Norton warning Boot Record has changed?

Discussion in 'other anti-virus software' started by licketykitten, Oct 2, 2002.

Thread Status:
Not open for further replies.
  1. licketykitten

    licketykitten Registered Member

    Joined:
    Jul 5, 2002
    Posts:
    11
    Location:
    Beautiful British Columbia
    Hello....

    I just ran my Norton Antivirus and i got the warning "Boot Record has changed since inoculation.. if the change was not expected choose Repair".

    Well.. the change was NOT expected :doubt:

    There are now two bootlog files on my C:\drive... bootlog.txt and bootlog.prv.

    The bootlog.prv file contains entries such as
    [000DED7B] Loading Device = C:\WINDOWS\HIMEM.SYS

    The bootlog.txt file contains all the same entries, just the starting numbers-in-brackets are different... ie. the Loading Himem.sys entry reads:
    [000E1376] Loading Device = C:\WINDOWS\HIMEM.SYS

    Is this... a problem... do you supposeo_O Shall i "repair" per Norton's suggestion... or not... or repair and do some further checking?

    I run Win98 on a Compaq 333mhz (not a pentium), i haven't been using the net much over the past several months so i sort of let my virus updates slip, i don't have a trojan-checker (yet!) and... ok... i admit it... i've been running without my firewall (which is Zonealarm). So.... my own fault! Snapdragin has already sufficiently chastised me :rolleyes: and she would have helped but doesn't run Norton or use Zonealarm so she suggested i ask you fine folks if you'd be so kind as to provide this wayward soul with a bit of insight here...

    Thanks so much....
     
  2. controler

    controler Guest

    Greetings licketykitten :D

    Can I ask a couple questions?
    Did you or anyone you know just to a recovery of some kind to the hard drive? Such as replaceing files via a backup program or even just
    rerunning your Windows CD? Norton don't like that at all.
    It is always best to uninstall Norton before such feats. So, if you have not done any of these things, you probley either have a hard drive going bad or a virus. Sounds like the machine is old enough to have the drive going bad. If you know how to reformat, that will tell you if the drive is going bad.
    It will also help to supply as much info as possiable here ;)
    and someone will help you.
     
  3. Technodrome

    Technodrome Security Expert

    Joined:
    Feb 13, 2002
    Posts:
    2,140
    Location:
    New York
    Try to run defragmenter! See if it helps! If you decided to defragment your HD, then make sure you do it in "Safe Mode"!


    Technodrome
     
  4. root

    root Registered Member

    Joined:
    Feb 19, 2002
    Posts:
    1,723
    Location:
    Missouri, USA
    I'm guessing here, so don't believe this is gospel.
    Bootlog.prv is probably a backup file of bootlog.txt. The difference you see in the bracketed spaces is different addresses in memory used, I think. Not an indication of anything wrong.
    My suggestion to you would be to go to Kaspersky, here, http://www.scandsecure.com/35/
    and download the proper version for your machine. Don't forget to download the trial key at the top of the page.
    Install it and apply the key. Download the updated visus base, and run a scan on all files on your computer.
    I trust Kaspersky to find a boot virus or any other virus if you have one.
    Please keep us informed.
     
  5. Technodrome

    Technodrome Security Expert

    Joined:
    Feb 13, 2002
    Posts:
    2,140
    Location:
    New York
    Bootlog.prv is previous windows startup log file which records the progress of the previous Windows startup process... ;)


    Technodrome
     
  6. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,838
    Location:
    New England
    Also, it not not automatically a given that the specific copies of Bootlog.txt (the last generated boot log file) and Bootlog.prv (the previous one before that, which could have been months earlier) are necessarily both recent. Boot logs are created: 1. when you set logging on your boot, or 2. when the previous boot fails, a log is produced just the very next time.

    But, I tend to agree with either the hard drive failing (old system) or the possible MBR resident virus ideas. In any case, updating the Norton virus defs and doing a full scan would be worth doing. I'm hoping that licketykitten has maintained their annual subscription (license) to get virus updates from Norton.

    Also, doing an online scan with say the Panda Scanner linked from here: http://www.wilders.org/free_services.htm would be a good cross verification.
     
  7. FanJ

    FanJ Guest

    Guys,

    I was thinking that NAV does protect your MBR.....
     
  8. root

    root Registered Member

    Joined:
    Feb 19, 2002
    Posts:
    1,723
    Location:
    Missouri, USA
    I think it does, FanJ. I was just suggesting KAV as a second test to verify the presence of anything funny going on.
    Its just a personal choice for me as a solid backup check. I use DrWeb now, but I think KAV has a proven track record and would be reliable in a case like this.
    As an aside, RegRun I think is a great program to have when something like this pops up. FWIW. :)
     
  9. FanJ

    FanJ Guest

    Hi Root,

    I fully agree with you ;)
    (I do use KAV as one of my AV's, and also RegRun ;)).
     
  10. licketykitten

    licketykitten Registered Member

    Joined:
    Jul 5, 2002
    Posts:
    11
    Location:
    Beautiful British Columbia
    OH my gosh you guys! You're wonderful!

    Now be patient with me, it will take me a couple days or so to go over and attempt to implement your various solutions... but i will get back to you and let you know how it goes....

    No, i didn't recently make any system changes that could have confused Norton...

