TheTeenScripter
04-01-2009, 05:06 AM
Hi, I have a certain question that might seem a little out of the ordinary.
Basically, I am looking for a MBR (Master Boot Record) repair tool (or method) that will work even if there is NO master boot record existing. It will examine the data structure on the hard drive for partitions and correctly write code to the MBR to allow for basic read/write access to a harddrive with a corrupt or missing MBR. The reason I need this is because there is a new strain of virus going around that modifies the MBR to gain system-level access to files inside of a Windows 2000/XP/Vista operating system and uses it to run proprietary code on the kernel (you can only imagine what it does).
I was unfortunate enough to have been infected with one of these virusses, and I do not want to go out and spend $100 on an external harddrive just to backup my data for a format when there should be a way to just start from a fresh MBR. I have 2 partitions on my HD. The MBR virus was contracted through a BartPE installation running an infected 3rd-party plugin (advertised for loading device drivers from existing windows installations).
So, yeah.. I found a way to clear the MBR (leaving the partition info in-tact) but I don't want to go ahead and do that until I am sure that I can get my data back. So basically, all I need is a program that will write me a new MBR based solely on the partition info inside of the existing MBR. It does not need to be able to boot into Windows, but just to provide me basic read/write access to all of my partitions. Later I can boot into BartPE and delete the Windows Installation (leaving my files in-tact) and re-install Windows after that.
I first noticed I had the virus when there was a lock put on every instance of NTLDR on my harddrive, noticed when I tried re-building a BartPE installation. Then my cmd.exe wouldn't work and then a bunch of random programs were running in the background from my temp folder. Eventually it got bad enough to the point where a lot of system utils would not work and then I couldn't even log-in. I booted into BartPE, removed all Windows installation files, put the remaining files in a new folder, and re-installed XP. All was fine when I logged on to the freshly installed XP with service pack 2. Then I restarted. Everything was acting up AGAIN... That is how I came to the conclusion I had an MBR virus, and I searched it up on the internet to confirm my conclusion. The original code was created from a company that knew their code would probably be turned into a virus.. They just wanted to prove it could be done, and distributed their source-code.. Now we have to pay :(
Anyways, Thanks for reading, and I hope somebody can help me.....
Basically, I am looking for a MBR (Master Boot Record) repair tool (or method) that will work even if there is NO master boot record existing. It will examine the data structure on the hard drive for partitions and correctly write code to the MBR to allow for basic read/write access to a harddrive with a corrupt or missing MBR. The reason I need this is because there is a new strain of virus going around that modifies the MBR to gain system-level access to files inside of a Windows 2000/XP/Vista operating system and uses it to run proprietary code on the kernel (you can only imagine what it does).
I was unfortunate enough to have been infected with one of these virusses, and I do not want to go out and spend $100 on an external harddrive just to backup my data for a format when there should be a way to just start from a fresh MBR. I have 2 partitions on my HD. The MBR virus was contracted through a BartPE installation running an infected 3rd-party plugin (advertised for loading device drivers from existing windows installations).
So, yeah.. I found a way to clear the MBR (leaving the partition info in-tact) but I don't want to go ahead and do that until I am sure that I can get my data back. So basically, all I need is a program that will write me a new MBR based solely on the partition info inside of the existing MBR. It does not need to be able to boot into Windows, but just to provide me basic read/write access to all of my partitions. Later I can boot into BartPE and delete the Windows Installation (leaving my files in-tact) and re-install Windows after that.
I first noticed I had the virus when there was a lock put on every instance of NTLDR on my harddrive, noticed when I tried re-building a BartPE installation. Then my cmd.exe wouldn't work and then a bunch of random programs were running in the background from my temp folder. Eventually it got bad enough to the point where a lot of system utils would not work and then I couldn't even log-in. I booted into BartPE, removed all Windows installation files, put the remaining files in a new folder, and re-installed XP. All was fine when I logged on to the freshly installed XP with service pack 2. Then I restarted. Everything was acting up AGAIN... That is how I came to the conclusion I had an MBR virus, and I searched it up on the internet to confirm my conclusion. The original code was created from a company that knew their code would probably be turned into a virus.. They just wanted to prove it could be done, and distributed their source-code.. Now we have to pay :(
Anyways, Thanks for reading, and I hope somebody can help me.....