![]() |
If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
![]()
When I rolled back my Acronis image of the C: drive, it was a more
current one only weeks old. zmsybe that's why it didn't correct the boot menu - MBR - problem. I was wondering if I rolled my Windows image back to one saved months ago, before this MBR problem happened, do you think the Acronis image would have the old MBR in the saved image? Or does Acronis True Image even save the MBR to an image? I hate the thought of having to reinstall a whole bunch of programs, but it might be worth it if I got my boot menu back? Or do I even know what the hell I'm talking about? |
Ads |
#2
|
|||
|
|||
![]()
Brandon wrote:
When I rolled back my Acronis image of the C: drive, it was a more current one only weeks old. zmsybe that's why it didn't correct the boot menu - MBR - problem. I was wondering if I rolled my Windows image back to one saved months ago, before this MBR problem happened, do you think the Acronis image would have the old MBR in the saved image? Or does Acronis True Image even save the MBR to an image? I hate the thought of having to reinstall a whole bunch of programs, but it might be worth it if I got my boot menu back? Or do I even know what the hell I'm talking about? I think before we get worked into a lather, we sit back for a moment and think about what is loaded on the machine. Some tools, like Paragon Disk Editor, they might boot into their own little OS, when items like C: needed to be edited (change partition size) while WinXP is not running. That's an example of a program which "messes around". Now, it also happens to be pretty good about its messing, and it generally does not damage the things it is dynamically modifying. THey must have tested their stuff. There are other programs with poorer reputations. The very first time they perform their boot trick, they damage stuff. I've had computer installs, where messages from that blasted software shows on the screen while the OS boots, and I can never figure out where the message is coming from. The fun part, is when you load too many of these programs, one of the program "tips over" the stuff another program is using, and there is fallout. Now, I bet your friend Acronis is not immune to this sort of stuff. Backup programs like to install WinPE or WinRE boot materials. You mentioned to Van, that your timer is set to 30 seconds, yet you seem to be chainloading right past boot.ini, and ignoring it. Something is doing that. Now, you have to go back and think about what boot materials are present. boot_flag = 0x80, this is the Active partition +------+--------------------------------------------------+-------------------------+ | MBR | PBR | boot.ini ntldr C: (NTFS say) | | D: Data, dont care | +------+--------------------------------------------------+-------------------------+ When you first commission a disk drive, like as a data drive on your technician machine, the MBR is fitted out with a minimum of stuff. There's a four entry partition table, for defining partitions. But, at that time, there are no boot materials. OK, you pop in the WinXP CD and do an install. One of the steps, is to write 440 bytes of stuff in the MBR. At the end of the code in that 440 bytes, are some text strings. Using "HxD.exe", I can copy these out right now, as we speak. Invalid partition table Error loading operating system Missing operating system "FixMBR" puts the proper 440 bytes back. Notice no famous filenames are present. That's because, the job of the MBR, is partially to identify the partition which is "Active" and has the boot flag. All four primary partitions could have the boot flag set, but by convention, tools try to only write 0x80 into one of the primary partitions. The MBR code tries to find such a partition, and such a marked partition, is next in the boot sequence (for Windows at least). Now, partitions have two roles: 1) A partition can be marked "SYSTEM", which means, it is the partition where booting starts. (Hey, thank you Microsoft for reverse terminology!) 