Symantec NIS and tampered MBR/Boot Sector

Discussion in 'Computer Support' started by Ar Q, Jun 19, 2007.

  1. Ar Q

    Ar Q Guest

    My friend's harddrive/computer became kind of slow lately. She wanted me to
    found out if it is software issue or hardware malfunction. So I took her
    hard drive and hooked it to my computer (copy my hd image to her hd first).
    As some of you know, I have maximized my Norton Internet Security
    activations, so I immediately delete the NIS program. Then I run some
    diagnosis and play some popular video games. Her hard drive looks pretty
    good to me. I returned it to her and told her the problem is more like
    software issue.

    But now she only got blue screen using that hd. Taking it back to my place,
    the hd works fine again. I did some research on this issue and found some
    articles from Internet. Apparently, Symantec's activation technology is to
    write some data to MBR/Boot sector to track the number of activations having
    done and which may cause tampered hard drives inaccessible once the maximum
    number is reached. But the articles I read don't have information on how to
    reverse the effect. Will any of you knowing this matter point me to some web
    pages? (I just want to put her MBR/Boot Sector back to as it was, not
    reducing the activation count on her hard drive since she doesn't use NIS.)
    Thanks.

    (And now I officially hate Symantec.All I want to do is to impress the girl
    and instead it makes me look bad. All the craps on activation just make the
    paid customers miserable.)

    Ar Q
     
    Ar Q, Jun 19, 2007
    #1
    1. Advertising

  2. Ar Q

    Leythos Guest

    In article <SrPdi.1460$>,
    says...
    > (And now I officially hate Symantec.All I want to do is to impress the girl
    > and instead it makes me look bad. All the craps on activation just make the
    > paid customers miserable.)


    Symantec does NOT keep a drive from booting because you pirate a copy of
    it - they would be in all sorts of of trouble for that.

    You did screw up her computer, your image is not valid for her computer,
    your windows licenses is not valid for her computer, your software
    licenses are not valid for her computer.

    --
    Leythos - (remove 999 to email me)

    Learn more about PCBUTTS1 and his antics and ethic and his perversion
    with Porn and Filth. Just take a look at some of the FILTH he's created
    and put on his website: http://www.futurehardware.in/595578-2.htm all
    exposed to children (the link I've include does not directly display his
    filth). You can find the same information by googling for 'PCBUTTS1' and
    'exposed to kids'.
     
    Leythos, Jun 19, 2007
    #2
    1. Advertising

  3. "Ar Q" <> wrote in message
    news:SrPdi.1460$...
    > My friend's harddrive/computer became kind of slow lately. She wanted me

    to
    > found out if it is software issue or hardware malfunction. So I took her
    > hard drive and hooked it to my computer (copy my hd image to her hd

    first).
    > As some of you know, I have maximized my Norton Internet Security
    > activations, so I immediately delete the NIS program. Then I run some
    > diagnosis and play some popular video games. Her hard drive looks pretty
    > good to me. I returned it to her and told her the problem is more like
    > software issue.
    >
    > But now she only got blue screen using that hd. Taking it back to my

    place,
    > the hd works fine again. I did some research on this issue and found some
    > articles from Internet. Apparently, Symantec's activation technology is to
    > write some data to MBR/Boot sector to track the number of activations

    having
    > done and which may cause tampered hard drives inaccessible once the

    maximum
    > number is reached. But the articles I read don't have information on how

    to
    > reverse the effect. Will any of you knowing this matter point me to some

    web
    > pages? (I just want to put her MBR/Boot Sector back to as it was, not
    > reducing the activation count on her hard drive since she doesn't use

    NIS.)
    > Thanks.
    >
    > (And now I officially hate Symantec.All I want to do is to impress the

    girl
    > and instead it makes me look bad. All the craps on activation just make

    the
    > paid customers miserable.)
    >
    > Ar Q
    >
    >


    I didn't see anywhere where you said that before you overwrote her hard
    drive with yours that you imaged her drive so you could restore it after
    your testing. Did you do that? If you didn't image her drive before you
    began messing with it ... and restore it afterward, then you royally screwed
    up. That'll damn sure impress her.

