1 Topic by West Swan

  • West Swan
  • New member
  • Offline
  • Registered: 2012-07-29
  • Posts: 3

Topic: I want to delete the Boot Sector

Hello,

My first post.  I searched for this information but couldn't find it.  Please be nice :-)

I recently had a virus on my laptop and paid someone $100 to remove it.  IT returned and after a lot of googling, I identified it as a boot sector virus.

Ok, so I backed up all my personal files onto an external drive and I have all my installation dvds etc for Windows 7 and Office and Antivirus yada yada.

I then used the GParted Live CD to delete the existing partitions including HP recovery partition etc etc to just have unallocated space.  This was intentional.

My question is whether this has also deleted the boot record and MBR?

If not, then should I create a new partition table in something other than msdos and apply it before going back and creating an msdos partition table?

Once I have done all this, I will clean install W7.

Regards,

Paul

2 Reply by class413

  • class413
  • Moderator
  • Offline
  • Registered: 2007-05-25
  • Posts: 2,376

Re: I want to delete the Boot Sector

Hello Paul.
Deleting the partitions simply deletes the partition pointers to the partition table. It doesn't erase the boot code (that is part of the whole mbr).

The following command from the Linux terminal window as root will erase the mbr

sudo dd if=/dev/zero of=/dev/sda bs=512 count=1

This will erase the first sector (512 bytes) of the hard drive /dev/sda .
Be sure that this is the right drive to erase!  So, keep your external backup drive disconnected, to avoid any bad error.

To erase anything before the (former) first partition of the drive, located at the 1st MiB, you can erase 2048 sectors:
This is for the case a virus used that area to store any info.

sudo dd if=/dev/zero of=/dev/sda bs=512 count=2048

After that, you can create a new partition table (msdos type, for windows7).

Creating a new partition table usually replaces the mbr content. In some cases it has been more efficient to erase the mbr or the fist few MiBs of the drive using the above commande.
In some rare cases, the solution was to wipe out the entire hard drive (is was related to some advanced system configurations that could store info out of the partitions, I don't think that it is your case).

*** It is highly recommended to backup any important files before doing resize/move operations. ***

3 Reply by West Swan

  • West Swan
  • New member
  • Offline
  • Registered: 2012-07-29
  • Posts: 3

Re: I want to delete the Boot Sector

Hi Class413,

Thank you for that.

I'm guessing there is no way of doing it from the GUI right?

I don't like the Command Prompt (one of the main reasons I didn't stick with Linux a few years back)

But this is a one off and as I can't do anything wrong provided no external drive is plugged in, hopefully it will be ok :-)

Will let you know how I go when I try next weekend (I am at a mining site until then).

Cheers,

Paul

4 Reply by West Swan

  • West Swan
  • New member
  • Offline
  • Registered: 2012-07-29
  • Posts: 3

Re: I want to delete the Boot Sector

class413 wrote:

Hello Paul.
Deleting the partitions simply deletes the partition pointers to the partition table. It doesn't erase the boot code (that is part of the whole mbr).

The following command from the Linux terminal window as root will erase the mbr

sudo dd if=/dev/zero of=/dev/sda bs=512 count=1

This will erase the first sector (512 bytes) of the hard drive /dev/sda .
Be sure that this is the right drive to erase!  So, keep your external backup drive disconnected, to avoid any bad error.

To erase anything before the (former) first partition of the drive, located at the 1st MiB, you can erase 2048 sectors:
This is for the case a virus used that area to store any info.

sudo dd if=/dev/zero of=/dev/sda bs=512 count=2048

After that, you can create a new partition table (msdos type, for windows7).

Creating a new partition table usually replaces the mbr content. In some cases it has been more efficient to erase the mbr or the fist few MiBs of the drive using the above commande.
In some rare cases, the solution was to wipe out the entire hard drive (is was related to some advanced system configurations that could store info out of the partitions, I don't think that it is your case).


Hi it's me again :-)

From what I can gather here, the second command  "sudo dd if=/dev/zero of=/dev/sda bs=512 count=2048"  does exactly what the first one does but goes even further ie deletes more. 

In other words I could use the second command without first having to use "sudo dd if=/dev/zero of=/dev/sda bs=512 count=1" ?

Sorry if I'm not making sense

Regards,

Paul

5 Reply by class413

  • class413
  • Moderator
  • Offline
  • Registered: 2007-05-25
  • Posts: 2,376

Re: I want to delete the Boot Sector

From what I can gather here, the second command  "sudo dd if=/dev/zero of=/dev/sda bs=512 count=2048"  does exactly what the first one does but goes even further ie deletes more.
In other words I could use the second command without first having to use "sudo dd if=/dev/zero of=/dev/sda bs=512 count=1" ?

Exact: the second command does the same for 2048 sectors. No need to use the first one.

Don't worry the command prompt. It is quite simple. Your system is to go from start, so you don't risk to delete anything useful.
It is true that the powerful dd command can be dangerous if you inverse by error the "if" and "of" locations.
On the other hand, such advanced operations are usually performed from the command line in any operating system.

The only GUI way to delete the mbr would be to make a new partition table. This affects the master boot sector only. However, because there was such a virus history, it is safer to clean a few more, not just the mbr.

*** It is highly recommended to backup any important files before doing resize/move operations. ***

6 Reply by easteregg

  • easteregg
  • New member
  • Offline
  • Registered: 2014-07-28
  • Posts: 8

Re: I want to delete the Boot Sector

Hi,

I thought creating a new PartitionTable would wipe the whole disk and also the MBR.
Booting a live Linux from a DVD would consume a lot of time gparted is a lot faster...
Is there any way to do this faster than to boot a Linux Live Medium isnt it enough to create a new partition table with Gparted?
Could it be possible to open a terminal during the booting process of a lubuntu live dvd f.e. to accelarate the execution of the above mentioned commands by class413?

7 Reply by gedakc

  • gedakc
  • Developer
  • Offline
  • Registered: 2007-11-30
  • Posts: 4,592

Re: I want to delete the Boot Sector

Creating a new partition table overwrites the records containing the old partition table and for the purpose of operating systems, access to the data is lost.

The data is still on the drive though and can be recovered using disk recovery software.  If you wish to completely wipe a disk so that it doesn't contain any data, then you might investigate Darik's Boot and NukeBe extremely careful to choose the correct drive to wipe.

You might also consider overwriting the entire disk device with zeros using a command such as dd.

8 Reply by easteregg

  • easteregg
  • New member
  • Offline
  • Registered: 2014-07-28
  • Posts: 8

Re: I want to delete the Boot Sector

Personally i am not afraid of data recovery because i do a lot of work in RAM and most of the times don't forget to clean it but malware is worrying me.

Can i be sure that malware is unfunctional after creating a new partition table?

I kknow this is a little bit off topic and i think i might also post my malware related questions in a malware forum too.

9 Reply by gedakc

  • gedakc
  • Developer
  • Offline
  • Registered: 2007-11-30
  • Posts: 4,592

Re: I want to delete the Boot Sector

Malware can exist in different areas.  If it is on the hard disk surface and you overwrite the entire hard disk surface with zeroes, then that malware will be gone.