How to fix MBR manually without recovery console? - Page 2

RegEdit · #11 08-10-2012, 11:19 AM

It's still telling me that the MBR code is faked. : (

Quote:

Yes. UBCD4WIN. That's what I have.
I tried this...Start > Programs > Disk Tools > Partition > MBR Fix > Fix / Update a W2K/XP/2005 type MBR code

This is bizarre that I can't even use a Windows CD to enter the recovery console. It's just loading from CD into RAM memory right? How would a virus interfere?

tf76 · #12 08-10-2012, 11:27 AM

Can you run GMER?

Regards,

tf76 · #13 08-10-2012, 11:31 AM

http://www.technibble.com/rootkit-de...removal-tools/

I would remove hd and scan externally with one of these tools.

Regards,

RegEdit · #14 08-10-2012, 11:44 AM

Quote:

Originally Posted by tf76

http://www.technibble.com/rootkit-de...removal-tools/

I would remove hd and scan externally with one of these tools.

Regards,

I was unable to install Avast's anti rootkit.
GMER seems to work.
I need to get an adapter. This ThinkPad has a strange smaller SATA power connector. Not sure what these small SATA power connectors are called.

tf76 · #15 08-10-2012, 11:46 AM

Well Kaspersky REscue CD is usually good as well.

Regards,

RegEdit · #16 08-10-2012, 05:53 PM

Quote:

Originally Posted by tf76

Well Kaspersky REscue CD is usually good as well.

Regards,

Kaspersky did something. After running it I was able to install Avast's anti-rootkit tool. Instead of getting a warning about a fake MBR, MBR_Check now says that the MBR is "unknown". That's an improvement for now. I still can't load my Windows CD to run the recovery console though.

732914TECH · #17 08-10-2012, 06:21 PM

Since its XP you can boot to a 98 bootdisk and run "fdisk /mbr" and it will erase the MBR.

jbartlett323 · #18 08-10-2012, 06:31 PM

Quote:

Originally Posted by RegEdit

It's still telling me that the MBR code is faked. : (

This is bizarre that I can't even use a Windows CD to enter the recovery console. It's just loading from CD into RAM memory right? How would a virus interfere?

The Virus isnt interfering, there is something interfering with boot. Most likely it is an AHCI HDD setting, switch to compatibility and it will boot, just switch back before booting OS. This is the common setting for IBM/Lenovo's. You have to have an XP disk with Intel AHCI drivers slipstreamed to boot without changing that setting.
If not, pull the drive and boot the CD. Wont fix your problem, but will help rule out other hardware issues...

Oh, and unless its an SSD, that is an adapter that is removable on the drive, not a special interface....

RegEdit · #19 08-10-2012, 08:42 PM

Quote:

Originally Posted by jbartlett323

The Virus isnt interfering, there is something interfering with boot. Most likely it is an AHCI HDD setting, switch to compatibility and it will boot, just switch back before booting OS. This is the common setting for IBM/Lenovo's. You have to have an XP disk with Intel AHCI drivers slipstreamed to boot without changing that setting.
If not, pull the drive and boot the CD. Wont fix your problem, but will help rule out other hardware issues...

Oh, and unless its an SSD, that is an adapter that is removable on the drive, not a special interface....

Good info to know! I gotta look into how to slip stream AHCI into XP. So I guess my regular XP disks would not install on this machine if I tried? For now I've got these rootkits eradicated. Kaspersky Live CD, Avast anti-rootkit, and ComboFix did the bulk of the work.

It is SSD. I gotta get me an adapter for the next time I encounter one of these...

BCS Head Tech · #20 08-27-2012, 07:58 AM

Quote:

Originally Posted by RegEdit

Windows CD keeps blue screening out. MBR is infected. I know because MBR_Check said that the MBR is faked.

Refresh my memory on how to replace the MBR without using the recovery console. ??

try spotman software

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode