Boot Record Alert: NAV 2003

[Guest]

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

Wayne R. Russ

Your Boot Record, which contains critical startup information,has changed,
This change is acceptable if you have upgraded your OS, Installed HD, or run
SW that modifies HD.If not an unknown virus may have infected your system.

If your aware unsure, ignore, run Live Update and scan

Change expected, update

 

[Guest]

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

This is a potentially serious issue. If you don't know enough to understand
that message, you should have someone who does check it out. The first
question is whether or not you can recall doing *anything* that might
naturally prompt this message. The change we're looking for occurred
sometime just before or just after the last successful startup. Did you
install any hardware? Did you notice any "Adding new hardware" messages
during that last successful startup? Did you install or update/upgrade any
new software? If the answer to all of these questions is no, then you may
have a boot sector virus, you may have a hard drive on its way to failure.

Are you waiting for advice before pressing the Update button? Or have you
already proceeded to finish starting up?

--
Gary S. Terhune
MS-MVP Shell/User

"Wayne R. Russ" <NOwaynerrSPAM@olg.com> wrote in message
news:11gcjp62i4aoia8@corp.supernews.com...
>
>
>
> Wayne R. Russ
>
> Your Boot Record, which contains critical startup information,has changed,
> This change is acceptable if you have upgraded your OS, Installed HD, or
> run
> SW that modifies HD.If not an unknown virus may have infected your system.
>
> If your aware unsure, ignore, run Live Update and scan
>
> Change expected, update
>
>
>

 

[Guest]

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

> Change expected, update

What's wrong then?

 

[Guest]

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

Hi, I posted by mistake. I had not completely composed the post yet. I have
not added any hardware, nor gotten any Adding New Hardware messages.

I was doing something a while back with the software, I do not recall
what, then I got the alert. I thought that might have changed the Boot
Record. I chose to allow NAV to let the change occur. Now, I will go for a
short time fine then scan with NAV and it will give an alert. I choose
ignore. The alert goes away and the scan is clean. I scan again and no alert
for a short time.

I am trying to narrow in on when the alert starts to appear, what
triggers it. The system seem to run fine otherwise. NAV scans are clean.
Ad-Aware scans are clean. Spybot scans are clean.

How would I go about getting rid of a Boot Sector Virus ?

I would have tried to think this post out a little more first, but it
posted originally by mistake. If you have any advice, I am all ears,



Thank You So Much,

Wayne R. Russ
"Gary S. Terhune" <grystnews@mvps.org> wrote in message
news:uQYuliQpFHA.2580@TK2MSFTNGP09.phx.gbl...
> This is a potentially serious issue. If you don't know enough to
understand
> that message, you should have someone who does check it out. The first
> question is whether or not you can recall doing *anything* that might
> naturally prompt this message. The change we're looking for occurred
> sometime just before or just after the last successful startup. Did you
> install any hardware? Did you notice any "Adding new hardware" messages
> during that last successful startup? Did you install or update/upgrade any
> new software? If the answer to all of these questions is no, then you may
> have a boot sector virus, you may have a hard drive on its way to failure.
>
> Are you waiting for advice before pressing the Update button? Or have you
> already proceeded to finish starting up?
>
> --
> Gary S. Terhune
> MS-MVP Shell/User
>
> "Wayne R. Russ" <NOwaynerrSPAM@olg.com> wrote in message
> news:11gcjp62i4aoia8@corp.supernews.com...
> >
> >
> >
> > Wayne R. Russ
> >
> > Your Boot Record, which contains critical startup information,has
changed,
> > This change is acceptable if you have upgraded your OS, Installed HD, or
> > run
> > SW that modifies HD.If not an unknown virus may have infected your
system.
> >
> > If your aware unsure, ignore, run Live Update and scan
> >
> > Change expected, update
> >
> >
> >
>
>

 

[Guest]

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

First thing I'd probably do is use a bootable floppy or CD with F-Prot for
DOS to scan the entire system. For F-Prot, go to
http://www.f-prot.com/products/home_use/dos/. If you use a floppy boot disk,
make sure it's write-protected before running it. Best practice suggests
that you download and create the disk on a different, known-safe machine.