2) The same partition, or a different partition, can be marked as "BOOT" in Disk Management. This is the system partition aka C: . ((Hey, thank you Microsoft for reverse terminology!) OK, where are we right now. We're in the MBR. We're sniffing for "Active". In my fake Disk Management line above, I've marked the very first partition as "Active" via the boot flag. The MBR then jumps to the PBR (partition boot record) in the booting partition. What are the strings down at the end of the PBR ? Let's copy them. On my disk drive, this is at 0x7E00 with respect to the beginning of the disk. NTLDR is missing Disk errorÿ Press any key to restart If I look in NTLDR, I find many many things, including \boot.ini So NTLDR and \boot.ini live on a partition that kicks off the booting process. Boot.ini, has the ARC path, which points at the "BOOT" partition or C: system. In my case, the ARC path points to the very same partition as had NTLDR on it. Now, I have no idea what NTLDR does next. It's 245KB or so, which is huge, and potentially, very very intelligent. I "assume" that since this is the first really large file, that everything after this is magical :-) End of lecture. Booting takes off, and we don't care about anything after this. Now, think of all the opportunities for mischief. Overwrite the MBR. Overwrite the PBR. Overwrite NTLDR. Mess up boot.ini. Mess up materials that come after NTLDR. Now, let's say Acronis wanted to inject its boot loader into your system. We'd then get out our copy of HxD, and start looking for abnormal odds and ends. If we can ascertain that "something" has happened, we're still not panicked. If the software is reputable, the minute it is uninstalled, it puts back the original MBR and PBR and etc. So we try to use the Add/Remove to correct the problem. At this point, we suspect something isn't correct here, but it will take a quick skim with HxD to get some hints. If you happened to remember some warning dialog being put up by one of the fine programs that is installed on the system, that might help too. ******* When this is run as Administrator, it gains access to the raw disk drive. This is a very nice hex editor. https://mh-nexus.de/en/hxd/ Under Extras, is "Open disk". The disks in Disk Management are numbered from 0, so my second disk drive is "Disk 1". Whereas in HxD, the second disk is "Hard Disk 2". If I go to address 0x0, that's the MBR. With MSDOS partitioning, the first sector of the first partition is at 0x7E00. That's what happens to be the PBR on my setup. The partition layout can be just about anything, and yours might not be 0x7E00. If Windows 7 prepared the disk, the offset is a different value (around 0x100000 ?). As long as we don't "save anything" while working like this, there is no real danger to the hard drive. Just take your time. All you're doing, is scrolling and looking at stuff. If you accidentally turn any text "red" in the window, click the "X" in the upper right corner to exit. There are a few brands of computer that work differently than this, but we're not concerned about Dells right now. Are we ??? Paul |
#3
|
|||
|
|||
![]()
On Mon, 24 May 2021 21:02:53 -0400, Paul wrote:
Brandon wrote: When I rolled back my Acronis image of the C: drive, it was a more current one only weeks old. zmsybe that's why it didn't correct the boot menu - MBR - problem. I was wondering if I rolled my Windows image back to one saved months ago, before this MBR problem happened, do you think the Acronis image would have the old MBR in the saved image? Or does Acronis True Image even save the MBR to an image? I hate the thought of having to reinstall a whole bunch of programs, but it might be worth it if I got my boot menu back? Or do I even know what the hell I'm talking about? I think before we get worked into a lather, we sit back for a moment and think about what is loaded on the machine. Some tools, like Paragon Disk Editor, they might boot into their own little OS, when items like C: needed to be edited (change partition size) while WinXP is not running. That's an example of a program which "messes around". Now, it also happens to be pretty good about its messing, and it generally does not damage the things it is dynamically modifying. THey must have tested their stuff. There are other programs with poorer reputations. The very first time they perform their boot trick, they damage stuff. I've had computer installs, where messages from that blasted software shows on the screen while the OS boots, and I can never figure out where the message is coming from. The fun part, is when you load too many of these programs, one of the program "tips over" the stuff another program is using, and there is fallout. Now, I bet your friend Acronis is not immune to this sort of stuff. Backup programs like to install WinPE or WinRE boot materials. You mentioned to Van, that your timer is set to 30 seconds, yet you seem to be chainloading right past boot.ini, and ignoring it. Something is doing that. Now, you have to go back and think about what boot materials are present. boot_flag = 0x80, this is the Active partition +------+--------------------------------------------------+-------------------------+ | MBR | PBR | boot.ini ntldr C: (NTFS say) | | D: Data, dont care | +------+--------------------------------------------------+-------------------------+ When you first commission a disk drive, like as a data drive on your technician machine, the MBR is fitted out with a minimum of stuff. There's a four entry partition table, for defining partitions. But, at that time, there are no boot materials. OK, you pop in the WinXP CD and do an install. One of the steps, is to write 440 bytes of stuff in the MBR. At the end of the code in that 440 bytes, are some text strings. Using "HxD.exe", I can copy these out right now, as we speak. Invalid partition table Error loading operating system Missing operating system "FixMBR" puts the proper 440 bytes back. Notice no famous filenames are present. That's because, the job of the MBR, is partially to identify the partition which is "Active" and has the boot flag. All four primary partitions could have the boot flag set, but by convention, tools try to only write 0x80 into one of the primary partitions. The MBR code tries to find such a partition, and such a marked partition, is next in the boot sequence (for Windows at least). Now, partitions have two roles: 1) A partition can be marked "SYSTEM", which means, it is the partition where booting starts. (Hey, thank you Microsoft for reverse terminology!) 2) The same partition, or a different partition, can be marked as "BOOT" in Disk Management. This is the system partition aka C: . ((Hey, thank you Microsoft for reverse terminology!) OK, where are we right now. We're in the MBR. We're sniffing for "Active". In my fake Disk Management line above, I've marked the very first partition as "Active" via the boot flag. The MBR then jumps to the PBR (partition boot record) in the booting partition. What are the strings down at the end of the PBR ? Let's copy them. On my disk drive, this is at 0x7E00 with respect to the beginning of the disk. NTLDR is missing Disk errorÿ Press any key to restart If I look in NTLDR, I find many many things, including \boot.ini So NTLDR and \boot.ini live on a partition that kicks off the booting process. Boot.ini, has the ARC path, which points at the "BOOT" partition or C: system. In my case, the ARC path points to the very same partition as had NTLDR on it. Now, I have no idea what NTLDR does next. It's 245KB or so, which is huge, and potentially, very very intelligent. I "assume" that since this is the first really large file, that everything after this is magical :-) End of lecture. Booting takes off, and we don't care about anything after this. Now, think of all the opportunities for mischief. Overwrite the MBR. Overwrite the PBR. Overwrite NTLDR. Mess up boot.ini. Mess up materials that come after NTLDR. Now, let's say Acronis wanted to inject its boot loader into your system. We'd then get out our copy of HxD, and start looking for abnormal odds and ends. If we can ascertain that "something" has happened, we're still not panicked. If the software is reputable, the minute it is uninstalled, it puts back the original MBR and PBR and etc. So we try to use the Add/Remove to correct the problem. At this point, we suspect something isn't correct here, but it will take a quick skim with HxD to get some hints. If you happened to remember some warning dialog being put up by one of the fine programs that is installed on the system, that might help too. ******* When this is run as Administrator, it gains access to the raw disk drive. This is a very nice hex editor. https://mh-nexus.de/en/hxd/ Under Extras, is "Open disk". The disks in Disk Management are numbered from 0, so my second disk drive is "Disk 1". Whereas in HxD, the second disk is "Hard Disk 2". If I go to address 0x0, that's the MBR. With MSDOS partitioning, the first sector of the first partition is at 0x7E00. That's what happens to be the PBR on my setup. The partition layout can be just about anything, and yours might not be 0x7E00. If Windows 7 prepared the disk, the offset is a different value (around 0x100000 ?). As long as we don't "save anything" while working like this, there is no real danger to the hard drive. Just take your time. All you're doing, is scrolling and looking at stuff. If you accidentally turn any text "red" in the window, click the "X" in the upper right corner to exit. There are a few brands of computer that work differently than this, but we're not concerned about Dells right now. Are we ??? Paul I'm leaving the total of your post intact in my reply. You put too much work into it to have it "edited" in my reply. What caused all this was my fooling around with some freebie "security" programs awhile back. I started having problems with other 'normal' software around that time. I uninstalled the "security" junk after I realized what was happening. I guess I was too late in realizing that things were already a bit berserk. Anyway, Windows is still working fine, so I'm really not out much. So, I guess I'll just settle for things as they are. Although, I do have one bug in my mind that's bugging me: If I were to recall one of the Acronis C: images made before this happened, would it contain the boot file from that time? Would that straighten things out? Just curious. |
