One of the most important parts of your system’s hard disk is the Master Boot Record (MBR). Without a valid MBR, it’s impossible to boot the system from the hard disk. Unfortunately, many viruses are designed to attack a system’s MBR. Sure, you can usually disinfect the system, and it will begin booting normally–but what do you do if a system still won’t boot after a virus has been removed? To answer that question, it’s necessary to take a closer look at how this particular type of virus works.
How Damage Can Occur
Normally, the MBR points at a system’s boot sector. When the system is powered up, the hardware knows to look at the MBR, and then the MBR redirects the system to the boot sector so that the boot process can begin.
Most (but not all) viruses that infect the MBR do so by copying the contents of the boot sector to a different file and then overwriting the boot sector with viral code. When you remove a boot sector virus, the antivirus program is usually smart enough to know where the original boot sector was copied to. It then removes the viral code and moves the boot sector code back to the correct location.
Unfortunately, some viruses don’t back up the boot sector code before altering it. Likewise, legitimate programs can also cause boot problems similar to that of a virus. For example, I was recently using a program called System Commander from VCOM. System Commander alters the boot sector so that your system will boot the System Commander program instead of the normal operating system. The program then displays a menu and allows you to boot to a variety of operating systems. However, I decided to remove an operating system from a computer, and System Commander was damaged in the process.
After the damage occurred, the system was unbootable. The system would try to boot to a nonexistent copy of System Commander. Unfortunately, it was impossible to reinstall System Commander, because the system was unbootable. As you can see, in such a case, perfectly legitimate software can function exactly like a boot-sector virus. Whether your MBR is malfunctioning because of a virus or because of a boot program gone haywire, the repair method is exactly the same.
Obviously, the best repair method is to restore a backup or to use a repair disk such as the one created by Norton’s System Works. However, if you don’t have such a recovery tool, you’ll have to do things the old-fashioned way. (You can forget about reformatting or repartitioning the drive, because these operations don’t affect the boot sector.) The method you’ll use to recover from a damaged MBR depends on the operating system you’re using.
If your system is running Windows 98, use a separate system to create a bootable floppy disk and copy the FDISK file to it. Now, boot the damaged system from the boot floppy. When you’ve booted the system to a command prompt, enter the command FDISK /MBR
This command will repair the Master Boot Record and make the system bootable.
If you’re using a Windows 2000 system, you can boot from the installation disks and enter the Recovery Console. When the Recovery Console loads, use the FIXBOOT or the FIXMBR command to cure the problem.