Next thing I'd do is run a full hard drive diagnostic test from a bootable
floppy or CD, preferably using tools from the disk's manufacturer, but some
of the major ones work on many brands. Make sure the drive isn't failing.

If both of the above tests come up clean, then it's down to some software
you installed. Too bad you don't remember what that app was. But it would
have to be an app that can change boot records, perhaps a partitioning app
like Partition Magic, BootIt NG, etc.

Or, it's a false report from Norton. Which wouldn't surprise me. I don't
like Norton.

--
Gary S. Terhune
MS-MVP Shell/User

"Wayne R. Russ" <NOwaynerrSPAM@olg.com> wrote in message
news:11gcoe4e6v9bjaf@corp.supernews.com...
> Hi, I posted by mistake. I had not completely composed the post yet. I
> have
> not added any hardware, nor gotten any Adding New Hardware messages.
>
> I was doing something a while back with the software, I do not recall
> what, then I got the alert. I thought that might have changed the Boot
> Record. I chose to allow NAV to let the change occur. Now, I will go for a
> short time fine then scan with NAV and it will give an alert. I choose
> ignore. The alert goes away and the scan is clean. I scan again and no
> alert
> for a short time.
>
> I am trying to narrow in on when the alert starts to appear, what
> triggers it. The system seem to run fine otherwise. NAV scans are clean.
> Ad-Aware scans are clean. Spybot scans are clean.
>
> How would I go about getting rid of a Boot Sector Virus ?
>
> I would have tried to think this post out a little more first, but it
> posted originally by mistake. If you have any advice, I am all ears,
>
>
>
> Thank You So Much,
>
> Wayne R. Russ
> "Gary S. Terhune" <grystnews@mvps.org> wrote in message
> news:uQYuliQpFHA.2580@TK2MSFTNGP09.phx.gbl...
>> This is a potentially serious issue. If you don't know enough to
> understand
>> that message, you should have someone who does check it out. The first
>> question is whether or not you can recall doing *anything* that might
>> naturally prompt this message. The change we're looking for occurred
>> sometime just before or just after the last successful startup. Did you
>> install any hardware? Did you notice any "Adding new hardware" messages
>> during that last successful startup? Did you install or update/upgrade
>> any
>> new software? If the answer to all of these questions is no, then you may
>> have a boot sector virus, you may have a hard drive on its way to
>> failure.
>>
>> Are you waiting for advice before pressing the Update button? Or have you
>> already proceeded to finish starting up?
>>
>> --
>> Gary S. Terhune
>> MS-MVP Shell/User
>>
>> "Wayne R. Russ" <NOwaynerrSPAM@olg.com> wrote in message
>> news:11gcjp62i4aoia8@corp.supernews.com...
>> >
>> >
>> >
>> > Wayne R. Russ
>> >
>> > Your Boot Record, which contains critical startup information,has
> changed,
>> > This change is acceptable if you have upgraded your OS, Installed HD,
>> > or
>> > run
>> > SW that modifies HD.If not an unknown virus may have infected your
> system.
>> >
>> > If your aware unsure, ignore, run Live Update and scan
>> >
>> > Change expected, update
>> >
>> >
>> >
>>
>>
>
>

 

[Guest]

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

"Wayne R. Russ" <NOwaynerrSPAM@olg.com> wrote in message
news:11gcoe4e6v9bjaf@corp.supernews.com...
> Hi, I posted by mistake. I had not completely composed the post yet. I have
> not added any hardware, nor gotten any Adding New Hardware messages.
>
> I was doing something a while back with the software, I do not recall
> what, then I got the alert.

What software? Even a simple thing such as naming a volume will toss up that
alert.


I thought that might have changed the Boot
> Record. I chose to allow NAV to let the change occur. Now, I will go for a
> short time fine then scan with NAV and it will give an alert. I choose
> ignore. The alert goes away and the scan is clean. I scan again and no alert
> for a short time.

