Instead of:
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional"
It's a teeny tiny thing, but makes all the difference. This time when I fired it up, everything worked. Now that I had access to Windows and Anti-Malware again, I wanted to see what was so damn special about the previous boot.ini that it got flagged and created this whole mess to begin with.
I restored it to the original location, renamed it (just in case, so it wouldn't boot with the questionable file in case there really was something wrong with it), and opened it up in Sandboxie (again, can't be too careful). Instead of having legible command lines in plain English, it was the sort of thing you expect when you open a compiled file, all sorts of random characters, spaces, and other gibberish that makes no sense to the average human, but computers understand.
I don't know if this happened prior to the Anti-Malware scan (or more importantly, how it would have happened) or during the quarantining process, but I figured if it was bad once, it should be bad again, right? So I right-clicked the file, ran Anti-Malware specifically on it, and it came back with "No Malicious Items Found." Um, okay. So I scanned the entire computer again with the same result, no malicious items found. Weird.
I still don't know what that was all about, but I deleted the "suspect" file anyway since I'd built a working one in its stead. I still trust MBAM, though its flawless armor now has a chink in it. It's simply one more example of how even the best security software isn't perfect. Heck, if I didn't know how to repair the damage, MBAM could have effectively done more harm to my system than many of the threats it's designed to protect against.
How's that for a healthy dose of irony?
Article comments
1 - Eva Pintor
Lesson learned again...software is not perfect. Thanks for the alert. I'm pretty cautious, usually, but We all get comfortable that our security tools know what they're doing, so yours is an excellent lesson.
2 - Mark Buckingham
I found it especially troubling that after I released the "suspect" file back onto the system and re-scanned it, MBAM didn't flag it again. Crazy fluke that almost cost me my data.
3 - Tony
I expect being a systems file boot.ini the security software reviews it once each scan for problems (not a malware check), has the boot ini being modified to load a boot loader virus? for exanple. In this case it identified it was faulty and unfortunately did not take any step other than the default quaranteen. It would do this because it detected corruption and should know better and give you advice to fix it before rebooting. A smart tool would rebuild the boot.ini automatically. Once you fixed it and did a malware scan it checked the content against it's signature database and there was no malware, never was. Not surprising I expect if you replaced the the good file with the bad it would quarenteen it again.
Would other tools do it better? I don't know but yes the software could be better.