Loading ...
Sorry, an error occurred while loading the content.

Norton Anti Virus - Cure can be worse than the disease

Expand Messages
  • dalmolin@home.com
    I have spent the whole weekend reading hex codes and trying to learn enough about MBR s and FAT etc. to recover my hard disk after Norton antivirus repaired
    Message 1 of 4 , Mar 4, 2001
    • 0 Attachment
      I have spent the whole weekend reading hex codes and trying to learn
      enough about MBR's and FAT etc. to recover my hard disk after Norton
      antivirus "repaired" my boot sector. I thought I had a virus in a
      file and did a scan....assumed that NAV would have known about the
      second disk I installed with Linux on it and consequently modified
      the boot for my primary Win98SE disk to allow dual boot. In any case
      the rest is history....funny my Linux disk still works fine.

      I am attaching the Partition Information output below. Drive 0 is the
      bad Windows disk....drive 1 is a new 30Gb Maxtor drive that I bought
      to have as a backup from now on....the Linux disk is not connected
      for now so you don't see it on the print out. I should point out that
      the bad disk is also a Maxtor 30Gb (older model). I have been able to
      get the old disk to boot but it only goes to the C: prompt. I'm stuck
      at this point...it seems to me that the bad disk is seen as a smaller
      drive for some reason, just looking at the printout of Partition Info.

      Here is the output


      Partition Information Program
      Oct 08 1999 - DOS32 Version
      Copyright (c) 1994-1999, PowerQuest Corporation
      Permission is granted for this utility to be freely copied so long
      as it is not modified in any way. All other rights are reserved.

      PowerQuest, makers of PartitionMagic, can be reached at
      Voice: 801-226-6834 Web site: http://support.powerquest.com
      Fax: 801-226-8941 Email: help@...


      =====================================================================

      Disk 0: 3596 Cylinders, 255 Heads, 63 Sectors/Track.

      The BIOS supports INT 13h extensions for this drive.

      ========================== Partition Tables =========================

      Partition -----Begin---- ------End----- Start Num

      Sector # Boot Cyl Head Sect FS Cyl Head Sect Sect Sects

      --------- - ---- ---- ---- ---- -- ---- ---- ---- --------- ---------

      0 0 80 0 1 1 0C 442 254 63 63 40017852

      Info: Begin C,H,S values were large drive placeholders.

      Info: End C,H,S values were large drive placeholders.

      Actual values are:

      0 0 80 0 1 1 0C 2490 254 63 63 40017852



      =====================================================================

      Disk 1: 3736 Cylinders, 255 Heads, 63 Sectors/Track.

      The BIOS supports INT 13h extensions for this drive.

      ========================== Partition Tables =========================

      Partition -----Begin---- ------End----- Start Num

      Sector # Boot Cyl Head Sect FS Cyl Head Sect Sect Sects

      --------- - ---- ---- ---- ---- -- ---- ---- ---- --------- ---------

      0 0 80 0 1 1 0C 662 254 63 63 60002712

      Info: Begin C,H,S values were large drive placeholders.

      Info: End C,H,S values were large drive placeholders.

      Actual values are:

      0 0 80 0 1 1 0C 3734 254 63 63 60002712


      ======================================================================
      ========
      Disk 0: 28207.9 Megabytes
      ============================ Partition Information
      ===========================
      Volume Partition Partition
      Start Total
      Letter:Label Type Status Size MB Sector #
      Sector Sectors
      ------------- --------------- -------- ------- --------- - --------- -
      --------
      C:DISK4PART01 FAT32X Pri,Boot 19540.0 0 0 63
      40017852

      Free Space Pri 8667.9 None - 40017915
      17751825


      ======================================================================
      ========
      Disk 1: 29306.1 Megabytes
      ============================ Partition Information
      ===========================
      Volume Partition Partition
      Start Total
      Letter:Label Type Status Size MB Sector #
      Sector Sectors
      ------------- --------------- -------- ------- --------- - --------- -
      --------
      D:DISK1PART00 FAT32X Pri,Boot 29298.2 0 0 63
      60002712

