Boot sector viruses

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Hello, All,

In my computer, the master boot record may be infected with a virus. I have
installed Symantec AntiViurs in my computer. I run a full scan, but no virus
was been found in my computer.

Does anyone know how to detect and clear a boot sector virus?

Thanks in advance,

--Qing
 
What makes you think this is the case? Have you run root-kit detection
software on your system?

F-secure's trial Blacklight is easy to use. You may need to disable some
antispyware or antivirus products while scanning with it, however.

http://www.f-secure.com/blacklight/
 
Hello Qing,

On what basis do you "suspect" a Boot Sector Infector ?

This is a very small class of viruses that are not found on Today's systems
using NTFS partitions and mere conjecture is not enough.

Boot sector viruses haven't been common for many years and it is extremely
unlikely that you have one.

Can you tell me what antivirus product you are running?

Clean out your temporarily "junk yard"
and then to use a program such as CCleaner and or HDCleaner for a more
thorough cleaning, running in safe mºde. for total cleaning.

Ccleaner - http://www.ccleaner.com
http://www.ccleaner.com/downloadbuilds.asp

Note, When you install Ccleaner, uncheck the Yahoo toolbar option.
Note, in Options, Advanced, uncheck - Only delete files in Windows folders
older than 48 hours.
Note: uncheck Windows Defender in the applications.
Do a scan with all the check marks on.
Open Ccleaner and press "Windows" "Aplications" and Run Cleaner from the
menu choose 'Issues' and then press scan for issues, Repair any fºund.
Run twice Ccleaner, the same as above,until you get “0 bytes to be removedâ€.

http://home.tiscali.de/zdata/hdcleaner_e.htm
Read Review at MajorGeeks

Have you scanned in safe mode your system using a recently updated
anti-virus program?

For the benefit of the community reading this post, please rate the pºst.

I hope this post is helpful.

Let us know how it works ºut.

Еиçеl
 
I thought those viruses had disappeared with MS DOS, 386SX CPUs and 2 MB hard
drives ....

Stu
 
Hello, Bill,

Thank you for your information. What you means that run root-kit detectiong
software on my systime?

Why I suspected that I may have a boot sector virus in my Dell computer,
because I often get a blue screen when I boot up my computer, the error
message that is the following:

++++++++++++++++++++++++++++++++++++++++++++++++++++

A problem has been detected and windows has been shut down to prevent damage
to your computer,
KERNEL_STACK_INPAGE_ERROR

If this is the first time you’ve seen this stop error screen, restart your
computer. If this screen appears again, follow these step:

Check to make sure any new hardware or software is properly installed. If
this is a new installation, ask your hardware or software manufacturer for
any windows update you might need.

If problem continue, disable or remove any newly installed hardware or
software. Disable BIOS memory options such as caching or shadowing. If you
need to use Safe Mode to remove or disable components, restart your computer,
press F8 to select Advanced Startup options and then select Safe Mode.

Technical information:
STOP: 0x00000077 (0x00000001, 0x823D4488, 0x00000000, 0xF1F25960)

Beginning dump of physical memory, physical memory dump complete.

+++++++++++++++++++++++++++++++++++++++++++++++++++

I searched from web for fixing the problem. I got an article for
troubleshooting “Stop 0x00000077†at http://support.microsoft.com/kb/315266.
In the article, they said that this issue can occur if the master boot record
is infected with virus. So, before I do anything, I want to detect if I have
a boot sector virus in my computer.

Currently, I installed Symantec AntiVirus Version 10.1 in my computer. I
have done a full scan. No any virus has been found in my computer. But I
didn’t know if they did a scan for boot sector virus when I did the full scan.

Is there any suggestion for me?

Thanks in advance,

--Qing
 
Hi, Engel,

Thank you for your information.

Regarding why I suspect a boot sector infector, I just explain why in my
last message.

Currently, I am runing Symantec AntiVirus Version 10.1 on my computer. I
have run a full scan, no virus has been found in my computer. but I don't
know if it scan for a boot sector virus.

--Qing
 
I often get a blue screen when I boot up my computer, the error message
that is the following:
A problem has been detected and windows has been shut down to prevent damage to your computer,
KERNEL_STACK_INPAGE_ERROR
Click to expand...

1. Run a spyware scanner ('microsoft.private.security.spyware.general')
2. Run 'MEMTEST86+' or some other heavy-duty RAM-testing software
3. Run hard-drive testing software (download from the web-site of the vendor
of your computer's hard-drive).
 
All very good responses from Melvin. It's most likely you will get
additional Blue Screen errors and might be able to narrow it down more, but
I'd really suspect a page file block read error in the paging area of your
HD indicating a permanent failure on your hard drive more likely than a
malware infection. So I'd add to Melvin's list take an image backup of your
hard drive using something like Acronis True Image or Ghost if you don't
already do so regularly already. It's hard to loose all the work you've
already put in downloading and customizing. I once saw a suggestion to set
the page size to zero or just to turn paging off for a while to see if it
eliminates the blue screens, you could try that:

Control Panel > System > Properties > Advanced > Performance Settings >
Performance Options > Advanced > Virtual Memory > Change

to see if the page errors go away, but the system will run s-l-o-w-l-y
while testing. I never could get a disk diagnostic test from my
manufacturer to show any specific error in conjunction with this crash.
Also see this KB...

http://support.microsoft.com/kb/130801
 
Hi,

Thank you for your help.

My computer is Dell Optiplex GX280. I have done a Diagnostics which Dell
installed in the computer. All of the test passed. I didn't get any error
message. Do I need do more testing for RAM & Hard disk? What software I can
use for it?

