Posts

Showing posts from December, 2015

clean a system infected by a master boot record virus

Image
If you have a hard drive that may have a boot virus on it, how do you clean the virus from the drive?

The "Master Boot Record" or MBR is loosely used to describe the combination of the "Partition Table" and the "Boot Record". The primary Partition Table is used as a pointer to additional partition tables that might exist on the drive. This set of partition tables forms a chain each maintaining pointers to the next partition table with a total of up to four partition tables on a drive. The primary partition table also has a pointer to the Boot Record. The Boot Record is a sector that contains information about the physical characteristics of the hard drive i.e. cylinders, heads, sectors,
drive ID, file system, and so on.

Viruses typically move the real MBR onto "slack space" sectors which is unused by your computer. Then it replaces the real MBR with it own version of the MBR where the real MBR belongs. This way the virus can manipulate the Boot…