General discussion

Locked

Clearing MBR without destroying data

By bfindlay ·
I just bought a new computer with SATA drive, and older IDE
cables on motherboard. I have two PATA/ide drives from my old
computer that are full of data, but also have a boot sector virus
on them. I want to keep the data, but remove the BSV. What is
the best way to do this? I was thinking I could attach just one
drive at a time (DETACH) the SATA drive, and run fdisk /mbr on
it. If I do that, will I lose all data on the drive?

If I reattach the SATA after that, then immediately run a norton
AV scan on the infected drives, would that then be safe? I need
to get the (cleaned and scanned) data off the old drives, then
completely nuke them and use them fresh. What is the best way
to proceed?

This conversation is currently closed to new comments.

3 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by Dumphrey In reply to Clearing MBR without dest ...

Fdisk /mbr will not effect any data on your drive other then whats stored in the mbr (ie nothing but os loading info). I would get a hold of WinPE disk and scan your had drives with several on-line scanners (Pand/trend). Or, use a XP64 system to slave the infected disks into and then scan em. Or slave the disks into a linux system and scan with f-prot and or clamav. If you use a regular xp 32 system, update patches, and av befor installing infected disk. Scan with local av scanner and an on-line scanner from a different company (on known infected disks, i use scans from 3 vendors). BUT, i would deffinately fdisk /mbr the infected disk.

Collapse -

by HAL 9000 Moderator In reply to Clearing MBR without dest ...

Provided that you are not booting from the infected drives the infection shouldn't spread.

However there may be a problem with attempting to fit 2 PATA Drives in this computer as the current M'Boards only have one IDE channel available for Optical Drives. If you fit both to this unit you will not have any possibility of using the Optical drive that should have been fitted to the machine and if you haven't got one you'll be unable to install one to boot from when the need arises.

If that's not an issue you can just install them in the new machine provided that it's got a current and active AV Program running and scan the drives from the SATA Drive to clean them up.

Even still if you can not do that you should be able to transfer the data without incident as most Infections target the OS and not the actual Data so unless you have a Macro Virus infecting the drives you should be safe to just cut & paste the Data across to where you need it.

When I do things like this I always fit the IDE Drives to a USB Caddy and run them from there as it's easier to stop anything unwanted from crossing into the running OS.

Depending on the old OS you may need to take ownership of the main files by following the directions here

http://tinyurl.com/3aw7

Also if you encrypted the data you'll need to recover the encryption keys as well by following the directions here

http://tinyurl.com/orpmf

Col

Collapse -

by hughiemcginley In reply to Clearing MBR without dest ...

fdisk /mbr is the only tools you can use with ease of mind

Back to Desktop Forum
3 total posts (Page 1 of 1)  

Related Discussions

Related Forums