Admin Tip #75: Rewrite Master Boot Record

Hits: Failed to execute CGI : Win32 Error Code = 3

Prior to boot sector viruses, it was rare that any support person even knew what a MBR was. For background on the MBR: MBR Explained. If your MBR has been contaminated by a virus, use the virus vendors document to recover it. If you can not, the preferred approach is to have a backup of the MBR. See Backup/Restore MBR. If its too late for that the next best approach is to rewrite the Master Boot Record using the DOS-based FDISK command:

fdisk /mbr

Use a dos boot disk and run it. If you don't understand what this means, don't try this tip. As an absolutely last option (thats absolutely), Mark Minasi (NT Mag Summer 1999) published assembler code to wipe the MBR. If all else fails, you can try it. If you remember when the following technique was common (ie you are an old fart), you should understand the dangers of this technique. For the babes in the woods, DEBUG code was widely used in the OLD days by assembler language coders who did not own an assembler and as a method to publish small code snippets.

I have not tried the debug approach. Let me know if it works for you. Definitely on your own. Try it as a last resort before total reinstall. Very risky. You may have to reinstall anyway.

You can now install a replacement MBR using fdisk.

Caution: if you need to replace the MBR to remove a boot sector virus, check your virus vendors documentation on the virus very carefully. Replacing the MBR may the worst thing you can do given certain viruses that twiddle with disk sectors - hidding or encrypting data. In such a case, replacement of the MBR will result in ALL your disk partitions and data being lost. If you have such a virus, use anti-virus software to remove the virus.

Remember the term backups? Sorry. Couldn't resist.


Its the 11th Edition. Need I say more.