The Master Boot Record is an important part of your hard disk drive. FIXDISK.EXE is a simple command line utility designed to safely remove unknown boot sector viruses while providing a virus data file for analysis and recovery.
FIXDISK will save the first track of the disk to a data file. If this file is created before a virus infection, it can be used as a rescue file. Also, should you encounter a new virus that cannot be disinfected, please send us the saved file and our development team will analyze it and update F-PROT. |
During the installation process, F-PROT instructs FIXDISK to save the MBR as a hidden RESCUE file in the root directory. This file is called F-PROT.SYS and it can be used by FIXDISK to repair the damage done by a boot sector or MBR virus.FIXDISK SWITCH OPTIONSIf nothing is specified, FIXDISK offers the following options.
REPAIR | Attempts a generic repair of the MBR. |
UNDO | Replaces the MBR with a rescue file. |
FIND | Searches drive for a rescue file. |
RESCUE | Used with the following switches for saving and restoring a rescue file CREATE Creates a file that contains the MBR and boot sector RESTORE Asks for a filename to repair an MBR and/or boot sector. |
Should you encounter an unknown virus that cannot be disinfected, you can use the FIND command to restore the infected MBR from the data file created by RESCUE. This will allow access to your valuable data files.
This will attempt a generic repair of the MBR. Should this fail, it will search the hard drive for a rescue file. For example:FIXDISK REPAIR C:
The "Save" command will take an image of the first track of the drive and the boot sector. This is the preferred method to use if sending Command Software a suspected virus sample for analysis.
This will skip the generic repair and search for the rescue file on the hard drive. This search is done on a track-by-track basis and may take some time.FIXDISK FIND
This command is used to create and restore a rescue file.
CREATE produces a rescue file that contains an image of the MBR and the boot sector of all physical hard drives. If a filename is specified, that will be used. Including a floppy drive letter creates the F-PROT.SYS file on that drive. For example:The F-PROT.SYS hidden, system, read-only file will be created on the root directory of the boot drive. This file contains not only the MBR and boot sector of the boot drive, but the MBRs of any other physical hard drives in the system.FIXDISK RESCUE CREATETo create a similar file called RESCUE.DAT on drive A: type:
To create a rescue file called TEST.DAT on drive A: type:FIXDISK RESCUE CREATE A:FIXDISK RESCUE CREATE A:TEST.DAT
This will prompt you for a rescue filename to use to recover the MBR and boot sector.FIXDISK RESCUE RESTORE
Should attempts to disinfect a boot sector virus fail, check the CMOS setup of the infected system. Some boot sector virus variants will attempt to protect themselves by modifying the CMOS in two ways:
The FIXDISK utility safely disinfects a boot system virus in two different ways. The easiest is with a previously created STARTUP diskette and the second is used if you have just attempted to install F-PROT and have detected a pre-existing boot sector virus.
The instructions on how to disinfect your system with the Windows Startup diskette assumes that you have previously installed F-Prot Professional on your computer. Before you begin this disinfection process, be sure to have the following items readily available:
In this disinfection procedure, you can use a virus-free, write-protected MS-DOS backup diskette (version 5.0 or higher) in place of the Windows Startup diskette. However, if your Windows 95 system is using VFAT32, then you must use a VFAT32 system disk instead of an MS-DOS bootup diskette. |
When you have all of the items mentioned above, you can start the disinfection procedure:
F-PROT /NOMEM /HARD /DISINF
If you are using an MS-DOS bootup disk rather than a Windows 95 Startup disk, you can omit the /NOMEM switch in Step 5. |
If a virus is found, choose to have F-PROT Professional disinfect it. Then, perform steps 1 through 5 again to make sure that the virus has been removed. If, on that subsequent scan, you find the virus is still on your drive, proceed to the next step.
FIXDISK REPAIR C: [ENTER]However, if F-PROT Professional has been previously installed on you system, type:
FIXDISK RESCUE RESTORE [ENTER]
Without the rescue file, FIXDISK will only repair MBR viruses that have not modified the partition table. However, if a rescue file is available for FIXDISK, even partition tables that have been modified will be repaired. |
A:RESCUE.DAT [ENTER]
If no viruses are found via the scan in step 13, remove the F-PROT Professional diskette from your floopy drive and and reboot your system as normal.
F-PROT /NOMEM /HARD /DISINF [ENTER]If the scan reveals a virus, allow F-PROT Professional to disinfect it. After the disinfection, run steps 9 through 13 again to insure that no viruses remain on your system. If, on the succeeding scan, no viruses are detected, proceed to the next step.