dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
47558
share rss forum feed

Cronk

join:2005-07-16

1 edit

Re-write MBR on external Hdd

I have a hard drive in my external enclosure that I would like to format and re-write the MBR (to ensure there is no malware in there). Is there a way to re-write the MBR on it from a command prompt?

Thanks


Doctor Olds
I Need A Remedy For What's Ailing Me.
Premium,VIP
join:2001-04-19
1970 442 W30
kudos:18

Cronk

join:2005-07-16
Thanks for the info, but that page says:

NOTE: The fdisk /mbr command only re-writes the MBR on the system drive (DISK-0) using BIOS calls. You cannot specify any other drive for the fdisk /mbr command to operate on other than DISK-0.

I need to write the mbr on an external disk.

Thanks


salzan
Experienced Optimist
Premium
join:2004-01-08
WA State
reply to Cronk
You could run D-Ban on it. That will remove everything.


jeno

@bellsouth.net
reply to Cronk
FIXMBR
fixmbr device name
Use this command to repair the MBR of the boot partition. In the command syntax, device name is an optional device name that specifies the device that requires a new MBR. Use this command if a virus has damaged the MBR and Windows cannot start.

Warning This command can damage your partition tables if a virus is present or if a hardware problem exists. If you use this command, you may create inaccessible partitions. We recommend that you run antivirus software before you use this command.

You can obtain the device name from the output of the map command. If you do not specify a device name, the MBR of the boot device is repaired, for example:
fixmbr \device\harddisk2
If the fixmbr command detects an invalid or non-standard partition table signature, fixmbr command prompts you for permission before it rewrites the MBR. The fixmbr command is supported only on x86-based computers.
»support.microsoft.com/kb/314058

Cronk

join:2005-07-16
Thanks,
but that page refers to using the Recovery Console in XP. I am running Vista, don't have the boot disk ( I know I can download it from NeoSmart) but I am trying to find out if I can do this from the command prompt. I tried to run fixmbr from Vista's command prompt and it would not recognize the command.


redxii
Premium,Mod
join:2001-02-26
Sherwood, MI
Just scan it with an anti-virus. If you plugged it in and it was already infected with a boot sector virus then your other hard drives probably already have it too.

Cronk

join:2005-07-16
Been there and did that.

I'd still like to re-write the MBR, and now I'm curious to find out if it can be done from the command prompt, will help me in other issues I've got.

Thanks

Cronk

join:2005-07-16

1 edit
If I just delete the volume using Disk Management, will that delete the MBR?

Thanks

alfee

join:2006-05-12
Toledo, OH
reply to Cronk


jeno

@bellsouth.net
reply to Cronk
You failed to specify your OS/Version in your OP...

You can use the Bootrec.exe tool in the Windows Recovery Environment (Windows RE) to troubleshoot and repair the following items in Windows Vista:

* A master boot record (MBR)
* A boot sector
* A Boot Configuration Data (BCD) store
»support.microsoft.com/kb/927392

What happened to the Recovery Console?:
Applies to all editions of Windows Vista.
»windowshelp.microsoft.com/Window···033.mspx

Cronk

join:2005-07-16
Thanks,

I've never played with bootrec, but from what I read on your linked page, it seems to imply it only works on the system drive, not an external drive.

The /FixMbr option writes a Windows Vista-compatible MBR to the system partition.


GILXA1226
Premium,MVM
join:2000-12-29
Dayton, OH
reply to Cronk
I think we're missing the bigger point... since, it seems to me at least, the external drive was never used for a boot drive there should be no MBR on it correct?
--
We don't give a d@mn for the whole state of Michigan... we're from OHIO! O!H! ... I!O!


nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
kudos:7
Reviews:
·AT&T U-Verse
I think we're missing the bigger point... since, it seems to me at least, the external drive was never used for a boot drive there should be no MBR on it correct?
The MBR is also the partition table. It is tradition to use a partition table (except on floppies), even if only one partition is intended.
--
AT&T dsl; Westell 327w modem/router; openSuSE 11.0; firefox 3.0.5


nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
kudos:7
Reviews:
·AT&T U-Verse
reply to Cronk
For what it's worth, here is how I would do it -- mainly because I trust linux tools more than I trust Windows tools.

I would boot linux, perhaps with a live CD.

The first step would be to find the names of the hard drives. The output of "fdisk -l" should help with that.

Then I would copy the MBR from a known good disk to the disk where you want it. To describe this, I will assume that the known good disk is "/dev/sda", and the disk where you desire to do this is "/dev/sdb".

I would first make a copy of the good MBR, with

cd /tmp ## where to write the copy
dd if=/dev/sda of=mbr.sda count=1

That should create a 512 byte file "mbr.sda" containing the good MBR. The name indicates where it came from, as a reminder in case I want to keep it for a long time.

