Re: virus help

On Tue, 21 Mar 2006 00:01:23 GMT, Art <null@xxxxxxxxx> wrote:

I'm tempted to try Windows versions of
NOD32 and Bit Defender to see if at least one or two more av might
detect the Trojanized MBR ... and not just KAV.

Just a follow-up to say that both BF and NOD32 alert on
the Trojanized MBR. NOD32 calls it Trojan.Dins.A and
BF calls it Backdoor.Boot.Dins.A

I might add that this freeware command line util:

http://www.geocities.com/mbrwizard/index2.html

has proved to be very useful for copying the MBR sectors
to image file and vice versa. There are two basic types ...
a Win NT based OS type and a DOS type that works with
both DOS and Win 9X/ME. I'm working with the v 1.53
versions and not the Beta 2.0 versions.

For an example of how these come in handy, right after
installing a trial of NOD32 I let it go ahead and reboot,
forgetting that I had the bad MBR on my main drive.
Fortunately, I had the DOS version (mbrwizd) and a
good image file on a DOS boot disk which saved me from
having to use my cloned backup drive.

It's a good idea, I think, to use some of these "minor"
backup/restore utils ... this one for the MBR and another
like CMOSSAVE for the CMOS. I've found ERUNT for
registry backup is also invaluable for a tinkerer like me
who far too often causes problems. One of these days
I might even get hit with malware. But so far, I'm
my PC's worst enemy :)

Art
http://home.epix.net/~artnpeg
.

Relevant Pages

  • Re: Administratorkennwort-Problem
    ... DOS von Diskette die WD Lifeguard-Tools 11 weil das damit blitzschnell ... Die Lifeguardtools haben ihr eigenes grafisches DOS, ... Hast Du nicht: Bootsektor MBR! ...
    (microsoft.public.de.german.windowsxp.setup)
  • Re: SDI2HD doesnt create a bootable disk
    ... but if I do an FDISK /MBR, won't it add the DOS ... Wouldn't I want to run BOOTPREP instead to get an MBR that looks for ... Rebooted the target device using the floppy. ... and when I reboot I get a blank screen with a blinking cursor. ...
    (microsoft.public.windowsxp.embedded)
  • Re: MBR Partition Table
    ... guess that's why some call it Partition Tragic. ... >the MBR by using dos and typing FDISK /MBR or using the ... >PM that allows you to rebuild the MBR. ... >> dos fine. ...
    (microsoft.public.windowsxp.hardware)
  • Re: Fehler "Betriebssystem nicht vorhanden"
    ... > unter DOS laufen. ... ein LowLevel-Formater macht im Großen und Ganzen auch nichts anderes. ... Wenn schon TestDisk den MBR nicht weg kriegt. ...
    (microsoft.public.de.german.windowsxp.setup)
  • Re: Operating system design questions
    ... the MBR does get copied to that location. ... But the partition table only takes up one eigth ... And I'm pretty sure DOS uses segment ... what would you expect from DOS anyway). ...
    (comp.os.linux.development.system)