|
To remove a virus from your computer, use a current, well-known commercial antivirus program that is compatible with Windows XP Professional. In addition to scanning the hard disks on your computer, be sure to scan all floppy disks that have been used in the infected computer, in any other computers, or with other operating systems in an infected multiple-boot configuration. Scan floppy disks even if you believe they are not infected. Many infections recur because one or more copies of the virus were not detected and eliminated. If the computer is already infected with a boot sector virus and you install Windows XP Professional into a multiple-boot configuration, standard antivirus programs might not completely eliminate the infection because Windows XP Professional copies the original MS-DOS boot sector to a file called Bootsect.dos and replaces it with its own boot sector. The Windows XP Professional installation is not initially infected, but if the user chooses to start MS-DOS, Windows 95, Windows 98, or Windows Me, the infected boot sector is reapplied to the system, reinfecting the computer. Avoid Using the Fdisk /mbr Command to Treat Viruses Do not depend on the MS-DOS command Fdisk /mbr, which rewrites the MBR on the hard disk, to resolve MBR infections. Many newer viruses have the properties of both file infector and MBR viruses, so restoring the MBR does not solve the problem if the virus immediately reinfects the system. In addition, running Fdisk /mbr in MS-DOS on a system infected by an MBR virus that does not preserve or encrypt the original MBR partition table permanently prevents access to the lost partitions. If the disk was configured with a third-party drive overlay program to enable support for large disks, running this command eliminates the drive overlay program and you cannot start up from the disk. Caution Before you use the Fdisk /mbr command, note the following: Running Fdisk /mbr is not supported on dynamic disks or GPT disks. Running Fdisk /mbr in MS-DOS overwrites only the first 446 bytes of the MBR, the portion known as the master boot code, leaving the existing partition table intact. However, if the signature word (the last two bytes of the MBR) has been deleted, the partition table entries are overwritten with zeros. If an MBR virus overwrites the signature word, access to all partitions and logical volumes is lost. Avoid Using the Fixmbr Command to Treat Viruses The Recovery Console, a troubleshooting tool in Windows XP Professional, offers a feature called Fixmbr. However, it functions identically to the Fdisk /mbr command, replacing only the master boot code and not affecting the partition table. For this reason, it is also unlikely to help resolve an infected MBR. Notes of interest Concerning Windows XP |