#4
|
|||
|
|||
![]()
Brandon wrote:
On Mon, 24 May 2021 21:02:53 -0400, Paul wrote: Brandon wrote: When I rolled back my Acronis image of the C: drive, it was a more current one only weeks old. zmsybe that's why it didn't correct the boot menu - MBR - problem. I was wondering if I rolled my Windows image back to one saved months ago, before this MBR problem happened, do you think the Acronis image would have the old MBR in the saved image? Or does Acronis True Image even save the MBR to an image? I hate the thought of having to reinstall a whole bunch of programs, but it might be worth it if I got my boot menu back? Or do I even know what the hell I'm talking about? I think before we get worked into a lather, we sit back for a moment and think about what is loaded on the machine. Some tools, like Paragon Disk Editor, they might boot into their own little OS, when items like C: needed to be edited (change partition size) while WinXP is not running. That's an example of a program which "messes around". Now, it also happens to be pretty good about its messing, and it generally does not damage the things it is dynamically modifying. THey must have tested their stuff. There are other programs with poorer reputations. The very first time they perform their boot trick, they damage stuff. I've had computer installs, where messages from that blasted software shows on the screen while the OS boots, and I can never figure out where the message is coming from. The fun part, is when you load too many of these programs, one of the program "tips over" the stuff another program is using, and there is fallout. Now, I bet your friend Acronis is not immune to this sort of stuff. Backup programs like to install WinPE or WinRE boot materials. You mentioned to Van, that your timer is set to 30 seconds, yet you seem to be chainloading right past boot.ini, and ignoring it. Something is doing that. Now, you have to go back and think about what boot materials are present. boot_flag = 0x80, this is the Active partition +------+--------------------------------------------------+-------------------------+ | MBR | PBR | boot.ini ntldr C: (NTFS say) | | D: Data, dont care | +------+--------------------------------------------------+-------------------------+ When you first commission a disk drive, like as a data drive on your technician machine, the MBR is fitted out with a minimum of stuff. There's a four entry partition table, for defining partitions. But, at that time, there are no boot materials. OK, you pop in the WinXP CD and do an install. One of the steps, is to write 440 bytes of stuff in the MBR. At the end of the code in that 440 bytes, are some text strings. Using "HxD.exe", I can copy these out right now, as we speak. Invalid partition table Error loading operating system Missing operating system "FixMBR" puts the proper 440 bytes back. Notice no famous filenames are present. That's because, the job of the MBR, is partially to identify the partition which is "Active" and has the boot flag. All four primary partitions could have the boot flag set, but by convention, tools try to only write 0x80 into one of the primary partitions. The MBR code tries to find such a partition, and such a marked partition, is next in the boot sequence (for Windows at least). Now, partitions have two roles: 1) A partition can be marked "SYSTEM", which means, it is the partition where booting starts. (Hey, thank you Microsoft for reverse terminology!) 2) The same partition, or a different partition, can be marked as "BOOT" in Disk Management. This is the system partition aka C: . ((Hey, thank you Microsoft for reverse terminology!) OK, where are we right now. We're in the MBR. We're sniffing for "Active". In my fake Disk Management line above, I've marked the very first partition as "Active" via the boot flag. The MBR then jumps to the PBR (partition boot record) in the booting partition. What are the strings down at the end of the PBR ? Let's copy them. On my disk drive, this is at 0x7E00 with respect to the beginning of the disk. NTLDR is missing Disk errorÿ Press any key to restart If I look in NTLDR, I find many many things, including \boot.ini So NTLDR and \boot.ini live on a partition that kicks off the booting process. Boot.ini, has the ARC path, which points at the "BOOT" partition or C: system. In my case, the ARC path points to the very same partition as had NTLDR on it. Now, I have no idea what NTLDR does next. It's 245KB or so, which is huge, and potentially, very very intelligent. I "assume" that since this is the first really large file, that everything after this is magical :-) End of lecture. Booting takes off, and we don't care about anything after this. Now, think of all the opportunities for mischief. Overwrite the MBR. Overwrite the PBR. Overwrite NTLDR. Mess up boot.ini. Mess up materials that come after NTLDR. Now, let's say Acronis wanted to inject its boot loader into your system. We'd then get out our copy of HxD, and start looking for abnormal odds and ends. If we can ascertain that "something" has happened, we're still not panicked. If the software is reputable, the minute it is uninstalled, it puts back the original MBR and PBR and etc. So we try to use the Add/Remove to correct the problem. At this point, we suspect something isn't correct here, but it will take a quick skim with HxD to get some hints. If you happened to remember some warning dialog being put up by one of the fine programs that is installed on the system, that might help too. ******* When this is run as Administrator, it gains access to the raw disk drive. This is a very nice hex editor. https://mh-nexus.de/en/hxd/ Under Extras, is "Open disk". The disks in Disk Management are numbered from 0, so my second disk drive is "Disk 1". Whereas in HxD, the second disk is "Hard Disk 2". If I go to address 0x0, that's the MBR. With MSDOS partitioning, the first sector of the first partition is at 0x7E00. That's what happens to be the PBR on my setup. The partition layout can be just about anything, and yours might not be 0x7E00. If Windows 7 prepared the disk, the offset is a different value (around 0x100000 ?). As long as we don't "save anything" while working like this, there is no real danger to the hard drive. Just take your time. All you're doing, is scrolling and looking at stuff. If you accidentally turn any text "red" in the window, click the "X" in the upper right corner to exit. There are a few brands of computer that work differently than this, but we're not concerned about Dells right now. Are we ??? Paul I'm leaving the total of your post intact in my reply. You put too much work into it to have it "edited" in my reply. What caused all this was my fooling around with some freebie "security" programs awhile back. I started having problems with other 'normal' software around that time. I uninstalled the "security" junk after I realized what was happening. I guess I was too late in realizing that things were already a bit berserk. Anyway, Windows is still working fine, so I'm really not out much. So, I guess I'll just settle for things as they are. Although, I do have one bug in my mind that's bugging me: If I were to recall one of the Acronis C: images made before this happened, would it contain the boot file from that time? Would that straighten things out? Just curious. It would, because it would replace the MBR, the boot partition, the system partition, and so on. On OSes that use a "boot track", such as Linux, it backs that up too. The people who write the backup software, sit down and draw those diagrams I try to draw, and they know exactly what sectors need a backup. It's only when you "drag and drop" a single partition, that defeats their logic. If you do "complete restores", then they tend to everything for you. That's the only warning I would give about backup/restore. Sometimes, it is necessary to restore a single partition at a time, but if you do that, the backup tool makes it your responsibility to click a button later for "boot repair". If on the other hand, you restore everything in the backup set, that increases the odds they will do all the work for you. On WinXP, examples of repair tools are "FixMBR" and "FixBoot". These are not available in the running OS, and can only be run from the WinXP CD. FixMBR fixes the 440 byte MBR area. FixBoot reloads the PBR boot code. The names of these tools changed on Vista or later. HTH, Paul |
#5
|
|||
|
|||
