You can tell how long someone has been around computers by mentioning “FDISK” and seeing if you’re met with a blank stare. Not many people remember FDISK. But for those that do, that knowledge can still come in handy today.
Two weeks ago, I was packing my bags to head for the airport when my son told me his laptop was no longer working. Indeed, it wouldn’t boot; following the BIOS check (what some of you may remember as the POST, or Power-On Self-Test), it briefly displayed a Dell MediaDirect screen and then blue-screened. I rebooted, pressed F2, and ran the onboard diagnostics, and the hardware checked out fine. Suspecting that the master boot record (MBR) had been altered to point to the wrong partition, I attempted, unsucessfully, to boot from an old PartitionMagic CD. Because I was running out of time and didn’t want my son to be without his laptop for a week, I dropped by the local Best Buy and left the laptop with the Geek Squad.
The Geek Squad called while I was away and informed me that the laptop had 187 pieces of malware on it and that the hard disk had been corrupted. They ended up charging me–in advance–more than $300 for a system diagnostics run, a hard disk backup, and an OS restore from the original Vista CD.
I picked up the laptop from Best Buy this morning and plugged it in to see what files had been lost. At least I tried to plug it in–turns out the Geek Squad had given me the wrong AC adapter. So I borrowed the AC adapter from my daughter’s laptop, only to discover that my son’s laptop wouldn’t boot. Every attempt was met by the same BSOD as before.
After another trip to Best Buy because the Geek Squad wouldn’t answer their phone, I got most of my money refunded and Geek Squad is buying me a new AC adapter. (The original was nowhere to be found; evidently they had sent it home with someone else.)
So I decided to fix the laptop myself. I was able to boot from a Vista CD but Vista’s automatic repair didn’t work. For a couple of hours, I tried a lot of different things, including a bootable Linux utility that checks your MBR, scans all your files for viruses, etc. The only issue it reported was an inability to read the boot record, which for a while had me thinking that the hard disk’s critical first sector might simply have gone bad.
Long story short, a Web search turned up information about a Vista utility named DISKPART that you can get to from the command line when you boot from a Vista CD. DISKPART is the modern-day version of DOS’s FDISK, and I didn’t even know it existed. It allowed me to examine the partition table and even though it didn’t make it clear which partition was the active (boot) partition, on a hunch I used DISKPART’s ACTIVE command to make the Vista partition the active partition and the PC booted up just fine! Years ago, I wrote an article in PC Magazine about master boot records and partition tables and all that. I don’t remember half of what I wrote, but I remembered just enough to get DISKPART to do what I needed it to do.
Of course, that begs the question of how the MBR got altered in the first place. I suspect (although I haven’t proven yet) that it was a nasty boot-sector or rootkit virus. I’ve never run anti-virus tools on my PCs, in part because I know how to avoid viruses and have taught my wife and kids how to do the same. But just before his laptop became unbootable, my son brought home a memory stick containing a file that his teacher had copied for him off her PC. Sure enough, I scanned the memory stick and it was infected.
I have since downloaded AVG Free–an awesome free anti-virus tool–and installed it on my family’s computers. Given that kids are from time to time going to be given files by their teachers and required to open them, and knowing that computers in public schools are like Petri dishes for malware, it makes sense to apply a little preventative medicine. I also discovered a cool Web site named Virus Total that lets you upload files and have them scanned for viruses using dozens of different anti-virus tools.
In the end, all is well: my son’s laptop is working again and all it cost me was a day’s work. But should I ever be so lucky as to get my hands around the neck of one of the cowards who write viruses that cost real people real time and real money, I’ll make waterboarding seem harmless in comparison.
Microsoft Azure and Amazon Web Services (AWS) are two of the most popular cloud platforms.…
Cloud management is difficult to do manually, especially if you work with multiple cloud…
Azure’s scalable infrastructure is often cited as one of the primary reasons why it's the…
https://www.youtube.com/watch?v=wDzCN0d8SeA Watch our "Unlocking the Power of AI in your Software Development Life Cycle (SDLC)"…
FinOps is a strategic approach to managing cloud costs. It combines financial management best practices…
Using Kubernetes with Azure combines the power of Kubernetes container orchestration and the cloud capabilities…
View Comments
PingBack from http://best-buy.fastblognews.com/2009/01/22/jeff-prosises-blog-blast-from-the-past-how-son-of-fdisk-saved/
Jeff,
Don't give up - anti virus is a total waste of time.
1. Don't allow your son to run with Admin rights. He would not have been able to write the MBR no matter how many times he ran that virus from the USB drive.
2. Check and see if AVG would have done any good. I think you will find that it would not have stopped anything - the double click on the virus EXE would still have executed the malicious code.
Do more than just educate. Better yet, educate them that they should reserve the Administrator account for administration tasks, such as installing software. And run as a normal user otherwise.
I have been doing this since the NT 4.0 days, and it has not failed me once. In fact, UAC means nothing to me, except that I have to change the default setting to "always fail - no UAC prompts", which is what it SHOULD be out of the box.
Jeff - forgot to mention.
Diskpart if wonderful. You can work on USB drives. Creating a bootable USB version of Vista, 7, or Server2008 is just a few commands in diskpart, then copy files from CD. I bought a bunch of 4Gb USB sticks and have the OS's on each one.
The next thing you should discover (following the path I went through) is the excellent backup/restore utility in Server 2008, Vista, and 7. You can snap a disk image to an external drive, then restore in incrediably short time booting with the USB stick (mentioned above) and the backup image. I recovered a Domain Controller in 10 minutes this way.
You sound like an old timer (like myself). Well, some of the things we learned are no longer true. The old days are gone and some things are much easier now.
My son runs Vista with UAC on. My guess is that he got the UAC prompt and clicked OK. That's the problem with UAC: it works fine if the user is a savvy one, but is marginal otherwise.
The thing that impressed me about AVG is that the moment I plugged the infected USB drive in, it popped up a dialog with a warning about the nasty stuff on the drive.
You're right, though, that I should have restricted the account that my son logs in with. That's always a bit of a pain since some software doesn't run properly as a non-admin (one of John Robbins' pet peeves, and rightly so), but in this case, it would have saved me a lot of pain. I'll make that change today!