Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Master Boot Record


  • Please log in to reply
5 replies to this topic

#1 arial

arial

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:17 AM

Posted 01 November 2007 - 02:57 PM

i am fairly certain i have a trojan or rootkit on my pc. am running xp pro. so i want to reformat. at one point i had dual booted xp pro on two seagate hardrives. i used one for video editing. had a problem with the dual boot after a while. one hard drive wasn't booting properly. went into system recovery to "fixmbr". was told that i could lose partitions if i proceeded. so i went ahead and reformatted and did a fresh install. my antivirus (eset) has always failed to scan the mbr, page file. it said these files were locked. 2 days ago my cpu usage would go haywire at boot up. went into to local settings/temp file to manually delete files and i have one temp file that won't allow me to delete it. as i would recheck the file periodically, it started having babies. can't boot into safe mode because my mouse won't function. booted into system recovery from os disc and was going to fix mbr. again i am told that i will lose partitions. my question is, when you remove partitions and reinstall, i assumed the master boot record was also reinstalled. is that true?

BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 56,435 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:10:17 AM

Posted 01 November 2007 - 04:27 PM

Well...you say things that are inconsistent.

If one is going to delete a partition, why bother with fixmbr or fixboot or any other command that works on that partition?

If you want to format, format.

Formatting always and always will...result in the deletion/removal of all file structures, files, registry entries, etc...that existed before the format of that space.

A clean install of XP results in a fresh set of system files, as does a repair install of XP. The difference is that a repair install may continue to be bothered by previous system problems, whereas a clean install won't have that history to contend with.

How many partitions are on this drive?

Louis

#3 arial

arial
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:17 AM

Posted 01 November 2007 - 06:04 PM

thanks for answering my question. i have one partition on each hard drive.

#4 hamluis

hamluis

    Moderator


  • Moderator
  • 56,435 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:10:17 AM

Posted 01 November 2007 - 07:04 PM

Well, I would just connect one drive (the one on which XP will be installed) and the CD/dvd drive. Then I would just do a clean install.

Before I did any of this, since you have two drives...I suggest doing a very careful scan of the second drive (ensuring that no malware is on it), then move my email, WAB, and other data files I want (from the XP drive)...to the second drive.

Louis

#5 arial

arial
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:17 AM

Posted 02 November 2007 - 02:02 AM

yep, that's what i just did. something interesting i found. the file that i could not remove must have been put there from windows as it was back in the local settings/temp file after the reformat. i had heard ms is spying on us, is that how they do it? i don't regret the reformat, i was playing with alot of video editing stuff, and the cpu usage and other program glitches made me glad i did it.

Edited by arial, 02 November 2007 - 02:03 AM.


#6 Platypus

Platypus

  • Global Moderator
  • 15,520 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:03:17 AM

Posted 02 November 2007 - 07:34 AM

To answer your original question, no, re-formatting doesn't cause the MBR to be re-written. As hamluis has said, formatting re-creates the structures that define the file system used on that partition. So for example, if the MBR is infected with a Boot Sector virus, re-formatting will not affect this condition. It will neutralize any malware that was residing on that partition within the previous file structure. But the fresh file system on the re-formatted partition will do nothing to prevent re-infection from another source (boot code, something on another partition on the same or another fixed drive, or from a removable drive or network source).

Edited by Platypus, 02 November 2007 - 07:35 AM.

Top 5 things that never get done:

1.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users