    The first thing one does when debugging suspected hardware/software problems
    is take an image of the hard drive as it exists, just as a CYA measure. That
    image is stored on media external to the computer under test, ie. on a
    network computer or on another hard disk temporarily installed in the test
    computer.



    --
    Posted via NewsDemon.com - Premium Uncensored Newsgroup Service
    ------->>>>>>http://www.NewsDemon.com<<<<<<------
    Unlimited Access, Anonymous Accounts, Uncensored Broadband Access
     
    Colon Terminus, Jun 19, 2007
    #3
  4. Ar Q

    Ar Q Guest

    "Leythos" <> wrote in message
    news:...
    >
    > You did screw up her computer, your image is not valid for her computer,
    > your windows licenses is not valid for her computer, your software
    > licenses are not valid for her computer.
    >


    I should be more specific. I don't intend for her computer to use my
    licneses. She has her own. Before I operated on her computer, I made an
    image of her computer and restored that image after I have done my
    diagnosis/evaluation on her hard drive. What I didn't account for is that
    Symantec tampered the MBR/Boot Sector. It goes beyond the one partition I
    backed up/played/restored and has an inreversable effect on MBR/Boot Sector.

    By the way, I bought her a new hard drive. And her old hd can be used on my
    computer perfectly. (This is also not Microsoft's fault. I have done similar
    operations for others many times. But this is the first time I have NIS 2006
    installed on my computer. Before that I had NIS 2003 which doesn't have
    activations. So the similar operations are OK then.)

    Ar Q
     
    Ar Q, Jun 19, 2007
    #4
  5. Ar Q

    Leythos Guest

    In article <_RQdi.5902$>,
    says...
    >
    > "Leythos" <> wrote in message
    > news:...
    > >
    > > You did screw up her computer, your image is not valid for her computer,
    > > your windows licenses is not valid for her computer, your software
    > > licenses are not valid for her computer.
    > >

    >
    > I should be more specific. I don't intend for her computer to use my
    > licneses. She has her own. Before I operated on her computer, I made an
    > image of her computer and restored that image after I have done my
    > diagnosis/evaluation on her hard drive. What I didn't account for is that
    > Symantec tampered the MBR/Boot Sector. It goes beyond the one partition I
    > backed up/played/restored and has an inreversable effect on MBR/Boot Sector.
    >
    > By the way, I bought her a new hard drive. And her old hd can be used on my
    > computer perfectly. (This is also not Microsoft's fault. I have done similar
    > operations for others many times. But this is the first time I have NIS 2006
    > installed on my computer. Before that I had NIS 2003 which doesn't have
    > activations. So the similar operations are OK then.)


    If you Imaged her drive then there is nothing that would not have been
    restored - so it appears you imaged part of her drive and that's always
    a mistake. When you are going to clone a drive you need to clone the
    ENTIRE DRIVE not just a portion of it - this would have eliminated your
    problem.

    Restoring your drive to hers was and is a mistake, cloning it, then a
    wipe/restore and then restore datafiles would have been enough.

    --
    Leythos - (remove 999 to email me)

    Learn more about PCBUTTS1 and his antics and ethic and his perversion
    with Porn and Filth. Just take a look at some of the FILTH he's created
    and put on his website: http://www.futurehardware.in/595578-2.htm all
    exposed to children (the link I've include does not directly display his
    filth). You can find the same information by googling for 'PCBUTTS1' and
    'exposed to kids'.
     
    Leythos, Jun 19, 2007
    #5
  6. Ar Q

    Aardvark Guest

    On Tue, 19 Jun 2007 13:28:26 +0000, Ar Q wrote:

    > "Leythos" <> wrote in message
    > news:...
    >>
    >> You did screw up her computer, your image is not valid for her
    >> computer, your windows licenses is not valid for her computer, your
    >> software licenses are not valid for her computer.
    >>
    >>

    > I should be more specific. I don't intend for her computer to use my
    > licneses. She has her own. Before I operated on her computer, I made an
    > image of her computer and restored that image after I have done my
    > diagnosis/evaluation on her hard drive. What I didn't account for is
    > that Symantec tampered the MBR/Boot Sector. It goes beyond the one
    > partition I backed up/played/restored and has an inreversable effect on
    > MBR/Boot Sector.
    >
    > By the way, I bought her a new hard drive. And her old hd can be used on
    > my computer perfectly. (This is also not Microsoft's fault. I have done
    > similar operations for others many times. But this is the first time I
    > have NIS 2006 installed on my computer. Before that I had NIS 2003 which
    > doesn't have activations. So the similar operations are OK then.)
    >
    > Ar Q


    A little knowledge is a dangerous thing. :)


    --
    Registered Linux User 413057.
    Both Mandriva 2007.1 and Ubuntu 7.04
    You can have it all. My empire of hurt.

