Home » Tips » Master Boot Record Analysis to Save Your Computer from Malware Attack

Master Boot Record Analysis to Save Your Computer from Malware Attack

author
Published By Siddharth Tehri
Aswin Vijayan
Approved By Aswin Vijayan
Published On January 19th, 2024
Reading Time 3 Minutes Reading

Analyzing MBR (Master Boot Record) is very useful for your computer to protect from any malware attack in future. There are lots to tools to analyze MBR, like: HxD (Hex Editor), MBRUtil.zip by Symantec & Sector Inspector by Microsoft. But we are going to discuss here about analyzing MBR using Hex Editor. If you want to analyze MBR using MBRUtil.zip then you can read more about this by clicking here and if you want to go with Sector Inspector then you can click here. So, first of all you need to download Hex editor by clicking here. Just unzip the Hex Editor and install it on your machine then run (always run as admin) it. Then you will see the screen as shown in fig 1.

Hex Editor

Figure 1: Hex Editor

Now you can view and backup your MBR data by going through following steps. Note: This method will work only for Windows Operating System.

  1. To view your machine’s MBR click on “Extras” at top menu items. As shown in fig 2.

    Extra in Menu

    Figure 2: Click on Extras

  2. Then click on “Open disk” then you will see all logical and physical disks are listed as shown in fig 3 and 4. Then select you primary physical disk in case of more than one Hard Drive and click OK.
    go for Open disk

    Figure 3: Click on Open disk

    As you can see in fig 4 physical disk hard disk 1 is being opened as readonly mode. This mode protects your MBR or any other data to change unknowingly. If you want to analyze or study about MBR then always choose readonly mode to open any disk. But if you want to change in Hexadecimal of MBR or any other sector then you can go without readonly mode.

    Select disk

    Figure 4: Select disk

  3. Now you will see sector 0 of physical hard drive. Sector 0 is the first sector of hard drive. MBR is always present in first sector (sector 0) of hard drive. The signature of MBR is 55AAh in Hexadecimal defines about end of MBR or Master Boot Record as shown in fig 5.

    MBR in Hexadecimal

    Figure 5: MBR in Hexadecimal

  4. You can save MBR in your computer as pdf or you can get a hard copy of the same. This will help you in future if your MBR is edited or changed by malware attack. Then you can edit MBR using hex editor as it was earlier and like this, you can recover computer from malware attack. To save MBR, you need to select first sector or sector 0 as shown in fig 6.

    Select MBR in Sector 0

    Figure 6: Select MBR

  5. After selecting sector 0, go to file at top of Hex Editor window and click on print. Then you can take a print out of MBR or you can save in PDF as shown in fig 7 and fig 8.
    Print MBR

    Figure 7: Print MBR

    MBR in PDF

    Figure 8: MBR in PDF

Conclusion

As we have discussed about analyzing and taking backup of MBR in this blog, which can help recover from any malware attack in MBR for changing its data or location.