A nasty new form of ransomware is wreaking havoc on computers. Hackers that encrypt your files and demand money from you in the form of bitcoin is bad enough, but a few versions also overwrite your Windows PC’s master boot record (MBR).
The master boot record is a key part of your PC’s startup system. It contains information about the computer’s disk partitions and helps load the operating system. Without a properly functioning MBR, your PC simply won’t work.
Ransomware that overwrites the MBR isn’t all that new, with examples of it dating back to at least 2012. More recently, the Petya variant of ransomware has been causing MBR problems. Then in August, a pesky bit of malware popped up on FossHub that overwrote the MBR, which caused headaches for affected users. And the master boot record can sometimes be damaged via less hostile actions, as well.
Luckily, destroying the MBR usually isn’t irreversible. But it’s still problematic since overwriting the MBR renders your PC inoperative until it’s repaired. On top of that, the method for fixing it is far from obvious.
Here’s how to make everything right if your master boot record was erased.
How to fix the MBRThe main way to fix the MBR is to use a command prompt and run the bootrec.exe command. In versions of Windows prior to Windows 8 and 10, you usually accessed the command prompt through recovery media like a DVD disc or USB drive. That still works in Windows 10, and we’ll discuss that method at the end of this tutorial. But the latest versions of Windows offer an easier method for running recovery commands without external media.
When you first boot up a Windows 10 PC it should recognize that there’s a problem and enter “automatic repair” mode. When it does, you’ll see the words "Preparing Automatic Repair” appear below the blue Windows logo.
If that doesn’t happen, but you do see the blue Windows logo, turn off your computer using the hard reset/power button. Keep turning the computer on and off until you see your PC booting into automatic repair. It should only take a few reboots.
nce automatic repair mode is ready, you’ll see the Automatic Repair screen. From here select Advanced options.
On the next screen, click Troubleshoot and then Advanced options once again.
You’ll see a screen with six options. If you want, you can select Startup Repair before turning to the command prompt and Bootrec. Startup Repair is an automated program that will try to fix any problems it finds on the computer disk without any intervention from the user.
It’s a good utility that may fix your problem, but Startup Repair will take far more time to complete its task than simply running Bootrec.
To use the Bootrec option, click the Command Prompt tile. This may prompt your computer to reboot yet again and then ask you to login with your password. If that happens, do so.
Once the command line appears, all you have to do is type the following, then press Enter:
bootrec.exe /fixmbrNote the space between “exe” and “/fixmbr”—it’s critical to include this space for the command to run properly. The first part tells the PC to run the Bootrec program, while the “/fixmbr” option tells Bootrec exactly what we want it to recover.
If all goes well, the command prompt should print out, “The operation completed successfully.” When you see that you can reboot your PC.
If you’re trying to recover from ransomware or some other form of malware, be sure to boot into Safe Mode and then run an antimalware program. For more details on these steps, check out our earlier tutorials on how to remove malware from a Windows PC and how to boot into Safe Mode in Windows 10.
Bootrec from a system repair driveIf you’re running an older version of Windows, or if your Windows 10 PC isn’t launching the repair options, you’ll need to use a recovery drive to fix your MBR. Start by inserting the system repair media into the PC. This will be either one you created, or a purchased version of the Windows install discs.
Next, boot your system. If you’re using a USB drive, your system’s BIOS needs to be set to boot from USB before falling back to any internal drives. If you don’t have your BIOS correctly configured, the system recovery drive will be of no use. Adding to the complication, the way you enter the BIOS (and how you set it up) is not universal. Lincoln Spector has a tutorial on how to handle setting up your BIOS to boot from USB.
Once you’ve booted into the recovery drive, you should be asked to select a keyboard layout in your language—US English in this case. Next, you’ll land on the troubleshooting screen we saw earlier.
At this point you can continue to the command prompt as we discussed earlier and run Bootrec.
If you’re on Windows 7, you’ll need to follow slightly different steps once you launch into the recovery mode. After you’ve selected the input method, select Repair your computer, followed by the operating system name. Then click Next > System Recovery Options > Command Prompt and start Bootrec using the same bootrec.exe /fixmbr as above.
Although the MBR problem is relatively easy to repair, it’s still best to be prepared for the worst in case this problem ever strikes again.
The most important thing you can do to protect against MBR erasure and most other catastrophic PC malfunctions: Back up your personal files. That means keeping a local daily backup on an external hard drive or using a third-party program for daily backups. It’s also a good idea to have a secondary backup that lives offsite, such as an online backup service like Backblaze, Carbon, or CrashPlan. PCWorld’s guide to backing up your PC for free can help you out.
You’ll also want to create a system recovery drive. This is an especially important measure in the age of Windows 10, since many early Windows 10 users upgraded to the new operating system via a digital download—and thus don’t have a physical copy of the operating system. If the automatic repair method ever fails, you’ll need a system repair drive in order to use Bootrec or any other system recovery tools.
Check out our earlier tutorial to learn how to create a system recovery drive, and the important information Microsoft won’t tell you about recovery drives.