Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!sdd.hp.com!zaphod.mps.ohio-state.edu!unix.cis.pitt.edu!dsinc!netnews.upenn.edu!vax1.cc.lehigh.edu!cert.sei.cmu.edu!krvw
From: padgett%tccslr.dnet@uvs1.orl.mmc.com (A. Padgett Peterson)
Newsgroups: comp.virus
Subject: Boot sector viruses on IDE hard disks (PC)
Message-ID: <0014.9104111306.AA01727@ubu.cert.sei.cmu.edu>
Date: 10 Apr 91 20:59:37 GMT
Sender: Virus Discussion List <VIRUS-L@LEHIIBM1>
Lines: 34
Approved: krvw@sei.cmu.edu

>From:    LYNNE@vax.oxford.ac.uk
>
>In the way of preventative measures we think that a solution would be
>to advise our users who are purchasing IDE drives to take several
>backup copies of the boot sector...

I think you are talking about the Master Boot Record (aka Partition Table),
DOS Boot Records are relatively easy to restore & FORMAT works if nothing else.

>Does anyone know of a simple (and optimally free) utility that
>provides a fool-proof mechanism for copying and writing the boot sector?

I use DEBUG to do this all the time - the necessary code fragment is:

     MOV AX,201
     MOV BX,200
     MOV CX,1
     MOV DX,80
     INT 13
     INT 20

After execution, the MBR will reside in locations 200h-3ffh for you to
store in a .DAT file. Restoration just requires changing one byte.

If you want the DOS Boot Record, "L 200 2 0 1" will put that in the same
location.

>As far as curative measures are concerned (where a copy has not
>been taken of the BS) we are stymied! Has anyone any suggestions?

If you have a number of similar machines, all partitioned the same way,
you should find that the MBR and BR are the same between machines (no
guarentees though). A good tech should be able to rebuild a lost MBR in
about 15 minutes if the drive is known & familiar.