![]() What about repair boot on the Macrium Reflect PE etc disk generated by Macrium Reflect ? Paul wrote: Brandon wrote: On Mon, 24 May 2021 21:02:53 -0400, Paul wrote: Brandon wrote: When I rolled back my Acronis image of the C: drive, it was a more current one only weeks old. zmsybe that's why it didn't correct the boot menu - MBR - problem. I was wondering if I rolled my Windows image back to one saved months ago, before this MBR problem happened, do you think the Acronis image would have the old MBR in the saved image?Â* Or does Acronis True Image even save the MBRÂ* to an image? I hate the thought of having to reinstall a whole bunch of programs, but it might be worth it if I got my boot menu back? Or do I even know what the hell I'm talking about? I think before we get worked into a lather, we sit back for a moment and think about what is loaded on the machine. Some tools, like Paragon Disk Editor, they might boot into their own little OS, when items like C: needed to be edited (change partition size) while WinXP is not running. That's an example of a program which "messes around". Now, it also happens to be pretty good about its messing, and it generally does not damage the things it is dynamically modifying. THey must have tested their stuff. There are other programs with poorer reputations. The very first time they perform their boot trick, they damage stuff. I've had computer installs, where messages from that blasted software shows on the screen while the OS boots, and I can never figure out where the message is coming from. The fun part, is when you load too many of these programs, one of the program "tips over" the stuff another program is using, and there is fallout. Now, I bet your friend Acronis is not immune to this sort of stuff. Backup programs like to install WinPE or WinRE boot materials. You mentioned to Van, that your timer is set to 30 seconds, yet you seem to be chainloading right past boot.ini, and ignoring it. Something is doing that. Now, you have to go back and think about what boot materials are present. Â*Â*Â*Â*Â*Â*Â*Â*Â*Â* boot_flag = 0x80, this is the Active partition +------+--------------------------------------------------+-------------------------+ |Â* MBR | PBR |Â* boot.ini ntldr C: (NTFS say)Â*Â*Â*Â*Â*Â*Â*Â*Â*Â*Â*Â*Â* |Â*Â*Â* | D: Data, dont care | +------+--------------------------------------------------+-------------------------+ When you first commission a disk drive, like as a data drive on your technician machine, the MBR is fitted out with a minimum of stuff. There's a four entry partition table, for defining partitions. But, at that time, there are no boot materials. OK, you pop in the WinXP CD and do an install. One of the steps, is to write 440 bytes of stuff in the MBR. At the end of the code in that 440 bytes, are some text strings. Using "HxD.exe", I can copy these out right now, as we speak. Â*Â*Â* Invalid partition table Â*Â*Â* Error loading operating system Â*Â*Â* Missing operating system "FixMBR" puts the proper 440 bytes back. Notice no famous filenames are present. That's because, the job of the MBR, is partially to identify the partition which is "Active" and has the boot flag. All four primary partitions could have the boot flag set, but by convention, tools try to only write 0x80 into one of the primary partitions. The MBR code tries to find such a partition, and such a marked partition, is next in the boot sequence (for Windows at least). Now, partitions have two roles: 1) A partition can be marked "SYSTEM", which means, it is the Â*Â*Â* partition where booting starts. (Hey, thank you Microsoft for Â*Â*Â* reverse terminology!) 2) The same partition, or a different partition, can be marked Â*Â*Â* as "BOOT" in Disk Management. This is the system partition aka C: . Â*Â*Â* ((Hey, thank you Microsoft for reverse terminology!) OK, where are we right now. We're in the MBR. We're sniffing for "Active". In my fake Disk Management line above, I've marked the very first partition as "Active" via the boot flag. The MBR then jumps to the PBR (partition boot record) in the booting partition. What are the strings down at the end of the PBR ? Let's copy them. On my disk drive, this is at 0x7E00 with respect to the beginning of the disk. Â*Â*Â* NTLDR is missing Â*Â*Â* Disk errorÿ Â*Â*Â* Press any key to restart If I look in NTLDR, I find many many things, including Â*Â*Â* \boot.ini So NTLDR and \boot.ini live on a partition that kicks off the booting process. Boot.ini, has the ARC path, which points at the "BOOT" partition or C: system. In my case, the ARC path points to the very same partition as had NTLDR on it. Now, I have no idea what NTLDR does next. It's 245KB or so, which is huge, and potentially, very very intelligent. I "assume" that since this is the first really large file, that everything after this is magical :-) End of lecture. Booting takes off, and we don't care about anything after this. Now, think of all the opportunities for mischief. Overwrite the MBR. Overwrite the PBR. Overwrite NTLDR. Mess up