Access Denied to Virus Scan when checking Master Boot Records

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Background:

The system is an old, stable Windows 98 machine, completely up-to-date with
Windows Update, the last 2 security fixes applied were KB917344 & KB918547 on
June 23/06. Machine is used for some basic internet surfing, e-mail using
Pegasus, and word processing. No other intentional OpSys settings or other
changes (other than Windows Update) in a long time, no new applications
installed, no downloads, nothing. This machine is in a LAN with a router hub
c/w firewall. Norton Antivirus V4.04 ("Avenge" version, circa 1998) has virus
defs up-to-date, runs weekly and also autoprotects all files coming from the
internet, all apps, etc. We are very careful about not falling for phishing
ruses, opening e-mail attachments etc. E-mail is also remotely pre-filtered
for viruses and spam at the server using SpamAssassin family of products.

Problem: Suddenly. starting July 23, regular weekly automatic Norton virus
scans, which normally start by scanning boot records, now return error
messages "Drive access error: unable to read boot record" on "drive#0",
whatever that is, (Master boot record?) and subsequently (same error) on
"drive c". Additional (unscheduled, user-initiated) scans return the same
messages. Each time, pressing the "continue" button results in all files
being properly scanned, and the activity log at the end shows the scan was
successful, no viruses found, all files scanned, but it also shows that the
master boot record and the hard drive (C) boot record were NOT scanned.

That version of Norton does not check for spyware but I have also remotely
scanned that hard drive as a network drive using Norton Antivirus 2004
(V10.0.29.4) from another computer. NAV 2004 is also up-to-date & supposedly
checks for spyware but I do not know if boot records are checked on a network
drive.

I thought perhaps the recent Windows Update security patches have resulted
in the older NAV not being able to get at the boot records, except that the
older NAV ran routinely and successfully on 2 occasions AFTER the patches
were applied, before the problem started occurring.

I did a thorough-mode disk-check and no disk errors were found.

Does anyone know whether this seems symptomatic of a keystroke logger or
other virus or whatever that is managing to get into the boot record & make
itself inpenetrable by NAV? or if it could be caused by the recent Win98
security patches, but with some kind of delay? or what else is happenning?
 
Phipp said:
Background:

The system is an old, stable Windows 98 machine, completely up-to-date with
Windows Update, the last 2 security fixes applied were KB917344 & KB918547 on
June 23/06. Machine is used for some basic internet surfing, e-mail using
Pegasus, and word processing. No other intentional OpSys settings or other
changes (other than Windows Update) in a long time, no new applications
installed, no downloads, nothing. This machine is in a LAN with a router hub
c/w firewall. Norton Antivirus V4.04 ("Avenge" version, circa 1998) has virus
defs up-to-date, runs weekly and also autoprotects all files coming from the
internet, all apps, etc. We are very careful about not falling for phishing
ruses, opening e-mail attachments etc. E-mail is also remotely pre-filtered
for viruses and spam at the server using SpamAssassin family of products.

Problem: Suddenly. starting July 23, regular weekly automatic Norton virus
scans, which normally start by scanning boot records, now return error
messages "Drive access error: unable to read boot record" on "drive#0",
whatever that is, (Master boot record?) and subsequently (same error) on
"drive c". Additional (unscheduled, user-initiated) scans return the same
messages. Each time, pressing the "continue" button results in all files
being properly scanned, and the activity log at the end shows the scan was
successful, no viruses found, all files scanned, but it also shows that the
master boot record and the hard drive (C) boot record were NOT scanned.

That version of Norton does not check for spyware but I have also remotely
scanned that hard drive as a network drive using Norton Antivirus 2004
(V10.0.29.4) from another computer. NAV 2004 is also up-to-date & supposedly
checks for spyware but I do not know if boot records are checked on a network
drive.

I thought perhaps the recent Windows Update security patches have resulted
in the older NAV not being able to get at the boot records, except that the
older NAV ran routinely and successfully on 2 occasions AFTER the patches
were applied, before the problem started occurring.

I did a thorough-mode disk-check and no disk errors were found.

Does anyone know whether this seems symptomatic of a keystroke logger or
other virus or whatever that is managing to get into the boot record & make
itself inpenetrable by NAV? or if it could be caused by the recent Win98
security patches, but with some kind of delay? or what else is happenning?
Click to expand...

Hi Phipp: I have the exact same problem. I notice you have been
trying quite hard to find a solution. If you have, could you kindly
share it with me. (e-mail address removed)
Thanks
 
I still have not solved the problem. Since you are also, looking for
commonalities between us will potentially help us both figure out the cause.

Do recall whether you did a NAV Liveupdate shortly before the problem first
started? ie Theory 1 is that a NAV update introduced the problem.

Are you running in Windows98? (or perhaps Win98SE?) Do recall whether you
did a Windows Update shortly before you noticed the problem? Theory 2 is
that one of the the final Microsoft Updates for Win98 before support ended
on July 17th, created the problem by tightening access to boot sectors

Have you run any alternate virus or spyware scans on your system? Theory 3
is that a keystroke logger or spyware is hiding in the boot sector and
making itself inaccessable.
 
Back
Top