How to Remove MBR Virus?

[cheap_kaspersky]

I am running windows vista 32 bits. However since i installed the vista there is something strange when start booting. Sometimes weird binary codes automatically written itself on the screen, at other times it says missing GLDR or NTLDR.

Now i suspected a virus, worms, or trojans is infecting the Master Boot Record.

I run kaspersky scan, no virus is found. However there are two strange file in windows that is password protected which Kaspersky did not scan. Below is the two file.

C:\Windows\Setup\Scripts\Biestart.exe
C:\Windows\Setup\Scripts\Start.exe

How the my question is how can i detect anymore MBR viruses in the boot sector and remove them once and for all. As well as scanning the two password protected files to check if it contains virus

Hope to hear perfect solutions.

[Maxforu]

When disinfecting a boot sector virus, the system should always be booted from a known clean system disk. Microsoft provides a customized antivirus tool that can be used for these types of viruses. Whether you use a third-party antivirus program or AVBoot, be sure to regularly update the virus signature files. Once you install an antivirus program, immediately update the signature files, usually through an Internet connection. On a DOS-based PC, a bootable system disk can be created on a clean system running the exact same version of DOS as the infected PC. From a DOS prompt, type:SYS C:\ A:\ and press enter. This will copy the system files from the local hard drive (C:\) to the floppy drive (A:\).

[Rawko]

Try doing this -

* Boot your system into MS-DOS with a bootable disk or floppy.
* Type fdisk /mbr and press ENTER
* Restart

Hope this helps you.

[cheap_kaspersky]

When disinfecting a boot sector virus, the system should always be booted from a known clean system disk. Microsoft provides a customized antivirus tool that can be used for these types of viruses. Whether you use a third-party antivirus program or AVBoot, be sure to regularly update the virus signature files. Once you install an antivirus program, immediately update the signature files, usually through an Internet connection. On a DOS-based PC, a bootable system disk can be created on a clean system running the exact same version of DOS as the infected PC. From a DOS prompt, type:SYS C:\ A:\ and press enter. This will copy the system files from the local hard drive (C:\) to the floppy drive (A:\).

Can you explain in simple how the booting is done and what should i do first?

[deoWo]

Boot-sector viruses are spread to computer systems by booting, or attempting to boot, from an infected floppy disk. Even if the disk does not contain the MS-DOS system files needed to successfully boot, an attempt to boot from an infected disk will load the virus into memory.

Check this microsoft guide for more information : Methods to Detect a Boot-Sector Virus

[cheap_kaspersky]

Boot-sector viruses are spread to computer systems by booting, or attempting to boot, from an infected floppy disk. Even if the disk does not contain the MS-DOS system files needed to successfully boot, an attempt to boot from an infected disk will load the virus into memory.

Check this microsoft guide for more information : Methods to Detect a Boot-Sector Virus

Hmm...you are directing to a page where i need to read again which i have done before. Can anyone find a straight forward solution without explaining too many and directing to other sites

[Hardwareman]

Here are some thread made on how to remove virus from your computer I think you just look at the solution & you will definitely can remove all the infected virus on your computer.... Hope this helps you.....!

http://forums.techarena.in/windows-x...ort/776842.htm
http://forums.techarena.in/guides-tutorials/501102.htm
Can't remove spyware virus

[RoninBlade]

To remove a boot sector virus you will need to boot your system with a clean system disk. First you will have to create a startup disk. In a different pc which is not infected with virus and ruining on the same os run the dos tool. Insert a floppy and give the command SYS C:\ A:\. Press enter. If the disk is not formatted then use Format /S command and then give the above command back. Insert the disk in your system and boot your computer.

[Curt]

Running Fdisk /mbr in MS-DOS overwrites only the first 446 bytes of the MBR, the portion known as the master boot code, leaving the existing partition table intact. However, if the signature word, the last two bytes of the MBR, has been deleted, the partition table entries are overwritten with zeroes. If an MBR virus overwrites the signature word, access to all partitions and logical volumes is lost.

Fixmbr command

The Recovery Console, a troubleshooting tool in Windows , offers a feature called Fixmbr . However, it functions identically to the Fdisk /mbr command, replacing only the master boot code and not affecting the partition table. For this reason, it is also unlikely to help resolve an infected MBR.

[cheap_kaspersky]

Alright i appreciate all your help. I try the whole day to manage scan the boot disk and remove the virus. And i found a tutorial using the Kaspersky Rescue Disk. Now the disk is clean and need reformat. I need to reinstall with Windows XP. Thanks all with so many of your help