Tough Problem...MBA taken over my machine

C

ChiroGeek

Guest
I'm usually pretty good at solving problems but this ones got me stumped.

My 10 year old daughter, who lives on Yahoo chat, was trying to down load the 'booter' programs (to kick people out of chat rooms). She for some insane reason, down loaded a program called MBA (Managed Boot Agent ROM image) and installed it. She called me into her room cause she can no longer access the internet over our home lAN.

Well this MBA has blocked her computer from our network. So I though I would just Format C: her hard drive through FDISK.

I thought wrong. This MBA will not allow my to boot into a floppy disc, or Boot disc CD, or even the WinXP pro disc!

The hard drive is a Deskstar 120MB IBM. I though maybe I could use the IBM disc utility to 'zero' the drive but again - that MBA has this hard drive locked.

Any ideas how I can wipe this hard drive clean?? I don't have to save anything, just wipe.

Thanks for taking the time to read this!

Doug G.

Machine:
PIII 650
Asus CUSL-2 mother board
OS: Window XP prof

PS: The MBA program is made for IBM think pads!
 
Managed Boot Agent ROM image Sounds like it got loaded into the BIOS ROM from the name???

Assuming it didn't. Go to bios and change the boot sequence to floppy and nothing else. Now hopefully you have a WD drive and can use their boot floppy to "Repair Track 0". If not a WD there is a program that does Track 0 repair on any drive. I'll go looking for it. It's somewhere in my 30 gig collection of utilities I use once every year or two...

EDIT:
I hate being right when it's bad news:
http://www.argontechnology.com/mba/index.shtml

The program can mess with your bios or can be loaded into a LAN card ROM to remote boot from servers.

Enter bios setup (if it will let you) and turn off boot from LAN if it's on. If you can boot from floppy then it only changed your LAN card. Note not all LAN cards have a boot rom installed.

If you still can't boot from floppy then it modified the motherboard bios. Try reseting the cmos settings. I doubt if this will work but it's my last straw to grasp at short of replacing the bios chip.

If you could boot to floppy you can re-flash the bios to a verison from the manufacturers web site. If you can't boot then you have to replace the chip. Unless you have one of the newer gigbyte boards with dual bios. Then you can just flash the back up into the primary from the bios setup screen.
 
I just tried switching motherboard ( I had an extra ) and its still there! It most be on the hard drive - tract zero?.

I paid a lot for this 120 gig IBM Desk star and would hate to lose it.

I've already swithced the boot order on the dest top.

Any other ideas?

doug G.
 
Managed Boot Agent (MBA) is a client-based software that allows for you to boot a machine using different configurations (such as boot from server, boot from file, etc). MBA is made for a business environment. The reason for your daughter not being able to connect to your home LAN is probably due to a NIC/MBA driver conflict. Since MBA is software, it can usually be uninstalled from Within Windows. However, it could have enabled it in the bios (unlikely) or in the MBR of the HD (most likely). To get rid of this, simply go into the system BIOS and disable all boot devices BUT the CD-ROM (no floppy, no HD, no network boot). Then, simply boot the machine to your Windows XP CD. When you get to the very first install screen, press R for Recovery Console. Once you login to recovery console, type fixboot. When that finishes, type fixmbr. That should remove the program. There is no need to low-level format (write zeroes) or reformat the drive.
 
Thank Reg for your time.

I did exactly as you instructed. Both 'fixboot' and 'fixmbr' worked fine.

When I rebooted, it MBA was still there, and still blocking my floppy. I was able to boot the XP-CD this time, and reformat.

I'm reinstalling now but wondering if MBA will continue to hang around??????

I wanted to run 'DEBUG' from the win98 boot disc to kill off everything but couldn't.

I have a win98 boot disc on a bootable CD but this failed as well.

I'll let you all know how it goes.

Doug G.
 
before you let your daughter loose on the pc again, make her anything but an admin account ;)
after downloading hack tools, it's probably going to happen again.
 
Strike two!

Thanks for your replies.

By running 'fixboot' and 'fixmbr' from the recovery console, I was able to boot to the winxp CD and re-partition and re-format.

To my surprise the MBA is still on the fresh install! As suggested, the .exe must be in dos somewhat, but where!

This has turned into quite a puzzle!!

To Recap: I've switched mother boards, pulled the nic card, re-partitioned, and re-formated the hard-drive, run fixboot and fixmbr from the recovery console; and still the MBA program lives on!!!!!!!!!!!!!! I'm unable to boot to a floppy.

I'll try some of the suggestions above next. Please let me know if anyone else has an idea.

Doug G.
 
did you try clearing CMOS yet? I saw it suggested but you didn't mention that in what you replyed.:confused:
 
Boot off a DOS floppy and run "fdisk /mbr" at the prompt.

JJB
 
I saw somthing like this in action once. We (my m8 and myself) were messing around on computers of EasyInternet (you know, the cybercafes). We managed to get pass the GUI security but the the pc rebooted, formatted, reinstalled from image and booted again... the whole procedure didn't take more then 10 minutes. I couldn't believe my eyes... :)

I wonder how do they build such a persistent application... But I agree with Gonzo, I don't think that a 10 year old qualifies to be a system administrator... :D

And.. I have no idea how to remove it either.. :(


Good Luck,


Lukas
 
Thanks for all your help everyone!

It was the NIC card!!! I pulled it and must have got it mixed up with another and accidentally thrown it back in.

The MBA must have flashed the NIC!

Thanks again

Doug G.
 
all that trouble formatting and reinstalling, only to find out it was the NIC... all I can say is ouch.
 
Yes, it was quite the challenge!!!!

I never believed that a NIC card flash could cause such trouble, even when disconnected from the network!

The kid is back on her machine, with only user power this time! LOL
 
To me, that's just strange... I could see a problem if the NIC had a boot rom on it, perhaps.. but a stock NIC, that just seems asinine that one program could flash itself into the NIC.
 
You must log in or register to reply here.

Members online

No members online now.
Total: 214 (members: 0, guests: 214)

Affiliates

lunarsoft.net techzonez.com

- Contact us to trade links -

OSNN OSNN NTFS XP-erience

Latest profile posts

Steevo
Steevo
Also Hi EP and people. I found this place again while looking through a oooollllllldddd backup. I have filled over 10TB and was looking at my collection of antiques. Any bids on the 500Mhz Win 95 fix?
•••
Steevo
Steevo
Any of the SP crew still out there?
•••
Xie
Xie wrote on Electronic Punk's profile.
Impressed you have kept this alive this long EP! So many sites have come and gone. :(

Just did some crude math and I apparently joined almost 18yrs ago, how is that possible???
•••
N
Nismo83
hello peeps... is been some time since i last came here.
•••
Electronic Punk
Electronic Punk wrote on Sazar's profile.
Rest in peace my friend, been trying to find you and finally did in the worst way imaginable.
•••

Forum statistics

Threads
62,015
Messages
673,494
Members
5,623
Latest member
AndersonLo
Back