Jump to content

Remove MBR Rootkit From External Drive?

Recommended Posts

I should explain that I am trying to remove a nasty virus/rootkit from from my friends laptop (HP dv2000), however the screen of his laptop is broken so he uses an external monitor. Of course, the screen output does not go to the external monitor until Windows is up and running, and then it fortunately automatically switches. Unfortunately, this makes it very difficult to do any malware removal because I can not see the screen if I try to boot into Safe Mode or run the Windows Recovery Console or open the BIOS settings, etc.

What I've done is remove his internal hard drive and put it in an external enclosure so I can scan it from my PC. I've killed and removed numerous viruses (virii?), but Root Repeal keeps telling me I have an MBR Rootkit in that drive. Although no other scanners have found a rootkit I am inclined to believe Root Repeal because none of the scanners have found any rootkits, just trojans.

It is my understanding that if I just repair or replace the MBR it should kill the rootkit, but I am leary of doing this because the disk has an HP recovery partition and I am worried that fixing the MBR will mess up the whole drive. I need to fix the MBR before I put his drive back in his laptop, because I am worried that if I can't see the Windows Recovery Console I won't be able to fix it. And if I mess up and it doesn't boot I won't even be able to use the HP Recovery CD's (because I won't be able to see the interrface).

His laptop is an HP dv2315nr (dv2000) running Vista Ultimate (32-bit). The PC I am using to scan his drive is also running Vista 32-bit. By the way, when I run Root Repeal I always get an "RootRepeal Error - Invalid PE image found!" error but the scans seem to run find. Besides the "MBR Rootkit Detected!" I also get a lot of "Sector mismatch" in both of the partitions, however Root Repeal does not find any .sys files.

So anyway, my question is: how can I repair the MBR or remove the rootkit from it if it's an external drive?

Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.