By letting NAV accept the change and then choosing to ignore it during a scan
will show the scan results as clean. I suggest not ignoring it, quarantine it
without deleting it and checking out what it may be in the quarantine report.
Reports > Quarantined items (view report).
Click once on the file to hilite.
On the toolbar click Properties for information on it.


> I am trying to narrow in on when the alert starts to appear, what
> triggers it. The system seem to run fine otherwise. NAV scans are clean.
> Ad-Aware scans are clean. Spybot scans are clean.
>
> How would I go about getting rid of a Boot Sector Virus ?
>
> I would have tried to think this post out a little more first, but it
> posted originally by mistake. If you have any advice, I am all ears,


If you want to really check your machine, run a virus scan in DOS.
http://www.f-prot.com/products/home_use/dos/ free

Make sure you get the latest definitions which are accessible from the same
page.

Create a new folder named fprot or whatever you wish, preferrably on a
separate drive/partition.
Extract the downloaded files to that folder.
Reboot to pure DOS from the startup menu by selecting DOS Command Prompt.
At the prompt change to the drive/directory where the fprot folder is at.
Once in the directory type: fprot\f-prot.exe and press Enter.

You will have to navigate with the keyboard if you have not set up the mouse to
run in DOS.

Set up the scan as you wish and run it.

When finished press Alt+F and close.
Press Ctrl+Alt+Del or type win at the prompt to reboot.

--

Brian A. Sesko { MS MVP_Shell/User }
Conflicts start where information lacks.
http://basconotw.mvps.org/

Suggested posting do's/don'ts: http://www.dts-l.org/goodpost.htm
How to ask a question: http://support.microsoft.com/kb/555375

 

[Guest]

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

I Thank You Kindly before trying the suggestions Gary. I truly appreciate
your help. You helped me one other time with a problem not so potentially
drastic. You solved it for me.

Well, now to work.

Wayne R. Russ

"Gary S. Terhune" <grystnews@mvps.org> wrote in message
news:eblwKMRpFHA.272@TK2MSFTNGP15.phx.gbl...
> First thing I'd probably do is use a bootable floppy or CD with F-Prot for
> DOS to scan the entire system. For F-Prot, go to
> http://www.f-prot.com/products/home_use/dos/. If you use a floppy boot
disk,
> make sure it's write-protected before running it. Best practice suggests
> that you download and create the disk on a different, known-safe machine.
>
> Next thing I'd do is run a full hard drive diagnostic test from a bootable
> floppy or CD, preferably using tools from the disk's manufacturer, but
some
> of the major ones work on many brands. Make sure the drive isn't failing.
>
> If both of the above tests come up clean, then it's down to some software
> you installed. Too bad you don't remember what that app was. But it would
> have to be an app that can change boot records, perhaps a partitioning app
> like Partition Magic, BootIt NG, etc.
>
> Or, it's a false report from Norton. Which wouldn't surprise me. I don't
> like Norton.
>
> --
> Gary S. Terhune
> MS-MVP Shell/User
>
> "Wayne R. Russ" <NOwaynerrSPAM@olg.com> wrote in message
> news:11gcoe4e6v9bjaf@corp.supernews.com...
> > Hi, I posted by mistake. I had not completely composed the post yet. I
> > have
> > not added any hardware, nor gotten any Adding New Hardware messages.
> >
> > I was doing something a while back with the software, I do not recall
> > what, then I got the alert. I thought that might have changed the Boot
> > Record. I chose to allow NAV to let the change occur. Now, I will go for
a
> > short time fine then scan with NAV and it will give an alert. I choose
> > ignore. The alert goes away and the scan is clean. I scan again and no
> > alert
> > for a short time.
> >
> > I am trying to narrow in on when the alert starts to appear, what
> > triggers it. The system seem to run fine otherwise. NAV scans are clean.
> > Ad-Aware scans are clean. Spybot scans are clean.
> >
> > How would I go about getting rid of a Boot Sector Virus ?
> >
> > I would have tried to think this post out a little more first, but it
> > posted originally by mistake. If you have any advice, I am all ears,
> >
> >
> >
> > Thank You So Much,
> >
> > Wayne R. Russ
> > "Gary S. Terhune" <grystnews@mvps.org> wrote in message
> > news:uQYuliQpFHA.2580@TK2MSFTNGP09.phx.gbl...
> >> This is a potentially serious issue. If you don't know enough to
> > understand
> >> that message, you should have someone who does check it out. The first
> >> question is whether or not you can recall doing *anything* that might
> >> naturally prompt this message. The change we're looking for occurred
> >> sometime just before or just after the last successful startup. Did you
> >> install any hardware? Did you notice any "Adding new hardware" messages
> >> during that last successful startup? Did you install or update/upgrade
> >> any
> >> new software? If the answer to all of these questions is no, then you
may
> >> have a boot sector virus, you may have a hard drive on its way to
> >> failure.
> >>
> >> Are you waiting for advice before pressing the Update button? Or have
you
> >> already proceeded to finish starting up?
> >>
> >> --
> >> Gary S. Terhune
> >> MS-MVP Shell/User
> >>
> >> "Wayne R. Russ" <NOwaynerrSPAM@olg.com> wrote in message
> >> news:11gcjp62i4aoia8@corp.supernews.com...
> >> >
> >> >
> >> >
> >> > Wayne R. Russ
> >> >
> >> > Your Boot Record, which contains critical startup information,has
> > changed,
> >> > This change is acceptable if you have upgraded your OS, Installed HD,
> >> > or
> >> > run
> >> > SW that modifies HD.If not an unknown virus may have infected your
> > system.
> >> >
> >> > If your aware unsure, ignore, run Live Update and scan
> >> >
> >> > Change expected, update
> >> >
> >> >
> >> >
> >>
> >>
> >
> >
>
>