boot.ini. Mess up materials that come after NTLDR. Now, let's say Acronis wanted to inject its boot loader into your system. We'd then get out our copy of HxD, and start looking for abnormal odds and ends. If we can ascertain that "something" has happened, we're still not panicked. If the software is reputable, the minute it is uninstalled, it puts back the original MBR and PBR and etc. So we try to use the Add/Remove to correct the problem. At this point, we suspect something isn't correct here, but it will take a quick skim with HxD to get some hints. If you happened to remember some warning dialog being put up by one of the fine programs that is installed on the system, that might help too. ******* When this is run as Administrator, it gains access to the raw disk drive. This is a very nice hex editor. Â*Â*Â* https://mh-nexus.de/en/hxd/ Under Extras, is "Open disk". The disks in Disk Management are numbered from 0, so my second disk drive is "Disk 1". Whereas in HxD, the second disk is "Hard Disk 2". If I go to address 0x0, that's the MBR. With MSDOS partitioning, the first sector of the first partition is at 0x7E00. That's what happens to be the PBR on my setup. The partition layout can be just about anything, and yours might not be 0x7E00. If Windows 7 prepared the disk, the offset is a different value (around 0x100000 ?). As long as we don't "save anything" while working like this, there is no real danger to the hard drive. Just take your time. All you're doing, is scrolling and looking at stuff. If you accidentally turn any text "red" in the window, click the "X" in the upper right corner to exit. There are a few brands of computer that work differently than this, but we're not concerned about Dells right now. Are we ??? Â*Â*Â* Paul I'm leaving the total of your post intact in my reply.Â* You put too much work into it to have it "edited" in my reply. What caused all this was my fooling around with some freebie "security" programs awhile back.Â* I started having problems with other 'normal' software around that time. I uninstalled the "security" junk after I realized what was happening. I guess I was too late in realizing that things were already a bit berserk. Anyway, Windows is still working fine, so I'm really not out much. So, I guess I'll just settle for things as they are. Although, I do have one bug in my mind that's bugging me: If I were to recall one of the Acronis C: images made before this happened, would it contain the boot file from that time?Â* Would that straighten things out?Â* Just curious. It would, because it would replace the MBR, the boot partition, the system partition, and so on. On OSes that use a "boot track", such as Linux, it backs that up too. The people who write the backup software, sit down and draw those diagrams I try to draw, and they know exactly what sectors need a backup. It's only when you "drag and drop" a single partition, that defeats their logic. If you do "complete restores", then they tend to everything for you. That's the only warning I would give about backup/restore. Sometimes, it is necessary to restore a single partition at a time, but if you do that, the backup tool makes it your responsibility to click a button later for "boot repair". If on the other hand, you restore everything in the backup set, that increases the odds they will do all the work for you. On WinXP, examples of repair tools are "FixMBR" and "FixBoot". These are not available in the running OS, and can only be run from the WinXP CD. FixMBR fixes the 440 byte MBR area. FixBoot reloads the PBR boot code. The names of these tools changed on Vista or later. HTH, Â*Â*Â* Paul |
#6
|
|||
|
|||
![]()
Aoli wrote:
What about repair boot on the Macrium Reflect PE etc disk generated by Macrium Reflect ? Under normal circumstances, where we understand what's going on, the Boot Repair on the Macrium CD is excellent for this stuff. However, in this case, we don't understand the exploit mechanism, or, what will happen if we attempt to correct it. Maybe it works, and works fine. I would feel bad though, if the OP could no longer boot and it was my fault :-) Since the system is running, you can debug to your hearts content with HxD, and try and figure out what the security products have done to affect this. Sure, paving over it is fun. Will it stay paved over ? That depends on your "opponent". Any time someone or something is fouling up a machine, you really don't know what happens next. Betting odds say you're right about this, and I'm worried about nothing. However, if the security software loads a Startup Item, it could pave it over as revenge. Paul |
Thread Tools | |
Display Modes | |
|
|