think this post out a little more first, but it
    > > posted originally by mistake. If you have any advice, I am all ears,
    >
    >
    > If you want to really check your machine, run a virus scan in DOS.
    > http://www.f-prot.com/products/home_use/dos/ free
    >
    > Make sure you get the latest definitions which are accessible from the
    same
    > page.
    >
    > Create a new folder named fprot or whatever you wish, preferrably on a
    > separate drive/partition.
    > Extract the downloaded files to that folder.
    > Reboot to pure DOS from the startup menu by selecting DOS Command Prompt.
    > At the prompt change to the drive/directory where the fprot folder is at.
    > Once in the directory type: fprot\f-prot.exe and press Enter.
    >
    > You will have to navigate with the keyboard if you have not set up the
    mouse to
    > run in DOS.
    >
    > Set up the scan as you wish and run it.
    >
    > When finished press Alt+F and close.
    > Press Ctrl+Alt+Del or type win at the prompt to reboot.
    >
    > --
    >
    > Brian A. Sesko { MS MVP_Shell/User }
    > Conflicts start where information lacks.
    > http://basconotw.mvps.org/
    >
    > Suggested posting do's/don'ts: http://www.dts-l.org/goodpost.htm
    > How to ask a question: http://support.microsoft.com/kb/555375
    >
    >
    >
    >
  8. Archived from groups: microsoft.public.win98.gen_discussion (More info?)

    This notification can occur when:
    A boot sector virus in present
    A 3rd party boot manager is installed and resides primarily in sector zero.
    A partition change is made, usually with 3rd party software, which changes
    the mbr as a result.
    You restore an imaged partition.

    In the past, if I was unsure, I simply restored a previous image of my 98
    partition.

    NAV merely detects a change, but may not always detect it as a known virus.
    Boot sector viruses are rare.
    Some are removable, some are not with AVs.

    "Wayne R. Russ" <NOwaynerrSPAM@olg.com> wrote in message
    news:11gcjp62i4aoia8@corp.supernews.com...
    >
    >
    >
    > Wayne R. Russ
    >
    > Your Boot Record, which contains critical startup information,has changed,
    > This change is acceptable if you have upgraded your OS, Installed HD, or
    run
    > SW that modifies HD.If not an unknown virus may have infected your system.
    >
    > If your aware unsure, ignore, run Live Update and scan
    >
    > Change expected, update
    >
    >
    >
  9. Archived from groups: microsoft.public.win98.gen_discussion (More info?)

    Hi,

    Sorry, I was sick for a day.

    I couldn't see how to get all of F-Prot on a floppy, so I put it on my
    D: partition. It ran clean. I ran Western Digital's drive diagnostic twice
    and it ran clean.

    I could have POSSIBLY used Partition Magic just before the alerts starts
    started. If that is the case, how do I go about changing back to the correct
    MBR ?

    Wayne R. Russ

    >
    >
    > Wayne R. Russ
    >
    > Your Boot Record, which contains critical startup information,has changed,
    > This change is acceptable if you have upgraded your OS, Installed HD, or
    run
    > SW that modifies HD.If not an unknown virus may have infected your system.
    >
    > If your aware unsure, ignore, run Live Update and scan
    >
    > Change expected, update
    >
    >
    >
  10. Archived from groups: microsoft.public.win98.gen_discussion (More info?)

    "Wayne R. Russ" <NOwaynerrSPAM@olg.com> wrote in message
    news:11gcjp62i4aoia8@corp.supernews.com...
    >
    >
    >
    > Wayne R. Russ
    >
    > Your Boot Record, which contains critical startup information,has changed,
    > This change is acceptable if you have upgraded your OS, Installed HD, or run
    > SW that modifies HD.If not an unknown virus may have infected your system.
    >
    > If your aware unsure, ignore, run Live Update and scan
    >
    > Change expected, update

    Many times NSW will give that message right after you do a definitions update
    and then run a scan on a file or the whole computer.
    I have NSW2003Pro and , believe me, it is very common after using LiveUpdate.
    When in doubt, choose restore, and immediately update to the latest definitions
    and run another scan.
  11. Archived from groups: microsoft.public.win98.gen_discussion (More info?)

    If you used PM to do some partition work, you don't want to
    revert back the MBR sector to the previous. Just tell NAV
    "change expected, update". It will update it's data to
    match the new MBR.


    "Wayne R. Russ" <NOwaynerrSPAM@olg.com> wrote in message news:11ggtio5qpq3oce@corp.supernews.com...
    > Hi,
    >
    > Sorry, I was sick for a day.
    >
    > I couldn't see how to get all of F-Prot on a floppy, so I put it on my
    > D: partition. It ran clean. I ran Western Digital's drive diagnostic twice
    > and it ran clean.
    >
    > I could have POSSIBLY used Partition Magic just before the alerts starts
    > started. If that is the case, how do I go about changing back to the correct
    > MBR ?
    >
    > Wayne R. Russ
    >
    >>
    >>
    >> Wayne R. Russ
    >>
    >> Your Boot Record, which contains critical startup information,has changed,
    >> This change is acceptable if you have upgraded your OS, Installed HD, or
    > run
    >> SW that modifies HD.If not an unknown virus may have infected your system.
    >>
    >> If your aware unsure, ignore, run Live Update and scan
    >>
    >> Change expected, update
    >>
    >>
    >>
    >
    >
Ask a new question

Read More

Boot Microsoft HD Windows