    Liverpool F.C.-more European Cups than all
    the other English teams put together :)
     
    Aardvark, Jun 19, 2007
    #6
  7. Ar Q

    Guest

    "Ar Q" <> wrote:

    >My friend's harddrive/computer became kind of slow lately. She wanted me to
    >found out if it is software issue or hardware malfunction. So I took her
    >hard drive and hooked it to my computer (copy my hd image to her hd first).
    >As some of you know, I have maximized my Norton Internet Security
    >activations, so I immediately delete the NIS program. Then I run some
    >diagnosis and play some popular video games. Her hard drive looks pretty
    >good to me. I returned it to her and told her the problem is more like
    >software issue.
    >
    >But now she only got blue screen using that hd. Taking it back to my place,
    >the hd works fine again. I did some research on this issue and found some
    >articles from Internet. Apparently, Symantec's activation technology is to
    >write some data to MBR/Boot sector to track the number of activations having
    >done and which may cause tampered hard drives inaccessible once the maximum
    >number is reached. But the articles I read don't have information on how to
    >reverse the effect. Will any of you knowing this matter point me to some web
    >pages? (I just want to put her MBR/Boot Sector back to as it was, not
    >reducing the activation count on her hard drive since she doesn't use NIS.)
    >Thanks.
    >
    >(And now I officially hate Symantec.All I want to do is to impress the girl
    >and instead it makes me look bad. All the craps on activation just make the
    >paid customers miserable.)


    Download a Win98 boot disk
    http://bootdisk.com/bootdisk.htm install to a floppy or a Bootable USB
    Pen drive (with this http://tinyurl.com/ydao7p )

    And run FDISK /MBR - will reset the MBR

    Or in the XP resource console FIXMBR is suppose to do the same thing.



    --
    Microsoft Will Help Deliver a "Better" Linux
    Remember Lindows?
    http://www.linspire.com/linspire_letter_archives.php?id=48
     
    , Jun 19, 2007
    #7
  8. Ar Q

    Ar Q Guest

    <> wrote in message
    news:...
    > "Ar Q" <> wrote:
    >
    > >My friend's harddrive/computer became kind of slow lately. She wanted me

    to
    > >found out if it is software issue or hardware malfunction. So I took her
    > >hard drive and hooked it to my computer (copy my hd image to her hd

    first).
    > >As some of you know, I have maximized my Norton Internet Security
    > >activations, so I immediately delete the NIS program. Then I run some
    > >diagnosis and play some popular video games. Her hard drive looks pretty
    > >good to me. I returned it to her and told her the problem is more like
    > >software issue.
    > >
    > >But now she only got blue screen using that hd. Taking it back to my

    place,
    > >the hd works fine again. I did some research on this issue and found some
    > >articles from Internet. Apparently, Symantec's activation technology is

    to
    > >write some data to MBR/Boot sector to track the number of activations

    having
    > >done and which may cause tampered hard drives inaccessible once the

    maximum
    > >number is reached. But the articles I read don't have information on how

    to
    > >reverse the effect. Will any of you knowing this matter point me to some

    web
    > >pages? (I just want to put her MBR/Boot Sector back to as it was, not
    > >reducing the activation count on her hard drive since she doesn't use

    NIS.)
    > >Thanks.
    > >
    > >(And now I officially hate Symantec.All I want to do is to impress the

    girl
    > >and instead it makes me look bad. All the craps on activation just make

    the
    > >paid customers miserable.)

