A short while ago I found my USB HDD was detected as being infected with a virus by McAfee. I surmised that it was the USB HDD as it the virus alert only ever appeared when it was connected to the Laptop running McAfee. AVG Free didn’t detect the virus. Now it was quite interesting behaviour as the infected application would come up as a random file on the C drive and sometimes a more innocuous file name. For example: ‘C:\…\jqs.exe’ (a Java 6 executable) and also ‘**\WMIPRVSE.EXE’. These files weren’t actually infected and cleaning the file(s) infected via the McAfee console did nothing and the virus alert kept coming.
The Trojan that was detected was a ‘StealthMBR!mbr’ virus. So by the very nature of its name it appeared the Master Boot Record was infected. A quick Google search showed that the MBR could be repaired using the Recovery Console from XP installation disk ad the FIXMBR command.
I backed up the files on the HDD (175 GB! A scan on the backed up files showed no viruses) and then proceeded to repair the MBR. Quite simple and quick. you just boot up a system with the XP installation disk and hit R for the Recovery Console. You will need the administrator password of the system you are on in order to run the RC. I used DISKPART to detect the device name of the USB HDD; just make sure you don’t delete any partition or you will lose your existing data!
So with everything I needed, I ran FIXMBR \DEVICE\HARDDISK1 on the infected drive and then Y and enter to proceed with the repair. Half a nanosecond later the MBR was repaired (I ran it a second time just to be sure) and I then tested on the Laptop with McAfee. So far so good – no alerts and no data loss.