      Free Space Pri 7.8 None -
      60002775 16065



      ======================================================================
      ==

      Boot Sector for drive C: (Drive 0, Starting Sector 0x3F, Type: FAT32

      ======================================================================
      ==

      1. Jump: EB 58 90

      2. OEM Name: MSWIN4.1

      3. Bytes Per Sector: 512

      4. Sectors Per Cluster: 32

      5. Reserved Sectors: 32

      6. Number of FAT's: 2

      7. Reserved: 0x0000

      8. Reserved: 0x0000

      9. Media Descriptor: 248

      10. Sectors Per FAT: 0

      11. Sectors Per Track: 63 (0x003F)

      12. Number of Heads: 255 (0x00FF)

      13. Hidden Sectors: 63 (0x0000003F)

      14. Big Total Sectors: 40017852 (0x02629FBC)

      15. Big Sectors Per FAT: 9766

      16. Extended Flags: 0x0000

      17. FS Version: 0x0000

      18. First Cluster of Root: 2 (0x00000002)

      19. FS Info Sector: 1

      20. Backup Boot Sector: 6

      21. Reserved: 000000000000000000000000

      22. Drive ID: 0x80

      23. Reserved for NT: 0x00

      24. Extended Boot Sig: 41

      25. Serial Number: 0x6ED92D0E

      26. Volume Name: DISK4PART01

      27. File System Type: FAT32

      28. Boot Signature: 0xAA55





      ======================================================================
      ==

      Boot Sector for drive D: (Drive 1, Starting Sector 0x3F, Type: FAT32

      ======================================================================
      ==

      1. Jump: EB 58 90

      2. OEM Name: SSOFT32A

      3. Bytes Per Sector: 512

      4. Sectors Per Cluster: 32

      5. Reserved Sectors: 32

      6. Number of FAT's: 2

      7. Reserved: 0x0000

      8. Reserved: 0x0000

      9. Media Descriptor: 248

      10. Sectors Per FAT: 0

      11. Sectors Per Track: 63 (0x003F)

      12. Number of Heads: 255 (0x00FF)

      13. Hidden Sectors: 63 (0x0000003F)

      14. Big Total Sectors: 60002712 (0x03939198)

      15. Big Sectors Per FAT: 14642

      16. Extended Flags: 0x0000

      17. FS Version: 0x0000

      18. First Cluster of Root: 2 (0x00000002)

      19. FS Info Sector: 1

      20. Backup Boot Sector: 6

      21. Reserved: 000000000000000000000000

      22. Drive ID: 0x80

      23. Reserved for NT: 0x00

      24. Extended Boot Sig: 41

      25. Serial Number: 0x33502238

      26. Volume Name: DISK1PART00

      27. File System Type: FAT32

      28. Boot Signature: 0xAA55

      >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

      I will really be grateful if someone can help me determine what to do
      next. I tried using Lost & Found but I could not select the
      directories I wanted to keep because it kept running out of memory
      due the large number of files I guess and bypassed the selection
      screen then wanted to save everything twice.......and so on.

      Thanks in advance for your help.

      Cheers,

      Joseph Dal Molin
      www.openhealth.com
    • Robert Hurt
      Joseph: If your efforts fail, you should get my drive clinic software (http://pcwiz.ws/driveclinic.htm) to recover your drive, if you haven t hosed it beyond
      Message 2 of 4 , Mar 5, 2001
      • 0 Attachment
        Joseph:

        If your efforts fail, you should get my drive clinic software
        (http://pcwiz.ws/driveclinic.htm) to recover your drive, if you haven't
        hosed it beyond recovery by then. The program scans the drive, determines
        the geometry with which its partitions were formatted, rebuilds the
        partition boot record and master boot record, rebuilds the FATs, and lets
        you save them to the drive. It works on an unlimited number of
        drives. It's heuristics methods let you iteratively retry geometry
        restructures till your root directory appears and looks like a root
        directory should (instead of like a bunch of gibberish, a clear sign of
        mismatched drive/BIOS geometries).

        Lost and Found, unless it has changed recently, limits you to just that one
        drive, and it is a file recovery program, not a drive structure recovery
        program, and that is why you will not be successful with it in your situation.

        The Partition Manager and Partition Magic are not recovery tools, although
        Partition Manager can help you understand what to do if you are clever
        enough.

        As a simple advice, go to http://pcwiz.ws/bootrepair.htm.

        If you cannot get the drive to be bootable with the instructions there, you
        should consider investing in a real drive structure recovery tool. The FAT
        version of Drive Clinic can operate remotely, so if you need help, I can
        give you some if we can connect via normal Hayes compatible modems.

