You still need to type in a DOS like prompt:
From CompCav:
"click start
click Programs
click HBCD Menu
click Browse folder
in right hand window page down to MbrFix.cmd
a black command window will open and also a MbrFix.txt window.
In the taskbar click on the c:\ in the box next to B:\Temp\HBCD...
Now the black command window should show with b:\Temp\HBCD>_
Type the command as you had in #29 with adding the location to save the file.
MbrFix /drive 0 savembr C:\Backup_MBR_0.bin
(The OP can check on the c drive to see it is in the root directory)
Then the command to fix it:
MbrFix /drive 0 fixmbr /yes
Then he can close the command window and click Start in the lower left hand corner,
click Shutdown
in the window that comes up hit the down arrow to select Restart / Eject
Then click OK
(The machine will eject the Hirens Boot CD and Start up normally.)"
This leaves the E:\ partition intact so perhaps we should try and run MBR Wizard while we are here before we reboot?
It's not clear to me from the write up how exactly it gets to the E:\ partition but the writeup I saw had people reinstalling Windows and getting reinfected because they hadn't removed the partition.
http://resources.inf...tealth-rootkit/
Ron