    >
    > Download a Win98 boot disk
    > http://bootdisk.com/bootdisk.htm install to a floppy or a Bootable USB
    > Pen drive (with this http://tinyurl.com/ydao7p )
    >
    > And run FDISK /MBR - will reset the MBR
    >
    > Or in the XP resource console FIXMBR is suppose to do the same thing.
    >
    >


    This is the first thing I tried. It didn't work. All my hard drives (and
    hers, I taught her that) have 4 partitions for multi-boot.

    MS said FDISK /MBR or FIXMBR won't work on those multi-boot hard drives. I
    tried anyway. Thanks for your input.

    Ar Q
     
    Ar Q, Jun 19, 2007
    #8
  9. Ar Q

    Guest

    "Ar Q" <> wrote:

    >> Download a Win98 boot disk
    >> http://bootdisk.com/bootdisk.htm install to a floppy or a Bootable USB
    >> Pen drive (with this http://tinyurl.com/ydao7p )
    >>
    >> And run FDISK /MBR - will reset the MBR
    >>
    >> Or in the XP resource console FIXMBR is suppose to do the same thing.


    >This is the first thing I tried. It didn't work. All my hard drives (and
    >hers, I taught her that) have 4 partitions for multi-boot.


    0 Sector contains all of the partition info, FDISK will clear out any
    trash; Doesn't matter how many partitions a drive has.

    But since it didn't work, you at least know nothing is residing in the
    MBR.
    --
    Microsoft Will Help Deliver a "Better" Linux
    Remember Lindows?
    http://www.linspire.com/linspire_letter_archives.php?id=48
     
    , Jun 19, 2007
    #9
  10. Ar Q

    Ar Q Guest

    <> wrote in message
    news:...
    > "Ar Q" <> wrote:
    >
    > >> Download a Win98 boot disk
    > >> http://bootdisk.com/bootdisk.htm install to a floppy or a Bootable USB
    > >> Pen drive (with this http://tinyurl.com/ydao7p )
    > >>
    > >> And run FDISK /MBR - will reset the MBR
    > >>
    > >> Or in the XP resource console FIXMBR is suppose to do the same thing.

    >
    > >This is the first thing I tried. It didn't work. All my hard drives (and
    > >hers, I taught her that) have 4 partitions for multi-boot.

    >
    > 0 Sector contains all of the partition info, FDISK will clear out any
    > trash; Doesn't matter how many partitions a drive has.
    >
    > But since it didn't work, you at least know nothing is residing in the
    > MBR.
    > --


    Normally, for those corrupted or non-multi-boot hard disks, using FDISK /MBR
    will rewrite the MBR code and zero-out the partition table. The only
    exception is that the disk's last two bytes of MBR sector are 55h followed
    by AAh. I used some Disk Editors to read the MBR. The signature on her hard
    disk is indeed AA55h. (So after using FDISK /MBR command, no action is
    taken. The partition table is still in tact.)

    For people who want to read more on this topic, using the link on the bottom
    of this post. Pay special attention to the figure "Structure of a Master
    Boot Record" on top and Section titled "Editing/replacing MBR Contents". You
    see that there are many redundant bytes in MBR as shown in the top figure.
    Symantec's activation technology is to change some bytes of those in MBR.

    http://en.wikipedia.org/wiki/Mbr

    Ar Q
     
    Ar Q, Jun 19, 2007
    #10
  11. On Tue, 19 Jun 2007 13:55:04 -0400, Ar Q <> wrote:

    > This is the first thing I tried. It didn't work. All my hard drives (and
    > hers, I taught her that) have 4 partitions for multi-boot.
    > MS said FDISK /MBR or FIXMBR won't work on those multi-boot hard drives. I
    > tried anyway. Thanks for your input.


    Sounds like you'll have to reinstall the 3rd party boot loader, and
    avoid programs that write to track 0, without checking to see if
    the sectors are already in use.

    Regards, Dave Hodgins

    --
    Change nomail.afraid.org to ody.ca to reply by email.
    (nomail.afraid.org has been set up specifically for
    use in usenet. Feel free to use it yourself.)
     
    David W. Hodgins, Jun 19, 2007
    #11
  12. Ar Q

    Guest

    "Ar Q" <> wrote:

    >
    ><> wrote in message
    >news:...
    >> "Ar Q" <> wrote:
    >>
    >> >> Download a Win98 boot disk
    >> >> http://bootdisk.com/bootdisk.htm install to a floppy or a Bootable USB
    >> >> Pen drive (with this http://tinyurl.com/ydao7p )
    >> >>
    >> >> And run FDISK /MBR - will reset the MBR
    >> >>
    >> >> Or in the XP resource console FIXMBR is suppose to do the same thing.