        I realize that everyone focusing on Partition Manager is likely to be in
        the low-budget or no-budget category of computer user, and so are NOT
        likely to purchase my products. But the truth is that the products do cost
        money to develop and maintain (the engineer does support a family with
        teenagers), and the pain, suffering, and financial loss they save people
        makes them well-worth the asking price because they do recover
        drives. Also, my file recovery program http://pcwiz.ws/repo2000.htm will
        actually recover lost and deleted NTFS or FAT-based files under Windows via
        the internet. Many of my customers are living on nice incomes from the
        remote recovery jobs they do using my tools.

        Bob Hurt

        At 07:42 AM 3/5/01 +0000, you wrote:
        >I have spent the whole weekend reading hex codes and trying to learn
        >enough about MBR's and FAT etc. to recover my hard disk after Norton
        >antivirus "repaired" my boot sector. I thought I had a virus in a
        >file and did a scan....assumed that NAV would have known about the
        >second disk I installed with Linux on it and consequently modified
        >the boot for my primary Win98SE disk to allow dual boot. In any case
        >the rest is history....funny my Linux disk still works fine.
        >
        >I am attaching the Partition Information output below. Drive 0 is the
        >bad Windows disk....drive 1 is a new 30Gb Maxtor drive that I bought
        >to have as a backup from now on....the Linux disk is not connected
        >for now so you don't see it on the print out. I should point out that
        >the bad disk is also a Maxtor 30Gb (older model). I have been able to
        >get the old disk to boot but it only goes to the C: prompt. I'm stuck
        >at this point...it seems to me that the bad disk is seen as a smaller
        >drive for some reason, just looking at the printout of Partition Info.
        >
        >Here is the output
        >
        >
        >Partition Information Program
        >Oct 08 1999 - DOS32 Version
        >Copyright (c) 1994-1999, PowerQuest Corporation
        >Permission is granted for this utility to be freely copied so long
        >as it is not modified in any way. All other rights are reserved.
        >
        >PowerQuest, makers of PartitionMagic, can be reached at
        > Voice: 801-226-6834 Web site: http://support.powerquest.com
        > Fax: 801-226-8941 Email: help@...
        >
        >
        >=====================================================================
        >
        >Disk 0: 3596 Cylinders, 255 Heads, 63 Sectors/Track.
        >
        >The BIOS supports INT 13h extensions for this drive.
        >
        >========================== Partition Tables =========================
        >
        >Partition -----Begin---- ------End----- Start Num
        >
        >Sector # Boot Cyl Head Sect FS Cyl Head Sect Sect Sects
        >
        >--------- - ---- ---- ---- ---- -- ---- ---- ---- --------- ---------
        >
        > 0 0 80 0 1 1 0C 442 254 63 63 40017852
        >
        >Info: Begin C,H,S values were large drive placeholders.
        >
        >Info: End C,H,S values were large drive placeholders.
        >
        > Actual values are:
        >
        > 0 0 80 0 1 1 0C 2490 254 63 63 40017852
        >
        >
        >
        >=====================================================================
        >
        >Disk 1: 3736 Cylinders, 255 Heads, 63 Sectors/Track.
        >
        >The BIOS supports INT 13h extensions for this drive.
        >
        >========================== Partition Tables =========================
        >
        >Partition -----Begin---- ------End----- Start Num
        >
        >Sector # Boot Cyl Head Sect FS Cyl Head Sect Sect Sects
        >
        >--------- - ---- ---- ---- ---- -- ---- ---- ---- --------- ---------
        >
        > 0 0 80 0 1 1 0C 662 254 63 63 60002712
        >
        >Info: Begin C,H,S values were large drive placeholders.
        >
        >Info: End C,H,S values were large drive placeholders.
        >
        > Actual values are:
        >
        > 0 0 80 0 1 1 0C 3734 254 63 63 60002712
        >
        >
        >======================================================================
        >========
        >Disk 0: 28207.9 Megabytes
        >============================ Partition Information
        >===========================
        >Volume Partition Partition
        >Start Total
        >Letter:Label Type Status Size MB Sector #
        >Sector Sectors