    If worst comes to worst... what i have is a Compaq, it doesn't come with a Windows CD, it came with it's own formatting CD that contains the windows files... and i can use it to "restore my system to its original factory settings"... would this... guarantee... that any nasties i might have picked up... would be vanquished?

    Before i take such a step though, i'll do the panda thing, defrag, etc etc etc as suggested... Might as well see if i can learn something from all this eh *s* And maybe if i'm lucky my drive really will be going bad and i'll have justification for buying me a nicer newer model ;)

    Again... thanks for your help... i'm overwhelmed!
     
  11. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,838
    Location:
    New England
    Best of luck then licketykitten and we'll all be here when you get back. :)
     
  12. licketykitten

    licketykitten Registered Member

    Joined:
    Jul 5, 2002
    Posts:
    11
    Location:
    Beautiful British Columbia
    ok... i did a full scan with both and updated Norton scan and the Panda service... came up clean. Did a thorough scandisk... no bad sectors to report. Next to go trojan-hunting... (hoping she can get the Trojan Hunter program that Snap suggested, operational... ~cracks knuckles and sets down to install and configure~)

    root your explanation i like a lot... especially the part about "not necessarily an indication of anything wrong" :)
     
  13. controler

    controler Guest

    I guess I was just trying in a long way to explain that Norton does protect the Master Boot Record.
    If you did a recovery your norton would give a red screen warning of possiable virus. You then select to cintuine or not.
    If you did another form of restore from abcakup, the same would happen.
     
  14. FanJ

    FanJ Guest

    Hi Controler,

    Sort of confirmation:

    I recently uninstalled NAV2000 to try a newer version.
    My Integrity Checker ADInf32 Pro warned me after the uninstallation about a change in size in the boot sector (and warned me for a possible boot-virus). Well, there wasn't any boot-virus.
     
  15. licketykitten

    licketykitten Registered Member

    Joined:
    Jul 5, 2002
    Posts:
    11
    Location:
    Beautiful British Columbia
    OK. well it's a relief to know i've successfully been practicing "safe surfing"... no virii, no trojans. I've scandisk'd and defragged and all seems fine...

    Now... do i ignore Norton's warning and just carry on using the current bootlog... or do i go with Norton's suggested "repair"... (i'm thinking... it don't look too broke... so maybe best not to "fix" it??)

    Controller can i ask you a question? The only thing i haven't done so far is reformat. I assume you mean totally reformat my hard drive?? Would it be appropriate to just use the "quick restore CD and return my Compaq to it's original factory settings"? Or actually go in and reformat C:\ ? Also i might mention my hard drive is partitioned (unnecessarily and i've been meaning to put it all back together again... )... would you recommend i unpartition the hard drive, reformat C:/ , and reinstall Windows? ~nervous now~ lol ... I wonder what sort of information i'd be able to glean from doing this... you suggest it would help tell if my hard drive was indeed beginning to fail.... since scandisk doesn't report any bad sectors... do you still think it would be useful to proceed with reformat? Sorry for my wordy question.... i get verbose when uncomfortable with beyond-me computer maintenance proceedings.. lol.. Anyhow.. if you have any more input i'd be glad to hear it... :)
     
  16. root

    root Registered Member

    Joined:
    Feb 19, 2002
    Posts:
    1,723
    Location:
    Missouri, USA
    Can she do an fdisk /mbr here?
    Just a thought.
     
  17. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,838
    Location:
    New England
    Microsoft's take on fdisk /mbr - An oldie but a goodie...

    http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q69013&

    Or, if nothing is really wrong, having confirmed that with a couple virus scans now, how about just having Norton reset it's validation information for the current MBR? Since I have never being a Norton user, I don't know how you tell NAV to re-read the MBR and save the current state.
     
  18. controler

    controler Guest

    Hi

    Those restore Cd's put allot of extra garbage on your system.
    But some offer to reformat and only install your operating system.
    All companies seem to do it a bit different. If you don't have a Windows CD, then you will need to do their format restore.
    What I find nice about HP's new PC's is they supply both the restore CD's and the Windows OS CD also. They also allow booting straight from the CD so a floppy drive isn't needed.
    True all your extra software is on those restore CD's like Works, ect
    HP does however install some spyware with its restore CD's
    FDISKING and Reformatting is a bit spooky at first but fater that it is FUN :D
    Some hard cores will re-flash their BIOS before and reformat ;)
    leaving nothing to remnant viruses.
     
  19. licketykitten

    licketykitten Registered Member

    Joined:
    Jul 5, 2002
    Posts:
    11
    Location:
    Beautiful British Columbia
    oh controler, you are not kidding... i've used my restore cd before and i swear it takes longer to *unload* all the useless programs it installs, than it does to reload all the good stuff i want! So i'll put it off for a bit, until something really wonky happens to my system.

    LowWaterMark i'm not sure but i think Norton gives me the option to accept the current bootlog... i'll have to re-run it and see... otherwise i'll take the plunge and let Norton restore the old bootlog. (At which point i'll probably be plugging in the restore cd :rolleyes: )

    root thanks for the suggestion re: fdisk... i'll read that article LWM posted more closely and contemplate giving it a go.

    OK folks, i think i'm set! Thanks again for all the assistance! :)
     
  20. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,838
    Location:
    New England
    Best of luck licketykitten !!

    At least you're not afraid to do it and if you have to restore, you sound like you can do it without a problem.

    Think of it as an adventure!! :D :D
     
Loading...
Thread Status:
Not open for further replies.