Low level formatting will wipe out a boot virus along with
anything on the hard drive. You
really don’t want to low-level format without the manufacturers recommendation. There’s a better way.
The Master Boot Record (MBR) basically tells the computer where its partitions and drives are, and then transfers control to the next sector to be read normally the boot record on a partition (like C:).
A virus moves the real MBR to slack space,” a sector normally
unused by your computer. Then its puts
its own rotten self where the Real McCoy belongs, so that all the partition
information comes from a nasty source.
If the virus is in “Stealth” mode, a normal antivirus scan
may not pick it up. The clever little
creep may redirect the scanner to the right MBR (“see? Nothin’ wrong here!”)
then will scan as normal even though it’s in the wrong place. It could also pre-empt all DOS calls to the
file (“Hey! Virus scanner a ‘comin’!”), run ahead, and actually disinfect the
MBR before it’s scanned. Then, when the
call is over, the virus re-infects the file.
If you’re trying to boot to drive C: and you get an Invalid
Drive Specification error—bingo, you’ve probably got a Master Boot Virus. A simple boot sector virus is more likely to
give you a “General Failure Reading Drive C: error.
So now
what? Breathe deep and do these things,
on this order ;
1)
Use a clean rescue disk (make sure it’s write-protected
before you stick it in a potentially infected drive!) with current virus
definitions on it. That should give you
a clean boot to drive A:, which can then remove infection from inactive drive
C:.
2)
Get a rescue disk from a friend with a clean system, if
yours doesn’t work. It’s possible
you’ve had the virus longer than you realized.
3)
Replace the MBR by booting clean (make yourself a boot
floppy with system files and FDISK/MBR.
This overwrites your infected MBR and puts a nice fresh on in the right
place. You could probably do it by
booting to the C: prompt, but it’s best to try to fix the virus when it hasn’t
been activated. Stick with the clean
boot floppy to be absolutely sure.
4)
No luck getting rid of it?
Hope all your data’s backed up!
Reformat your hard drive, Which
will not only write in a new MBR, but will add a new File Allocation
Table. This means that it will
basically tear out the Table of Contents on your computer and put in one that
says your hard drive is blank. The data
files are actually still there until they’re overwritten. Your computer (or the virus) just doesn’t
know that.
You can get some useful
information about viruses, and how to detect and get rid of them
at Quarterdeck and Symantec.
If you are still curious about low-level formatting,
you can get a program from a company like Norton or from your hard drive
manufacturer. Your BIOS may also have
some hard disk utilities with the format option. Only use low-level format as a
last resort.