 

[Guest]

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

Brian,

Thank You for explaining how to use F-Prot, among the rest.
--

Wayne R. Russ
"Brian A." <gonefish'n@afarawaylake> wrote in message
news:%23qUEnZRpFHA.3552@TK2MSFTNGP10.phx.gbl...
> "Wayne R. Russ" <NOwaynerrSPAM@olg.com> wrote in message
> news:11gcoe4e6v9bjaf@corp.supernews.com...
> > Hi, I posted by mistake. I had not completely composed the post yet. I
have
> > not added any hardware, nor gotten any Adding New Hardware messages.
> >
> > I was doing something a while back with the software, I do not recall
> > what, then I got the alert.
>
> What software? Even a simple thing such as naming a volume will toss up
that
> alert.
>
>
> I thought that might have changed the Boot
> > Record. I chose to allow NAV to let the change occur. Now, I will go for
a
> > short time fine then scan with NAV and it will give an alert. I choose
> > ignore. The alert goes away and the scan is clean. I scan again and no
alert
> > for a short time.
>
> By letting NAV accept the change and then choosing to ignore it during a
scan
> will show the scan results as clean. I suggest not ignoring it,
quarantine it
> without deleting it and checking out what it may be in the quarantine
report.
> Reports > Quarantined items (view report).
> Click once on the file to hilite.
> On the toolbar click Properties for information on it.
>
>
> > I am trying to narrow in on when the alert starts to appear, what
> > triggers it. The system seem to run fine otherwise. NAV scans are clean.
> > Ad-Aware scans are clean. Spybot scans are clean.
> >
> > How would I go about getting rid of a Boot Sector Virus ?
> >
> > I would have tried to think this post out a little more first, but it
> > posted originally by mistake. If you have any advice, I am all ears,
>
>
> If you want to really check your machine, run a virus scan in DOS.
> http://www.f-prot.com/products/home_use/dos/ free
>
> Make sure you get the latest definitions which are accessible from the
same
> page.
>
> Create a new folder named fprot or whatever you wish, preferrably on a
> separate drive/partition.
> Extract the downloaded files to that folder.
> Reboot to pure DOS from the startup menu by selecting DOS Command Prompt.
> At the prompt change to the drive/directory where the fprot folder is at.
> Once in the directory type: fprot\f-prot.exe and press Enter.
>
> You will have to navigate with the keyboard if you have not set up the
mouse to
> run in DOS.
>
> Set up the scan as you wish and run it.
>
> When finished press Alt+F and close.
> Press Ctrl+Alt+Del or type win at the prompt to reboot.
>
> --
>
> Brian A. Sesko { MS MVP_Shell/User }
> Conflicts start where information lacks.
> http://basconotw.mvps.org/
>
> Suggested posting do's/don'ts: http://www.dts-l.org/goodpost.htm
> How to ask a question: http://support.microsoft.com/kb/555375
>
>
>
>

