Jump to content
Kaspersky Support Forum

How to repair the MBR

T,X

By T,X
in Virus and Ransomware related questions

 Share
Go to solution Solved by Wesly.Zhang,

Recommended Posts

T,X

T,X

Posted
Posted

The system of my computer in windows7 home edition. Not long before my computer got infected by a kind of nasty software that changed the MBR. Therefore, I have to press the enter to make the choice every time when I boot up my computer. I used Kaspersky to scan, but it didn't reporte any threat. Is there anything I can do to make A recovery? Thanks a lot.d003721f1f73b4154239d322d79230b.thumb.jpg.5aedd35c939bd7b40c6faf50ecfc2da9.jpg

T,X

T,X

Posted
  • Author
Posted

I want to add that my computer is double system, including Windows and MAC, so I can't reset MBR use ways that I know.

Berny

Berny

Posted
Posted

@T,X Welcome.

Can you please provide some details about the “nasty software” ?
Do you suspect Kaspersky in this issue ?

 

T,X

T,X

Posted
  • Author
Posted (edited)

Well, this is the nasty software's website: https://www.160.com/, I can't attach it since it's larger than 50MB.

The KSC software can't find the threat, but my MBR was changed

Edited by T,X
mistake
T,X

T,X

Posted
  • Author
Posted

The issue is that the KSN trusts the software's setup338734472__20220717204343.png.5b4d901864183633d74e9d119a61ef38.png

harlan4096

harlan4096

Posted
Posted

I have just sent to K. analyst the installer DriveTheLife_2571_8.15.99.290.exe via KOTIP, waiting for final verdict... but got also a too large file warning from the robot, so I will try to send it via K. Support ticket...

  • Like 1
  • Thanks 1
T,X

T,X

Posted
  • Author
Posted (edited)
1 hour ago, harlan4096 said:

I have just sent to K. analyst the installer DriveTheLife_2571_8.15.99.290.exe via KOTIP, waiting for final verdict... but got also a too large file warning from the robot, so I will try to send it via K. Support ticket...

The KIP result says that it is clean, so I have submited a request to reanalyze. Because it did change the MBR of my computer.

Edited by T,X
  • Like 1
T,X

T,X

Posted
  • Author
Posted

I suspect that the software changed my MBR when I use it to update the drive(not right after the software's installation)

  • Like 1
Gionatan

Gionatan

Posted
Posted
19 hours ago, harlan4096 said:

DriveTheLife_2571_8.15.99.290.exe 

 

What says VirusTotal ? 

T,X

T,X

Posted
  • Author
Posted
18 hours ago, T,X said:

changed my MBR when I use it to update the drive

So, that's maybe the reason why it's not detected as a virus.

Wesly.Zhang

Wesly.Zhang

Posted
Posted

Hello, @T,X

Do you really don't know what is "DriveTheLife" in china ? If you want to restore the mbr information to default, Please use this system command which only available in windows 7, but you should backup the disk first and execute this command : 

fdisk /mbr

Usually this command will not lead to lose disk data, but we are afraid of losing data in case.

Regards.

  • Like 2
  • Solution
Wesly.Zhang

Wesly.Zhang

Posted
  • Solution
Posted
1 hour ago, T,X said:

So, that's maybe the reason why it's not detected as a virus.

Hello, @T,X

Programs that change your mbr are not necessarily malicious programs, such as disk programs such as diskgenius. Why do you say it changes the mbr information? The key is to see what happens after changing the mbr information, locking the system and ransome you, because changing the mbr information is used to do this kind of malicious behavior. I believe this program does not have this behavior. I think this program set the boot item for you. not use mbr section.

Just edit the boot.ini file in driver C root folder.

Regards.

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share
Go to topic listing


×
×
  • Create New...