Rewrite Master Boot Record

Prior to boot sector viruses, it was rare that any support person even knew what
a MBR was. For background on the MBR: MBR Explained. If your
MBR has been contaminated by a virus, use the virus vendors document to recover
it. If you can not, the preferred approach is to have a backup of the MBR. See
Backup/Restore MBR. If its too late for that the
next best approach is to rewrite the Master Boot Record using the DOS-based
FDISK command:

fdisk /mbr

Use a dos boot disk and run it. If you don’t understand what this means,
don’t try this tip. As an absolutely last option (thats absolutely), Mark Minasi
(NT Mag Summer 1999) published assembler code to wipe the MBR. If all
else fails, you can try it. If you remember when the following technique was
common (ie you are an old fart), you should understand the dangers of this
technique. For the babes in the woods, DEBUG code was widely used in the OLD
days by assembler language coders who did not own an assembler and as a method
to publish small code snippets.

I have not tried the debug approach. Let me know if it works for you.
Definitely on your own. Try it as a last resort before total reinstall. Very
risky. You may have to reinstall anyway.

  • Boot the sick system with DOS boot disk containing DEBUG.EXE command.

    You can not do this in NT – it does not allow direct disk access.

  • Start DEBUG.EXE and type following debug commands

    • -F 9000:0 L 200 0
    • -a
    • 0C5A:0100 Mov dx,9000
    • 0C5A:0103 Mov es,dx
    • 0C5A:0105 Xor bx,bx
    • 0C5A:0107 Mov cx,0001
    • 0C5A:0109 Mov dx,0080
    • 0C5A:010A Mov ax,0301
    • 0C5A:010D Int 13
    • 0C5A:0110 Int 20
    • press Enter
    • press Enter
    • -u 100 L 12
    • make sure the code matches the above -g

      Program terminated normally
    • -quit
You can now install a replacement MBR using

Caution: if you need to replace the MBR to remove a boot sector
virus, check your virus vendors documentation on the virus very carefully.
Replacing the MBR may the worst thing you can do given certain viruses that
twiddle with disk sectors – hidding or encrypting data. In such a case,
replacement of the MBR will result in ALL your disk partitions and data being
lost. If you have such a virus, use anti-virus software to remove the virus.

Remember the term backups? Sorry. Couldn’t resist.

About The Author

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top