Will Samsung Recovery Solution 5 also repair MBR when doing a total restore with partitioning?

Hi.

As title, I don't know if Samsung Recovery Solution will repair MBR and wonder if anyone else does.

I restored my computer to factory settings using recovery DVDs after malware infection, and I partitioned it myself through Samsung Recovery Solution. However I am not sure if the restore also has repaired the MBR. Does anyone know?

I can not access Windows RE to fix the MRB, and I can not use Samsung Recovery Solution "Admintool USB", so this is why I am asking.

OS: Windows 7
Program: Samsung Recovery Solution version 5

Thanks in advance

 

Hello supre, welcome to NBR.

I am a little confused about the Recovery DVD that you mention. Many older Samsung laptops that came with SRS5 and Windows 7 (including my own Series 7) also included a so-called System Recovery Media DVD. That disc is really just a plain Windows 7 OEM disc -- it doesn't contain the Samsung Recovery Software.

If that is the kind of disc you have, and you used that to re-install Windows, and deleted all partitions in the process (so-called clean install) that means your Recovery is gone. You can check if you still have your Recovery partition (called SAMSUNG_REC at the end of the drive). But even if that partition is still there, you may not be able to use it (F4) if the malware messed with your MBR or if your installation already re-wrote the MBR -- which contains a necessary link for Recovery to work.

If you still have a working Recovery that you can boot with F4, I would recommend you use that to perform a factory restore. Use the Complete Restore function (under Advanced) to make sure it rewrites the MBR. Also, if you are able to boot Recovery, I definitely would create a USB Admin Tool and backup the Recovery, as described in this post.

But I think you're saying you cannot boot Recovery with F4, right?

If so, your Recovery is lost anyway, and you might as well wipe the disk and the MBR completely to get rid of that malware (as you suggested). You can open a Command Prompt (Shift-F10) after booting the Windows DVD (that System Recovery Media disc), then use the following command to rewrite the MBR:

bootsect /nt60 SYS /mbr

If you want to be completely sure that the malware hasn't snuck back in, you should continue performing the WIndows installation on newly created partitions after rewriting the MBR. You can use the Win7 installation guide here to make sure you get all the Samsung drivers etc done right (it's post #40, NOT the guides on the first page of that thread).

 

Wow. Thank you so much for a fast and detailed reply.

Sorry for being unclear.

The recovery DVDs are those that I made myself, created using the Samsung software the day I bought the computer. I didn't get any DVDs with my computer, sadly.

I have already done a Complete Restore, as you mentioned, by going through the Advanced button. I did not have to deal with the F4 recovery as the recovery software started just by me putting the DVDs in. By doing the Complete Restore, it gave me the option to partition my disks aswell.

So, so far I have managed to do a Complete Restore. All good, no issues with that. Sadly I can not create USB admin tool as it's greyed out (disabled) for me no matter what I do.

My problem is however I am kinda worried that the malware will come back through MBR and I am not really sure if the Complete Restore also "repairs" the MBR back to the default.

Thanks again! I really appreciate it.

 

Got it, thank you for that clarification.

So, I gather you used the Complete Backup feature in Recovery to save your system onto a number of DVDs, correct? I would think the Complete Restore also rewrites the MBR, but I am not 100% sure.

If you are able to boot Recovery with F4 and select a Complete Restore in there (as opposed to booting it from the Recovery DVD) that should perform a "true" factory restore from the image on the HDD Recovery partition. To be honest, I am not even sure if that will re-write the MBR boot code -- although I would think so. And there is a small risk that the malware could still be loaded and survive this way.

If you ARE able to F4 boot Recovery, you should also be able to create a USB Admin Tool using Management Mode in there (again, see this post). Admin Tool has an MBR Fix function.

If you are NOT able to F4 boot Recovery, that means your Recovery is gone anyway, in which case (again) there is nothing to loose by manually re-writing the MBR from a Windows Setup disc.

You can legally download Windows 7 ISOs from Digital River (see this) and burn a clean Windows 7 Setup DVD. Make sure you get the exact same version and language as what you currently have. And do this on a malware-free computer.

Then boot that Windows DVD and use the bootsect command to re-write the MBR. It shouldn't hurt your Windows installation, although it likely WILL destroy the Recovery F4 link -- which is why I only recommend it if your Recovery is already lost anyway. Just in case, make sure you have your Windows Product Key (on a sticker on the bottom of the laptop or on your power supply) in case you need (or decide) to re-install Windows.