I would then copy that to the desired disk, with

dd bs=446 if=mbr.sda of=/dev/sdb count=1

That should copy the desired data - the first 446 bytes of the MBR. The last 66 bytes is a 64 byte partition table, and a two byte validity flag that you probably don't want to copy.

If you decide to do it this way, carefully check the commands before hitting enter. If you copy too much (more than 446 bytes) you can wipe out some of the data already on the disk. It might be safer to also use the "bs=446" on the first command, making it harder to accidently copy too much on the second.

For reference:
of : output file
if : input file
bs : the logical blocksize to use for the copy
count : the number of logical blocks to copy

--
AT&T dsl; Westell 327w modem/router; openSuSE 11.0; firefox 3.0.5


Parted Magic

@cox.net
reply to Cronk
Much easier is to download the iso, burn and boot up with the live cd, then use TestDisk, in the system tools menu, you can accomplish your goal. Recover lost partitions, too.

»partedmagic.com/


Mannus
Premium
join:2005-10-25
Fort Wayne, IN
reply to Cronk
Ultimate Boot CD is also an option.

»www.ubcd4win.com/

Cronk

join:2005-07-16
reply to Cronk
I am working through all the suggestions here, thanks.

Does anyone know if deleting & recreating the volume using Vista's Disk Management will re-write the MBR?

Thanks


nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
kudos:7
Reviews:
·AT&T U-Verse
Does anyone know if deleting & recreating the volume using Vista's Disk Management will re-write the MBR?
I doubt it.

That will rewrite the partition table, which is part of the MBR. It is unlikely to rewrite the boot code, which is presumably what you want.

If modifying partitions with Vista were to rewrite the boot code part of the MBR, you would have lots of angry linux users, since the GRUB or LILO boot code is often placed in the MBR.
--
AT&T dsl; Westell 327w modem/router; openSuSE 11.0; firefox 3.0.5

Cronk

join:2005-07-16

1 edit
I'm not just talking about modifying a partition, I mean to remove every volume on the disk so the whole disk shows as "Raw", and therefore no active partitions.

Thanks


nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
kudos:7
Reviews:
·AT&T U-Verse
If you have linux available, such as a linux live CD, then use:

dd if=/dev/zero of=/dev/sdX count=1

where you replace the "/dev/sdX" by the device name for the particular disk. That overwrites the MBR with binary zeros. It will then look like a fresh disk, never before used. The first time you try to write to the disk, the standard software will write a new MBR.

The output from "fdisk -l" might help you identify the device for the disk.

--
AT&T dsl; Westell 327w modem/router; openSuSE 11.0; firefox 3.0.5

Cronk

join:2005-07-16

1 edit
I don't know anything about Linux. I'd hate to have to learn it just for this one task.

This drive was the boot drive on a severely infected computer. Now it is in an external enclosure, and it's been re-formatted. I'm concerned about the newer rootkits that hide in the MBR. I've read that you cannot depend upon anti virus software to be able to detect them because they are hidden. So I thought that re-writing the MBR would not be that big of deal.

Thanks


nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
kudos:7
Reviews:
·AT&T U-Verse
Malware that hides in the MBR is going to be in the boot code part of the MBR, and is activated when you boot from that disk. If you never boot from the disk, then I doubt that it can ever do any harm. I do understand that knowing it might be there is a source of discomfort.

Possibly some root kits hide in the remainder of the track that contains the MBR, since that track is often left unused. Again, that would be harmless unless there is other malware on your computer that knows to access it.

If you know somebody who is familiar with linux, you could probably ask them to wipe the MBR for you.

What you are probably looking for is a disk wipe utility. Do a search on google, and you will find many. They probably wipe your disk more thoroughly than you need, but that should give you the confidence to use that disk again.
--
AT&T dsl; Westell 327w modem/router; openSuSE 11.0; firefox 3.0.5


VikingBob

join:2004-06-05
Ste Anne, MB
reply to Cronk
If that machine was dinged with Mebroot, you may need to scrub that clean - see also »community.norton.com/norton/boar···4#M15179


mmainprize

join:2001-12-06
Houghton Lake, MI
Reviews:
·Charter

1 edit
reply to Cronk
said by Cronk:

I'm not just talking about modifying a partition, I mean to remove every volume on the disk so the whole disk shows as "Raw", and therefore no active partitions.

Thanks
Here is what you do.

Boot to Dos
Format the external disk
xfer the dos boot files to it with the SYS command

Boot to the external disk, and fdisk /mbr

then delete all partitions

that is what you want to do right.


rcdailey
Dragoonfly
Premium
join:2005-03-29
Rialto, CA
The other thread, re "Secure Erase," may suggest an alternative way to clean a drive.

Cronk

join:2005-07-16
reply to Cronk
Looks like D-ban as suggested by salzan will work. Got an email back from their tech support, it does wipe the mbr and partition table.