How to rewrite the Master Boot Record MBR in case of rootkit Windows XP Vista 7

Whether it be due to hard disk corruption, or more likely a boot kit or rootkit, you may need to rewrite the Master Boot Record.

Rewrite the MBR in XP:

Boot into XP Disk, repair mode, recovery console

Then type

fixmbr c:

and press enter

Vista and 7 (32 or 64 bit)

To run the Bootrec.exe tool, you must start Windows RE. To do this, follow these steps:

  1. Put the Windows Vista or Windows 7 installation disc in the disc drive, and then start the computer.
  2. Press a key when you are prompted.
  3. Select a language, a time, a currency, a keyboard or an input method, and then clickNext.
  4. Click Repair your computer.
  5. Click the operating system that you want to repair, and then click Next.
  6. In the System Recovery Options dialog box, click Command Prompt.
  7. Type Bootrec.exe, and then press ENTER.

Bootrec.exe options

The Bootrec.exe tool supports the following options. Use the option that is appropriate for your situation.

Note If rebuilding the BCD does not resolve the startup issue, you can export and delete the BCD, and then run this option again. By doing this, you make sure that the BCD is completely rebuilt. To do this, type the following commands at the Windows RE command prompt:

  • bcdedit /export C:\BCD_Backup
  • c:
  • cd boot
  • attrib bcd -s -h -r
  • ren c:\boot\bcd bcd.old
  • bootrec /RebuildBcd


The /FixMbr option writes a Windows 7 or Windows Vista-compatible MBR to the system partition. This option does not overwrite the existing partition table. Use this option when you must resolve MBR corruption issues, or when you have to remove non-standard code from the MBR.


The /FixBoot option writes a new boot sector to the system partition by using a boot sector that is compatible with Windows Vista or Windows 7. Use this option if one of the following conditions is true:

  • The boot sector has been replaced with a non-standard Windows Vista or Windows 7 boot sector.
  • The boot sector is damaged.
  • An earlier Windows operating system has been installed after Windows Vista or Windows 7 was installed. In this scenario, the computer starts by using Windows NT Loader (NTLDR) instead of Windows Boot Manager (Bootmgr.exe).


The /ScanOs option scans all disks for installations that are compatible with Windows Vista or Windows 7. Additionally, this option displays the entries that are currently not in the BCD store. Use this option when there are Windows Vista or Windows 7 installations that the Boot Manager menu does not list.


The /RebuildBcd option scans all disks for installations that are compatible with Windows Vista or Windows 7. Additionally, this option lets you select the installations that you want to add to the BCD store. Use this option when you must completely rebuild the BCD.


SFC /scannow wrong disk error

If you’ve used SFC /scannow and it asks for a disk to replace system files, and gives the error “Wrong Disk” for whatever reason.

To fix the problem when you only have a restore CD you’ll have to search for a folder on your hard drive (or on the restore CD) that’s named “i386” (without the quotes). Once you find that, copy it to your hard drive at the root (C:\i386). Make sure that the directory is located at the root of your C: drive (C:\i386) – if not, then you’ll need to change the path to the proper entry in the registry edit.

Then perform this registry edit to point SFC.EXE at it:

So, the first step is to backup your registry. The easy way to do this is to set a System Restore point (…temrestore.mspx )

Next, go to Start…Run…and type in “regedit.exe” (without the quotes) and press enter. You’ll see a folder-like view on the left, and entries on the right.

Navigate down the folder view on the left to: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Setup Just click on the + sign to expand the view of the next level – so, to start, you’ll click on the + next to HKEY_LOCAL_MACHINE and look for the SOFTWARE entry.

Then you’ll click on the + next to SOFTWARE and look for Microsoft, and so on until you get to the Setup key. Then just click once on the Setup key.

Look in the right hand pane and double click on the entry that says “SourcePath”.
In the box that pops up, type in “C:\” (without the quotes) and press Enter. Then close regedit and reboot your computer. SFC.EXE /SCANNOW should now run without problems for you.

Dell: Primary Drive 1 Not Found or Primary Drive 0 Not Found

This problem typically crops up on older Dell Dimension and Optiplex desktops but could also happen on the Inspiron and Latitude laptops. It seems scary because it acts like the hard drive is dying but usually its a lot simpler than that!

The solution:

Boot the computer and immediately start tapping the F2 Key to get into the BIOS. Turn on Caps Lock, Scroll Lock and Num Lock. Hold down the ALT key and then press (in sequence) E, then F, then B. Do not hold them down and do not press them at the same time. The computer will reboot and reconfigure IDE. That should solve the problem and the computer will boot normally.