After re-writing the MBR from a clean Windows DVD, you can proceed to clean install Windows to make sure the malware is completely gone, or you could boot your Recovery DVD (the backup you made) and restore from there.

I hope that works. Please keep us posted.

 

Exactly! I did backups through the Samsung Recovery Solution software into a few DVDs.

I tried this both by going through F4 boot recovery (which works just fine) and by putting in the DVDs, yet the "Admintool USB" button is still greyed out (disabled) for me. I am not sure how to fix it, and the post you linked does not say anything about it sadly.

Thank you so much. I will think a bit more about it on how to solve this.

EDIT: I have managed to find the DVD that came with Samsung computers. It is called "Samsung Recovery Media". But I can not find any information on what this exactly is. Does it contain all the necessary Samsung drivers, or is it just plain Windows 7 disc? Thanks!

 

It's just a Windows disc.

You can get all the Samsung drivers and Samsung software using SW Update. Ideally, you download everything in advance and put onto a flash drive. Note, however, that if Samsung also included any 3rd party software then you won't be able to get that through SW Update although such software would have been included in the recovery partition.

John

 

It is puzzling why your Recovery, which otherwise seems intact, does not let you create the Admin Tool. I wonder if the fact that you created the Complete Backup on those DVDs somehow affected this. Did you try and F4 boot Recovery without the backup DVD inserted?

Anyways, since you have that "Samsung Recovery Media" as well (which is just a Windows disc, as John mentioned), I recommend you the following steps (I'll try to be more specific this time):

1) F4 Boot Recovery (or load the Samsung Recovery Solution app for Windows) and create a System Software backup. This will save all drivers and other software onto a DVD. You generally don't need this for drivers, since SW Update will download more recent ones anyway, but it also backs up the 3rd party software mentioned by John, which is not offered in SW Update.

2) Boot your "Samsung Recovery Media" DVD, and open a Command Prompt after Windows Setup has loaded (Shift-F10), then use the previously described bootsect command to re-write the MBR. This will wipe the malware for sure. BUT there is a significant risk that it will also subsequently prevent you from F4 booting Recovery. And even a risk (though smaller) that it will prevent you from loading your Backup DVDs. I would personally take that risk, since there is nothing in your Recovery you don't have elsewhere. (While this statement is true in your case, it is definitely not true for all Samsung laptops, particularly not Win8.x-delivered models, where Recovery may be the only Windows installation media, and which do not have the ability to backup System Software as easily). After re-writing the MBR with the bootsect command, close Windows Setup.

3a) Boot your Backup DVD and perform a Complete Restore again. Hopefully that will still boot (knock on wood). This will ensure the malware hasn't re-infected your WIndows installation (in case it had survived in the MBR before). Once this is all done, test if you can still F4 boot Recovery -- and please let us know for posterity.

3b) If you should be unable to boot your Backup DVD's (again, knock on wood) you can perform a clean install of Windows using your "Samsung Recovery Media". It really is a very smooth process, just follow the install guide here (post #40, NOT the guides on the first page of that thread). You can use your System Software backup to install all drivers and software, although I recommend you use SW Update as described in that guide. You want to download the latest WiFi drivers first, since Win7 doesn't include them (covered in the guide if you have Intel WiFi). Or use an Ethernet LAN connection until SW Update is done downloading and installing everything.

Again, whatever you choose, please keep us posted

 

Once again, excellent post. This is exactly the conclusion I have came to today.

During the day the only question I have been trying to answer by searching around the web is: Can I still use my Backup DVDs if I repair MBR using "Samsung Recovery Media"

After all, using my own backup DVDs are much easier for me that is not so good with computers, than dealing wiht the "Samsung Recovery Media". I tried creating admintools by booting in recovery through F4, didn't work. I also tried a few other things that I read on the internet, didn't work.

I will definitely keep you guys updated. Thanks once again.

 

Hey again guys.

I decided to do something else. I put in my recovery DVDs and opened admin tools. There I had access to a command prompt and I saw that bootsect.exe also exists there. I then used that bootsect to repair MBR, and it said itself that it was successful but I have no way to tell if i really was.

I also made sure that the bootsect can't be corrupted because I found out that after each format I do, it resets the files through DVD.

 

Thank you for the update. Yes, that should work just as well as running bootsect from the Windows DVD. It it confirms successful writing of the MBR, you can be certain that the malware is gone from the MBR. If you follow that up with a clean install (or restore from your Recovery discs) there is almost zero risk that the malware could survive.