Sign in with
Sign up | Sign in
Your question

how can I remove a boot sector virus?

Last response: in Windows XP
Share
Anonymous
June 30, 2004 9:27:01 AM

Archived from groups: microsoft.public.windowsxp.newusers (More info?)

I have recently had my pc formatted and win xp home reinstalled because of viruses coming from the internet, I installed pc-cillin as soon as I got my pc back and it is now showing a virus called VBS_FREELINK everytime I turn my computer on, it is successfully quarantining any other viruses it is finding but this one still comes on everytime I put my pc on, I was going to uninstall pc-cillin and install a recommended one from the internet but some viruses have been found in windows files and when I went to uninstall it said all the files it found viruses in would also be uninstalled I was a bit worried about the windows files also being deleted, I don't know if they are important files or not,and as the files can't be cleaned I don't know what to do, can anyone help?
Anonymous
June 30, 2004 12:31:18 PM

Archived from groups: microsoft.public.windowsxp.newusers (More info?)

BarnsleyKatie said in
news:0D66BD59-B1AB-4139-B7A2-1D5CDF52A00F@microsoft.com:
> I have recently had my pc formatted and win xp home reinstalled
> because of viruses coming from the internet, I installed pc-cillin as
> soon as I got my pc back and it is now showing a virus called
> VBS_FREELINK everytime I turn my computer on, it is successfully
> quarantining any other viruses it is finding but this one still comes
> on everytime I put my pc on, I was going to uninstall pc-cillin and
> install a recommended one from the internet but some viruses have
> been found in windows files and when I went to uninstall it said all
> the files it found viruses in would also be uninstalled I was a bit
> worried about the windows files also being deleted, I don't know if
> they are important files or not,and as the files can't be cleaned I
> don't know what to do, can anyone help?

By boot sector virus, that could mean an infection of the boot sector
for the partition containing the OS (i.e., it has the loader for the OS
in the first sector of that partition) or it could mean the bootstrap
code in the first 460 bytes of the first physical sector on the hard
disk (which is not in any partition).

If you mean the *partition's* boot sector (for the OS) then boot using
the install CD for Windows XP and run the first Repair option which will
load the Recovery Console from a ramdisk (and doesn't use the hard drive
for booting). This requires that your BIOS supports booting from the CD
drive. Then run the 'fixboot' command. This is supposed to overwrite
the boot sector. You may have to specify the drive letter of which
partition to fix. See the following article:

Description of the Windows XP Recovery Console
http://support.microsoft.com/?id=314058

Note that Microsoft's terminology is a bit different than the common
terms used by users. To Microsoft the "system partition" is what you
and I would refer to as the boot partition because that is where the
loader program is located in the boot sector to start booting the system
(for Windows 2000/XP, the system partition has NTLDR, boot.ini, and
NTDETECT.COM). After the loader loads, uses NTDETECT.COM to do the
hardware checking, and reads boot.ini, then it loads the rest of the OS
files which may be on the same or different partition. Where are those
other files is what Microsoft calls the "boot partition" (which to you
and me is where the rest of the system files are found and loaded). See
Microsoft's KB article at http://support.microsoft.com/?id=314470. For
most users, the system and boot partition is the same, but you can have
C: as the system (boot) partition and the rest of the OS on drive D: as
the boot (system) partition. Make sure fixboot fixes the "system
partition".

If instead it is the bootstrap code in the MBR (sector 0 on the hard
disk) that is infected, use the Recovery Console to run the 'fixmbr'
command. However, if the virus also moved the partition table to a
non-standard location in the MBR (master boot record), the replaced
standard bootstrap program installed by fixmbr won't know how to find
the partition table and you will lose all your partitions (actually the
partitions are still there but the standard bootstrap code cannot find
the moved partition table, and you'll need a utility to search for the
partitions to recreate a new partition table for them).

As always, everything you do on your system is at your own risk. Even
if infected, be sure to backup your disks, like creating a disk image,
so you can start again if the cure is worse than the disease.

--
____________________________________________________________
*** Post replies to newsgroup. Share with others.
*** Email domain = ".com" *AND* append "=NEWS=" to Subject.
____________________________________________________________
!