possible boot infection

dell dimension p3 384mg
maxtor hard drive
samsung cd
cd-rw
win98 os
norton av 2002 last vd 11/5/03 last system scan 11/3/03

first touched this pc about 6 months ago and never could get it to start in normal mode. would always change itself to selective startup.

typically device manager shows no problems.

last night ran adaware and added a second hard drive and ribbon cable. since then computer does not start with cd (either) or printer s available.

currently device manger shows exclamation under hard drive controller for both primary and secondary ide controller (dual fifo). tried running driver update and it says that best driver in use after installing and running(so it indicates)to c:\woindows\temp\direct.b1.
removed new cable and hard drive and put old cable back on. reseated cable for cd drives and at the board. went into bios and restored system defaults. changed boot order to cd first. restarted with mcaffe in cd drive, which indicated boot sector could not be read. no viruses found.

restart normal mode still can not see cd drives in my computer.

checked norton quarantine and interesting enuf there was nimda, klez and an unknown dated 4/30/02. which is 3 days after the last restorable good registry file of 4/27/02.

my question is there a way to delete and replace the master boot record to get rid of any bugs in there with out hosing the whole system? am i wrong in suspecting the mbr and should i be taking other steps?


tanks in advance,
roy

 

make a boot floppy.. boot with it and get to the A: prompt. at the prompt type

FDISK /MBR
hit enter

that will rebuild the master boot record.

I would also make sure that the second HDD that you put in is on cable select for a jumper setting.

 

Kodo's spot on about the /MBR parameter. It was practically created for exactly those cases where there is a virus in the MBR.

But there are several other possibilities that bother me:

I don't see in your description anything about making the BIOS run Autodetect for the two drives,
I don't see anything about your jumper for the slave drive being set to slave and the drive connected to the middle connector of the IDE 0 cable (or, as Kodo suggested, set to Cable Select, but still on the middle connector) with the first drive's jumper set FOR SURE to Master and on the end connector,
and I don't see anything about the jumper settings for the two CD drives.

It sounds like a hardware problem, and the things we're talking about (except for the MBR) are likely sources of hardware problems.

 

Go along with Kodo there.

Of necessity one of my favourite phrases in any romance language has to be FDISK/MBR.

You can get a Win98 bootdisk from any number of sources but I recommend always using MG

D'oh
just remembered this one.

http://www.majorgeeks.com/vb/showthread.php?s=&threadid=22809

 

Sorry Wise,
Didn't see you there

 

No problem, man. That's been happening to a lot of us lately. Seems we've all gotta type faster.

 

buncha slackers.

 

It's this new keyboard, it won't go as fast as the babel fish

 

The cheapest and fastest computer upgrade is typing lessons!!!!!!!!!!

 

the second drive is completely out till i get the sys back to where it was. now when i first put it in the original was jumpered to master and the 2nd one i was adding had no jumper, and it was on the middle of the cable. when i got a no operating sys message with that config i opened back up and put jumper on the second drive for slave. still got same message so opened back up and disconnected the drive all together. system then started but without the cd drives werkin.

didnt check jumpers on the cd's cause they were workin last night. yes bios on autodetect for the drives. and remeber it sees the drives just not in windows.

tried above suggestion. hard restart with boot disk in floppy, set to removable device first boot. fdisk /mbr at the a: got it back did a hard reboot with out the disk in. back into bios changed to cd first boot. soft booted and came up in norton disk. still wouldnt scan boot section. left to got to conference.

 

DOES FDISK/MBR WORK IN ...

Say, do the FDISK commands work for XP as well?

Thanks,

Starkman

 

Stark,

FDISK works at a DOS level, way before the installed OS kicks in (if there IS an installed OS even -- The DOS utilities on a boot floppy don't give a tinker's damn what the OS is on the drive or what the OS is GOING TO BE on the drive).

When you use a boot floppy, the computer runs entirely from the files on that floppy disk. No Windows, no XP, just good solid basic tools for partitioning, formatting, scanning, and inspecting drives.

Lotsa people get excited when they're using XP Pro, say, and they need to do something that a boot floppy does really well, but they've never used a boot floppy and don't know anything about computing in DOS, and when they ask for help I tell 'em (or somebody else does) to get a boot floppy and they think there must be some mistake when I say "get the Win98 boot floppy" (I like the set of file versions on the Win98 booter) and they want to hunt down a WinXP boot floppy. DOS doesn't care!

 

BOY, I WASN'T CLEAR ON THAT, WAS I!

Hey Wisewiz,

Sorry 'bout that.
I should have asked the question much, much more clearly: does XP come with the ability to create a bootup disk (I think, from what I've heard, it does, and I would expect it to!), AND does FDISK come on the bootable floopy?

I use an old DOS 6.22 boot disk, and it's great, but I know nothing about XP in this area.

Thanks,

Starkman

 

doing better.
shut down system again. booted with win98 disk. ran fdisk /mbr shut it down again. started with nav2003 disk. and it scanned boot this time and said it was good. let it scan entire disk, nothing found and shut it down again.
now restarted with win98 again and typed
sys c:
i get bad command or filename
please advise

 

in response to the comment about not having files in a temp directory;

i have seen that directory before
c:\windows\temp\direct.b1

and i just saw it again trying to get new drivers off the windows update site. for grins i opened the file up this time in notepad.

turns out it is basically an error message that the driver that it was trying to find for me has a link to a dead site.

i had googled the directory earlier and only got one hit in japanese..

is there a way to perhaps create a page off MG that may eventually wind up as an additional google result for that entry.

have pasted below the entirety of the file for any other comment;

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>The page cannot be found</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=Windows-1252">
<STYLE type="text/css">
BODY { font: 8pt/12pt verdana }
H1 { font: 13pt/15pt verdana }
H2 { font: 8pt/12pt verdana }
A:link { color: red }
A:visited { color: maroon }
</STYLE>
</HEAD><BODY><TABLE width=500 border=0 cellspacing=10><TR><TD>

<h1>The page cannot be found</h1>
The page you are looking for might have been removed, had its name changed, or is temporarily unavailable.
<hr>
<p>Please try the following:</p>
<ul>
<li>Make sure that the Web site address displayed in the address bar of your browser is spelled and formatted correctly.</li>
<li>If you reached this page by clicking a link, contact
the Web site administrator to alert them that the link is incorrectly formatted.
</li>
<li>Click the <a href="javascript:history.back(1)">Back</a> button to try another link.</li>
</ul>
<h2>HTTP Error 404 - File or directory not found.<br>Internet Information Services (IIS)</h2>
<hr>
<p>Technical Information (for support personnel)</p>
<ul>
<li>Go to <a href="http://go.microsoft.com/fwlink/?linkid=8180">Microsoft Product Support Services</a> and perform a title search for the words <b>HTTP</b> and <b>404</b>.</li>
<li>Open <b>IIS Help</b>, which is accessible in IIS Manager (inetmgr),
and search for topics titled <b>Web Site Setup</b>, <b>Common Administrative Tasks</b>, and <b>About Custom Error Messages</b>.</li>
</ul>

</TD></TR></TABLE></BODY></HTML>

 

Um, that's just the standard Page Not Found display you always get when IE is feeling grouchy or a server is down or out.

You know that, don't you?

 

nope never realized that was what that file was about. had never tried opening it before.
interesting that there are not more google hits if it is so well known