Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

reinstall vista and still got unknown mbr


  • Please log in to reply
7 replies to this topic

#1 Charlie67

Charlie67

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:18 AM

Posted 30 January 2014 - 09:04 PM

Hi folks, I had a hard drive crash a few weeks ago. I used backup dads to restore the HP pavilion 9720 US. Once done I couldn't update Windows upon trying to fix that problem I got infected with a zw virus and run gmer to find out I had an unknown mbr also. So I done another install today to get rid of it and still couldn't use Windows update so I downloaded gmer again and there was no mention of the zw infection but it does still see a unknown mbr. 

I was able to get Windows update to working by stopping the update service and then renaming the softwaredistrubution folder and restarting the update service got some updates installed, 86 total. After that I used a avg resource cd to boot from and scanned the pc but it found no viruses. Could the unknown mbr be something from HP install software?


Edited by hamluis, 31 January 2014 - 12:31 PM.
Moved from Vista to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 Charlie67

Charlie67
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:18 AM

Posted 30 January 2014 - 09:06 PM

Backup dads should have been backup DVD. Dang auto complete having to use a tablet to.post



#3 JohnnyJammer

JohnnyJammer

  • Members
  • 1,117 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:QLD Australia
  • Local time:12:18 AM

Posted 30 January 2014 - 11:34 PM

it appears you have a trojan which has written a sector to the MBR. The best thign to do is to completley format using a linux tool that writes 0's to the disk platters. It will literally write every sector/block. Then use the restore image but be aware that a nice trojan will simply reapply to the MBR if you are using a restore image. You will need to use the Windows install Disk.

I forgot to mention, you can load the OS and then boot into the repair disk again and use the command line and the command "Fix MBR" (From memory) to reqrite a new MBR to the disk, the only thing is that the trojan mighht have another entry point if it detects the MBR has been deleted.


Edited by JohnnyJammer, 30 January 2014 - 11:40 PM.


#4 Charlie67

Charlie67
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:18 AM

Posted 30 January 2014 - 11:56 PM

I found the fix mbr on the avg disk I created and used it but gmer still sees the unknown mbr. I have tried doing more updates from hp and Windows and they take forever to install if they even do.the only disk I have are the ones I made when I bought the laptop. Where can I find the Linux tool to write the 0 to the disk and do I need to use a different pc to burn them with? 



#5 JohnnyJammer

JohnnyJammer

  • Members
  • 1,117 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:QLD Australia
  • Local time:12:18 AM

Posted 31 January 2014 - 12:43 AM

Its called Hirens Boot CD and is one of the best tool kits for many things. Just read there forum mate, also they have sections describing which tools do what. Very good free package mate, enjoy!



#6 Charlie67

Charlie67
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:18 AM

Posted 31 January 2014 - 09:03 PM

Thanks Johnny going to explore their forum now.



#7 Charlie67

Charlie67
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:18 AM

Posted 06 February 2014 - 10:29 AM

Update I used dban to format the hard drive by writing 0 to the drive mutiple times that took 23 hrs. Took almost 6 hours to reinstall windows with hp recovery cds. once again I couldn't update windows until I stopped bits svc, wupdate svc, then renaming software dist folder. It then took 12 hours to install 86 updates (349 mb) I have only 6mb connection but that wasnt the problem I think. I downloaded gmer again and it still says unknown mbr.

 

Anyone have any ideas what to do now?

Could this just be some background stuff from hp?



#8 Charlie67

Charlie67
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:18 AM

Posted 08 February 2014 - 06:59 PM

Update I ran malwarebytes and it found and fixed some problems. I ran eset online scanner and no problems from it, I installed spybot and immunized it thinking everything was cleared out. But now I went to check windows update and installed what it needed to but it keeps saying sp1 was installed successfully and then shows right back up as being needed to be installed. I installed it 3 times all were successful even rebooted the machine without it saying so.

 

Could someone give some advice on what to try to make sure it is clean ?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users