Thanks in advance,

--Qing
 
My Dell has a Maxtor so you go to the manufacturer and get their disk
diagnostics since it's much more specific than anything Dell supplies...
That complete test took like 8 hours to run on a 250 Gig HD and even then
nothing showed up so don't be surprised if you get no burps... let it run
overnight to test everything. I found a reference to changing the paging
size which might help you... where's a hardware guru when you need one...
and now the link won't open anymore... so here's a google cache:

http://72.14.253.104/search?q=cache...HANDLE+was+specified&hl=en&gl=us&ct=clnk&cd=8
 
My experience is that the major anti-virus programs check the boot sector for
viruses. On some computers, you can even set the BIOS to warn you when an
attempt is made to write to the boot sector. I really doubt if that is your
problem. You already have received some very good suggestions in the posts
for this thread. I thought I would throw in some more (they may not be
good). This one may be hard to research: check for any BIOS updates that
may describe the problem you are experiencing. Check application and system
events (start, control panel, performance & maintenance, administrative
tools, event viewer) for errors on your hard drive. Usually these don't show
unless error recovery was unsuccessful and this means the drive is going bad.
If collection of SMART data is turned on in your BIOS, then you can use
Speedfan to see if the drive is going bad. Sometimes it has very difficult
to distinguish between a bad power supply and memory. So the memtest
reference is quite appropriate. Did you check the NTFS file system? Go to
my computer and right click the hard drive icon and select properties, select
Tools tab, check now, and then check the box to automatically fix file system
errors. You will have to restart your system to do the latter. Also, check
the device manager to verify that all devices are functioning correctly.
Sometimes it is like finding a needle in a haystack. If you are still under
OEM warranty, give your vendor a call and see what they have to say.
 
Hi Quing,

You have another way, to be sure, run * chkdsk / r * for a complete check,
or a short test * chkdsk /f *.

I hope this post is helpful.
Let us know how it works ºut.
Еиçеl
 
Thank you so muhc for your information.

Mr Cat said:
My experience is that the major anti-virus programs check the boot sector for
viruses. On some computers, you can even set the BIOS to warn you when an
attempt is made to write to the boot sector. I really doubt if that is your
problem. You already have received some very good suggestions in the posts
for this thread. I thought I would throw in some more (they may not be
good). This one may be hard to research: check for any BIOS updates that
may describe the problem you are experiencing. Check application and system
events (start, control panel, performance & maintenance, administrative
tools, event viewer) for errors on your hard drive. Usually these don't show
unless error recovery was unsuccessful and this means the drive is going bad.
If collection of SMART data is turned on in your BIOS, then you can use
Speedfan to see if the drive is going bad. Sometimes it has very difficult
to distinguish between a bad power supply and memory. So the memtest
reference is quite appropriate. Did you check the NTFS file system? Go to
my computer and right click the hard drive icon and select properties, select
Tools tab, check now, and then check the box to automatically fix file system
errors. You will have to restart your system to do the latter. Also, check
the device manager to verify that all devices are functioning correctly.
Sometimes it is like finding a needle in a haystack. If you are still under
OEM warranty, give your vendor a call and see what they have to say.
Click to expand...
 
Hi, Engel,

Actually, I have done CHKDSK /r. But the processing didn't complete. It just
showed me 62% completed, then stuck there. I kept it running, one day after,
it still showed me that 62% completed. Then I pushed the power botton to shut
down the computer.

--Qing
 
Hi Qing,

Have you tried these operations running in safe mºde?

Open a Internet window and go to Internet Options, Delete Cookies and Temp
Files and included all offline content
then also go to start and run and type (wiht %) %temp% and clear that fºlder.

Also go to Start and Run and tipe (without %) temp and clear that folder.


(In safe mode) Try with CCleaner and or HDCleaner for a more thorough
cleªning.

Ccleaner - http://www.ccleaner.com
http://www.ccleaner.com/downloadbuilds.asp

Note, When you install Ccleaner, uncheck the Yahoo toolbar option.
Note, in Options, Advanced, uncheck - Only delete files in Windows folders
older than 48 hours.
Note: uncheck Windows Defender in the applications.
Do a scan with all the check marks on.
Open Ccleaner and press "Windows" "Aplications" and Run Cleaner from the
menu choose 'Issues' and then press scan for issues, Repair any fºund.
Run twice Ccleaner, the same as above,until you get “0 bytes to be removedâ€.

http://home.tiscali.de/zdata/hdcleaner_e.htm
Read Review at MajorGeeks

(In safe mode) Run chkdsk /f

(In safe mode) Run defrag

Let us know how it works ºut.

Еиçеl
--
 
You are welcome. Your post that the chkdsk would hang sounds bad. I have
found that when the NTFS file system is bad and you attempt to do a Defrag,
the Defrag will hang also. If we are talking about your boot drive C, please
do the test I indicated. The procedure will fix whatever NTFS problems it
finds. What surprises me is that you can do a full virus scan. Usually,
when the NTFS is bad, the anti-virus program will crash on a particular file
or folder. So the problem may be intermittent. Again, the event logs will
tell the story. If the hard drive is good and you are still having these
problems, it might be best to backup your data (while you still can) and just
rebuild the system. Sometimes you can spend more time pursuing an issue than
the time it takes to rebuild the system.
 
Hi, qq. I'm not an expert by any means, but I did have a similar situation
happen to a Dell 4500s a year or so back. Same error and BSOD. What it
turned out to be was a faulty network card that had just been installed,
along with the local cable company installing wrong version cable modem
software. Hopes this helps.
Roy P
 
Back
Top