Hi Elaine,
Now to the nitty gritty of an MBR virus, that can be cleared by a normal AV tool.
Before you try to do this, you have to know your system thoroughly though.
Before you proceed read all of this:
Step by step, here we go.
1. Boot from a clean DOS-diskette, Version 5.0 or higher. OS does not matter in this case.
2. Give in this command fdisk/status Now you should have access to all built-in disks, or you should find up a plausible PT (partition table).
3. For all the Dos-formatted partitions of the first disk give this command: dir p: (where p is the letter of that particular partition). The first could well be: dir:c
For all non-Dos partioned partitions boot the machine from a clean diskette and test if partitions are correctly readable at once.
4. You do the above mentioned steps, after you have come to the conclusion that the first partition you checked was freely, instantly and correctly readable.
Type fdisk/mbr Through this action the first partition is changed into the (virusfree) MBR-Program of the diskette, the PT in this MBR is kept. Rests of virus on the hard disk does not matter now anymore, because it is disarmed and can be ignored further.
5. Reinstall special MBR from the original diskette (Boot-Manager- System Controll).
There are a couple of ifs. In the case od a cloaked MBR virus:
A. in the case of the Stone Empire Monkey A virus, with a MBR virus that is cloaked, you read the MBR with a program, that uses BIOS-services, MBR has address 0,01. Save MBR in a file.
B. Sometimes the current PT has to be reconstructed. You are not allowed to change the MBR in the case of a special MBR, a special Boot-Manager. There you will not find up a usual partition table.
Good luck from,
polonus
PS. Use your Huna-powers. It helps us all.