        >------------- --------------- -------- ------- --------- - --------- -
        >--------
        >C:DISK4PART01 FAT32X Pri,Boot 19540.0 0 0 63
        >40017852
        >
        > Free Space Pri 8667.9 None - 40017915
        >17751825
        >
        >
        >======================================================================
        >========
        >Disk 1: 29306.1 Megabytes
        >============================ Partition Information
        >===========================
        >Volume Partition Partition
        >Start Total
        >Letter:Label Type Status Size MB Sector #
        >Sector Sectors
        >------------- --------------- -------- ------- --------- - --------- -
        >--------
        >D:DISK1PART00 FAT32X Pri,Boot 29298.2 0 0 63
        >60002712
        >
        > Free Space Pri 7.8 None -
        >60002775 16065
        >
        >
        >
        >======================================================================
        >==
        >
        >Boot Sector for drive C: (Drive 0, Starting Sector 0x3F, Type: FAT32
        >
        >======================================================================
        >==
        >
        >1. Jump: EB 58 90
        >
        >2. OEM Name: MSWIN4.1
        >
        >3. Bytes Per Sector: 512
        >
        >4. Sectors Per Cluster: 32
        >
        >5. Reserved Sectors: 32
        >
        >6. Number of FAT's: 2
        >
        >7. Reserved: 0x0000
        >
        >8. Reserved: 0x0000
        >
        >9. Media Descriptor: 248
        >
        >10. Sectors Per FAT: 0
        >
        >11. Sectors Per Track: 63 (0x003F)
        >
        >12. Number of Heads: 255 (0x00FF)
        >
        >13. Hidden Sectors: 63 (0x0000003F)
        >
        >14. Big Total Sectors: 40017852 (0x02629FBC)
        >
        >15. Big Sectors Per FAT: 9766
        >
        >16. Extended Flags: 0x0000
        >
        >17. FS Version: 0x0000
        >
        >18. First Cluster of Root: 2 (0x00000002)
        >
        >19. FS Info Sector: 1
        >
        >20. Backup Boot Sector: 6
        >
        >21. Reserved: 000000000000000000000000
        >
        >22. Drive ID: 0x80
        >
        >23. Reserved for NT: 0x00
        >
        >24. Extended Boot Sig: 41
        >
        >25. Serial Number: 0x6ED92D0E
        >
        >26. Volume Name: DISK4PART01
        >
        >27. File System Type: FAT32
        >
        >28. Boot Signature: 0xAA55
        >
        >
        >
        >
        >
        >======================================================================
        >==
        >
        >Boot Sector for drive D: (Drive 1, Starting Sector 0x3F, Type: FAT32
        >
        >======================================================================
        >==
        >
        >1. Jump: EB 58 90
        >
        >2. OEM Name: SSOFT32A
        >
        >3. Bytes Per Sector: 512
        >
        >4. Sectors Per Cluster: 32
        >
        >5. Reserved Sectors: 32
        >
        >6. Number of FAT's: 2
        >
        >7. Reserved: 0x0000
        >
        >8. Reserved: 0x0000
        >
        >9. Media Descriptor: 248
        >
        >10. Sectors Per FAT: 0
        >
        >11. Sectors Per Track: 63 (0x003F)
        >
        >12. Number of Heads: 255 (0x00FF)
        >
        >13. Hidden Sectors: 63 (0x0000003F)
        >
        >14. Big Total Sectors: 60002712 (0x03939198)
        >
        >15. Big Sectors Per FAT: 14642
        >
        >16. Extended Flags: 0x0000
        >
        >17. FS Version: 0x0000
        >
        >18. First Cluster of Root: 2 (0x00000002)
        >
        >19. FS Info Sector: 1
        >
        >20. Backup Boot Sector: 6
        >
        >21. Reserved: 000000000000000000000000
        >
        >22. Drive ID: 0x80
        >
        >23. Reserved for NT: 0x00
        >
        >24. Extended Boot Sig: 41
        >
        >25. Serial Number: 0x33502238
        >
        >26. Volume Name: DISK1PART00
        >
        >27. File System Type: FAT32
        >
        >28. Boot Signature: 0xAA55
        >
        > >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
        >
        >I will really be grateful if someone can help me determine what to do
        >next. I tried using Lost & Found but I could not select the
        >directories I wanted to keep because it kept running out of memory
        >due the large number of files I guess and bypassed the selection
        >screen then wanted to save everything twice.......and so on.
        >
        >Thanks in advance for your help.
        >
        >Cheers,
        >
        >Joseph Dal Molin
        >www.openhealth.com


