Tutorials - Removing boot sector viruses
| Summary: |
Information covering the removal of boot sector viruses from the hard drive.
|
| Updated: |
20 March 2002 |
| Author: |
Matt Ham |
| Company: |
Virus Bulletin |
Procedure
Removal of boot sector viruses from the hard drive
The process needed to remove this type of virus from hard drive and memory is as follows:
NOTE: The instructions below are for Windows 95, 98 and ME. Users of NT, 2K and XP
should not reboot their machine and should consult their anti-virus vendor for case-by-case support.
The process below will not remove viruses from infected floppies, these must be scanned and disinfected
after the memory and hard drive are clean.
- Boot the machine from a clean, write-protected floppy system diskette.
- This will take you to the DOS prompt (something like A:\> .)
- You now need to run your anti-virus scanner or disinfect manually.
AV scanner
To do this, browse to the necessary location on your hard drive then run your anti-virus scanner from the command-line.
The location of the command-line scanner varies between products, consult your anti-virus product documentation for details.
Manual
The process described here will remove boot sector viruses from the master boot record (MBR) of hard disks. Since there are several boot sector viruses which also infect files, the method of disinfection using an AV scanner is preferable. It is also possible that in some cases this process will leave some or all of the hard-drive unreadable, the check described should lessen this danger but users are advised that success is not guaranteed. Users of multi-boot systems should be aware that this may leave all but the primary DOS partition unbootable.
After a clean boot type:
DIR C:
(Where C is the drive letter of your hard disk) Do you see a correct listing of what is on the hard disk? If so, you can usually manually overwrite the viral code by issuing the following command:
FDISK /MBR
Once this is done, remove all floppy disks from your machine, and reboot as normal.