    >>
    >> >This is the first thing I tried. It didn't work. All my hard drives (and
    >> >hers, I taught her that) have 4 partitions for multi-boot.

    >>
    >> 0 Sector contains all of the partition info, FDISK will clear out any
    >> trash; Doesn't matter how many partitions a drive has.
    >>
    >> But since it didn't work, you at least know nothing is residing in the
    >> MBR.
    >> --

    >
    >Normally, for those corrupted or non-multi-boot hard disks, using FDISK /MBR
    >will rewrite the MBR code and zero-out the partition table. The only
    >exception is that the disk's last two bytes of MBR sector are 55h followed
    >by AAh. I used some Disk Editors to read the MBR. The signature on her hard
    >disk is indeed AA55h. (So after using FDISK /MBR command, no action is
    >taken. The partition table is still in tact.)
    >
    >For people who want to read more on this topic, using the link on the bottom
    >of this post. Pay special attention to the figure "Structure of a Master
    >Boot Record" on top and Section titled "Editing/replacing MBR Contents". You
    >see that there are many redundant bytes in MBR as shown in the top figure.
    >Symantec's activation technology is to change some bytes of those in MBR.


    >http://en.wikipedia.org/wiki/Mbr
    >


    No, now I'm not saying the program isn't writing to the MBR for copy
    protection as a few programs do do that.

    But the above link:
    use the FDISK program from a Windows 98, or other FAT32 capable boot
    disk, as a safer alternative; to ensure only the code area, not the
    partition table, is overwritten.)

    Anyhow if you want to look and even remove anything from the MBR Use
    MBRtools http://www.diydatarecovery.nl/mbrtool.htm to back up your MBR
    first

    Then use Norton Diskedit from a Win98 boot disk (or Pen dive)
    http://download.yousendit.com/3FB6051C5AC06C62

    Diskedit starts in read only mode and you can't make any changes
    unless you demand it (by config changes).

    Diskedit is a very nice tool to look at your HD with, and you can
    snoop thru your MBR to see what's there.
    --
    Creator of N'Sync and Backstreet Boys to go on trial.
    If bad taste was a crime, he'd get the chair.
    www.suntimes.com/entertainment/people/433111,CST-FTR-swan19.article
     
    , Jun 19, 2007
    #12
  13. Ar Q

    Plato Guest

    Ar Q wrote:
    >
    > activations, so I immediately delete the NIS program. Then I run some


    In the future, never use NIS.

    --
    http://www.bootdisk.com/
     
    Plato, Jun 21, 2007
    #13
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Eric

    Boot Sector / MBR Damaged...

    Eric, Jul 3, 2004, in forum: Computer Support
    Replies:
    3
    Views:
    2,934
    Toolman Tim
    Jul 3, 2004
  2. =?Utf-8?B?U2VhbiBmcm9tIHRoZSBTdW5zaGluZSBDb2FzdA==

    Tampered with create Network - Now Wireless signal on but no Inter

    =?Utf-8?B?U2VhbiBmcm9tIHRoZSBTdW5zaGluZSBDb2FzdA==, May 10, 2007, in forum: Wireless Networking
    Replies:
    6
    Views:
    447
    =?Utf-8?B?U2VhbiBmcm9tIHRoZSBTdW5zaGluZSBDb2FzdA==
    May 11, 2007
  3. Nomen Nescio

    Re: Symantec NIS and tampered MBR/Boot Sector

    Nomen Nescio, Jun 19, 2007, in forum: Computer Support
    Replies:
    0
    Views:
    552
    Nomen Nescio
    Jun 19, 2007
  4. poster

    deleted mbr,boot sector

    poster, May 22, 2009, in forum: Computer Support
    Replies:
    14
    Views:
    624
  5. poster

    deleted mbr,boot sector

    poster, May 22, 2009, in forum: Computer Support
    Replies:
    9
    Views:
    544
    chuckcar
    May 24, 2009
Loading...

Share This Page