        ****** bob@... ******
        Bob Hurt, pcwiz inc (ID# 59 367 7863)
        Box 15108, Clearwater, FL 33766
        (727) 446-3402, FAX (727) 443-4377
        ***** http://pcwiz.org *****
        This message and any attachments are confidential and intended solely for those
        to whom they are addressed. Notify the sender if you receive this in error.
        ******************************
      • samuel gutmann
        Hello guys, when a PC boots: 1. BIOS : all kinds off stuff .............. 2. goes to : MBR, (can be fixed with FDISK /MBR ), looks for partitiontable, looks
        Message 3 of 4 , Mar 6, 2001
        • 0 Attachment
          Hello guys,
          when a PC boots:
          1. BIOS : all kinds off stuff ..............
          2. goes to : MBR, (can be fixed with 'FDISK /MBR'), looks for partitiontable,
          looks for IPL to jump to bootsector of the "active Partition"
          3. goes to : bootsector of the "active Partition" and looks up where to go
          from there : FAT, looks for the OS boot-files (for MS Windows that would
          be 'io.sys, msdos.sys) The bootsector gets written or can be fixed by the
          DOS command sys.com, can be written or replaced with Gilles Vollant's
          bootpart "http://www.winimage.com/bootpart.htm or
          http://ourworld.compuserve.com/homepages/gvollant/bootpart.htm
          an other programm would be
        • samuel gutmann
          Sorry guys and gals, the first part got away from me. Hello Joseph , when a PC boots: 1. BIOS : all kinds off stuff .............. 2. goes to : MBR, (can be
          Message 4 of 4 , Mar 7, 2001
          • 0 Attachment
            Sorry guys and gals,
            the first part got away from me.

            Hello Joseph ,
            when a PC boots:
            1. BIOS : all kinds off stuff ..............
            2. goes to : MBR, (can be fixed with 'FDISK /MBR'), looks for partitiontable,
            looks for IPL to jump to bootsector of the "active Partition" (there is an active
            partition, isn't it ? )
            3. goes to : bootsector of the "active Partition" and looks in FAT for the OS
            boot-files (for MS Windows that would be 'io.sys, msdos.sys' ?? ..).
            The bootsector gets written or can be fixed by the
            DOS command sys.com, can be written or replaced with Gilles Vollant's
            bootpart (might not work on W98's)
            http://www.winimage.com/bootpart.htm or
            http://ourworld.compuserve.com/homepages/gvollant/bootpart.htm
            an other programm would be
            http://www.geocities.com/SiliconValley/Lakes/1401/disk2.htm#menu
            STBFP- Save and/ or restore Boot Record, Partition Table, and FAT.
            STBFP(stb.com, stf.com, stp.com): These three small programs save copies of critical hard disk data, without which a hard disk can not function - the boot record, partition table and File Allocation Table. The same programs allow you to compare the current copy of these items with the backup copy, and restore the items from backup, if necessary. (FAT16 only?)
            Free for personal use. Author: Jad Saliba (1997).
            download stbfp20.zip (45K)
            ftp://ftp.simtel.net/pub/simtelnet/msdos/diskutil/stbfp20.zip >>>>> of course
            You would need copies first. """" LEAVE THE >>FAT<< ALONE FOR NOW """""

            >> I have been able to get the old disk to boot but it only goes to the C: prompt.

            If You get to the C: prompt, then most of the above is still working.
            What do the Windows boot/rescue disks do or say ?
            What can You do with the C: prompt: dir ? what does <PATH>/win.com do?
            Did You try the Linux Rescue Disks ? Can You mount the lost partition with it ?
            If yes then it's just a matter of fixing IPL and bootsector. Everybody should have
            Kent Robooti's ramfloppy
            ftp://metalab.unc.edu/pub/Linux/system/recovery /ramf-84.exe 1464kb( check for
            new version). It is easier to use than Linux Rescue Disks, runs without a HDD
            and You can do filemanagement big style incl. gzip. If You can see the partition
            and files with Linux Rescue Disks/ramfloppy it's just a matter to fix booting of
            Windows.
            To access a HDD one needs the last 66 bytes of MBR/EMBR, to access the
            files one needs the FAT. If one boots with diskettes the HDD and files should
            sill be accessible without IPL and bootsector.
            But I doubt You have a real C: prompt: The PC hangs, I can create that situation
            any day with an extended partition marked active, so check that out.
            I also wonder how You installed lilo : maybe You caught the wrong bootsector.
            I am sure NAV did not do anything to the FAT , so the problem should not be to
            hart to fix. If You want me to elaborate on some of the above let me know.
            until next time samuel
          Your message has been successfully submitted and would be delivered to recipients shortly.