 

[Guest]

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

This notification can occur when:
A boot sector virus in present
A 3rd party boot manager is installed and resides primarily in sector zero.
A partition change is made, usually with 3rd party software, which changes
the mbr as a result.
You restore an imaged partition.

In the past, if I was unsure, I simply restored a previous image of my 98
partition.

NAV merely detects a change, but may not always detect it as a known virus.
Boot sector viruses are rare.
Some are removable, some are not with AVs.

"Wayne R. Russ" <NOwaynerrSPAM@olg.com> wrote in message
news:11gcjp62i4aoia8@corp.supernews.com...
>
>
>
> Wayne R. Russ
>
> Your Boot Record, which contains critical startup information,has changed,
> This change is acceptable if you have upgraded your OS, Installed HD, or
run
> SW that modifies HD.If not an unknown virus may have infected your system.
>
> If your aware unsure, ignore, run Live Update and scan
>
> Change expected, update
>
>
>

 

[Guest]

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

Hi,

Sorry, I was sick for a day.

I couldn't see how to get all of F-Prot on a floppy, so I put it on my
D: partition. It ran clean. I ran Western Digital's drive diagnostic twice
and it ran clean.

I could have POSSIBLY used Partition Magic just before the alerts starts
started. If that is the case, how do I go about changing back to the correct
MBR ?

Wayne R. Russ

>
>
> Wayne R. Russ
>
> Your Boot Record, which contains critical startup information,has changed,
> This change is acceptable if you have upgraded your OS, Installed HD, or
run
> SW that modifies HD.If not an unknown virus may have infected your system.
>
> If your aware unsure, ignore, run Live Update and scan
>
> Change expected, update
>
>
>

 

[Guest]

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

"Wayne R. Russ" <NOwaynerrSPAM@olg.com> wrote in message
news:11gcjp62i4aoia8@corp.supernews.com...
>
>
>
> Wayne R. Russ
>
> Your Boot Record, which contains critical startup information,has changed,
> This change is acceptable if you have upgraded your OS, Installed HD, or run
> SW that modifies HD.If not an unknown virus may have infected your system.
>
> If your aware unsure, ignore, run Live Update and scan
>
> Change expected, update

Many times NSW will give that message right after you do a definitions update
and then run a scan on a file or the whole computer.
I have NSW2003Pro and , believe me, it is very common after using LiveUpdate.
When in doubt, choose restore, and immediately update to the latest definitions
and run another scan.

 

[Guest]

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

If you used PM to do some partition work, you don't want to
revert back the MBR sector to the previous. Just tell NAV
"change expected, update". It will update it's data to
match the new MBR.



"Wayne R. Russ" <NOwaynerrSPAM@olg.com> wrote in message news:11ggtio5qpq3oce@corp.supernews.com...
> Hi,
>
> Sorry, I was sick for a day.
>
> I couldn't see how to get all of F-Prot on a floppy, so I put it on my
> D: partition. It ran clean. I ran Western Digital's drive diagnostic twice
> and it ran clean.
>
> I could have POSSIBLY used Partition Magic just before the alerts starts
> started. If that is the case, how do I go about changing back to the correct
> MBR ?
>
> Wayne R. Russ
>
>>
>>
>> Wayne R. Russ
>>
>> Your Boot Record, which contains critical startup information,has changed,
>> This change is acceptable if you have upgraded your OS, Installed HD, or
> run
>> SW that modifies HD.If not an unknown virus may have infected your system.
>>
>> If your aware unsure, ignore, run Live Update and scan
>>
>> Change expected, update
>>
>>
>>
>
>