Use a dos boot disk and run it. If you don't understand what this means, don't try this tip. As an absolutely last option (thats absolutely), Mark Minasi (NT Mag Summer 1999) published assembler code to wipe the MBR. If all else fails, you can try it. If you remember when the following technique was common (ie you are an old fart), you should understand the dangers of this technique. For the babes in the woods, DEBUG code was widely used in the OLD days by assembler language coders who did not own an assembler and as a method to publish small code snippets.
I have not tried the debug approach. Let me know if it works for you. Definitely on your own. Try it as a last resort before total reinstall. Very risky. You may have to reinstall anyway.
- Boot the sick system with DOS boot disk containing DEBUG.EXE command.
You can not do this in NT - it does not allow direct disk access.
- Start DEBUG.EXE and type following debug commands
- -F 9000:0 L 200 0
- 0C5A:0100 Mov dx,9000
- 0C5A:0103 Mov es,dx
- 0C5A:0105 Xor bx,bx
- 0C5A:0107 Mov cx,0001
- 0C5A:0109 Mov dx,0080
- 0C5A:010A Mov ax,0301
- 0C5A:010D Int 13
- 0C5A:0110 Int 20
- press Enter
- press Enter
- -u 100 L 12
- make sure the code matches the above -g
Program terminated normally
Caution: if you need to replace the MBR to remove a boot sector virus, check your virus vendors documentation on the virus very carefully. Replacing the MBR may the worst thing you can do given certain viruses that twiddle with disk sectors - hidding or encrypting data. In such a case, replacement of the MBR will result in ALL your disk partitions and data being lost. If you have such a virus, use anti-virus software to remove the virus.
Remember the term backups? Sorry. Couldn't resist.