So this morning I woke up to find the time on my computer's clock had been changed to may 8th, 2004 at the same hour. "Big deal" I thought, "must have changed it inadvertantly a looong time ago and never noticed it" (who looks at their computer clock's YEAR, usually?).
But then I noticed something was off.
The routine daily virus scan (I use AVG) detected a "Change" in my disk's boot sector.
I didn't download anything yesterday that was executable;
I didn't do any disk editing.
Virus scans are coming up clean. I had some spyware but it is removed.
I have three questions :
1- What are the odds that this is malicious?
2- What are the odds my computer will simply not boot next time I hit the Restart button?
3- What can I do?
Full Version: Boot sector modification
Hmm...
1. Malicious? Slim, but possible. Bigger hardware issue? More of a possibility. But chances are, if your system date changed prior to that virus scan, that AVG just flipped out a bit when it noticed that the MBR stamps were years ahead of what the current date is supposed to be. The system date can change for a number of reasons...on its own, it can change due to a weak CMOS battery or be a sign of bigger problems with your mainboard, but usually time just slips or flat our resets to 12:00am Jan 01, 1990 in those instances...with a little help from the user and/or OS, Windows may have gotten a bad return the last time it tried to sync with a world clock, or if you had the date/time window open in XP and accidentally bumped the scroll wheel with the wrong object clicked, which sounds more plausible with the date being exactly 3 years off instead of just losing time.
2. Once again, slim, but possible. If it's not a much bigger hardware issue, and it doesn't boot, it may be fixable by getting to the repair console on your XP CD, taking into consideration you have access to one. In that case, once you're at the repair console, you can do everything in part 3 here from there.
3. Start by running a standard CheckDisk while you're in the system currently. Run 'chkdsk' from the command prompt ("cmd" in the run window to get to a command prompt) The standard test will run through integrity checks on the MBR, MFT, and file system. Just to further set your mind at ease, run 'bootcfg' from the command prompt as well and make sure your XP install is being displayed. If that comes back clean, then it should be safe to reboot your pc. But first, make sure everything is cleaned up by going back into the command prompt and running 'chkdsk /r' The /r will do a deeper scan and repair any additional problems, but it requires locking down the drive to complete, so the command prompt will warn you of such and ask if you want to run the test on the next boot. Say yes, reboot, and you'll see a light blue screen with an XP logo in the corner and it will do it's thing. (Which may take as long as 45 minutes on larger drives) That will ensure that any little issues that popped up will be cleaned up. Some status messages appear with progress percentages, but those can almost be ignored, as you'll notice they reset or roll back a bit every so often.
I hope all that makes sense. Brain no workie with the talky and the typy today.
1. Malicious? Slim, but possible. Bigger hardware issue? More of a possibility. But chances are, if your system date changed prior to that virus scan, that AVG just flipped out a bit when it noticed that the MBR stamps were years ahead of what the current date is supposed to be. The system date can change for a number of reasons...on its own, it can change due to a weak CMOS battery or be a sign of bigger problems with your mainboard, but usually time just slips or flat our resets to 12:00am Jan 01, 1990 in those instances...with a little help from the user and/or OS, Windows may have gotten a bad return the last time it tried to sync with a world clock, or if you had the date/time window open in XP and accidentally bumped the scroll wheel with the wrong object clicked, which sounds more plausible with the date being exactly 3 years off instead of just losing time.
2. Once again, slim, but possible. If it's not a much bigger hardware issue, and it doesn't boot, it may be fixable by getting to the repair console on your XP CD, taking into consideration you have access to one. In that case, once you're at the repair console, you can do everything in part 3 here from there.
3. Start by running a standard CheckDisk while you're in the system currently. Run 'chkdsk' from the command prompt ("cmd" in the run window to get to a command prompt) The standard test will run through integrity checks on the MBR, MFT, and file system. Just to further set your mind at ease, run 'bootcfg' from the command prompt as well and make sure your XP install is being displayed. If that comes back clean, then it should be safe to reboot your pc. But first, make sure everything is cleaned up by going back into the command prompt and running 'chkdsk /r' The /r will do a deeper scan and repair any additional problems, but it requires locking down the drive to complete, so the command prompt will warn you of such and ask if you want to run the test on the next boot. Say yes, reboot, and you'll see a light blue screen with an XP logo in the corner and it will do it's thing. (Which may take as long as 45 minutes on larger drives) That will ensure that any little issues that popped up will be cleaned up. Some status messages appear with progress percentages, but those can almost be ignored, as you'll notice they reset or roll back a bit every so often.
I hope all that makes sense. Brain no workie with the talky and the typy today.
QUOTE(Brent Black @ May 8 2007, 10:34 PM) 
Lots of info
Thanks for the in-depth response, I'll try it out and we'll see what happens.
Edit : If I don't post for a couple of days I'm out buying a new hard drive
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.