I just updated from NOD32 v2.7 to the new v4. The detected threat is "Startup scanner boot sector MBR sector of the 0. physical disk probably unknown TSR.BOOT virus unable to clean". I have my disk encrypted with Jetico BCVE. Is there any way to exclude my boot drive w/o turning off "Boot Sectors" under "Objects" which turns off boot sector scanning on all of my drives? Thank you for any help.
Just received what seems to be a scripted reply from ESET to follow the instructions at http://kb.eset.com/esetkb/index?page=content&id=SOLN141. Not sure that zipping up a file to email makes much sense when it's the non-standard encrypted MBR that's causing the false positive.
I realize that, but when the message I report contains "boot sector MBR sector of the 0. physical disk" it's pretty clear that it isn't a file involved. Just makes me wonder if their support don't actually read the customer care requests or don't understand the difference between a file and an MBR. Or maybe I don't!
Customer care representatives should provide you with a tool for creating an image of the boot/mbr sectors which you would subsequently send to samples[at]eset.com with "False positive - boot virus" in the subject. If you haven't received it yet, let me know and I'll upload it somewhere for you.
I haven't received a reply from ESET yet. Can I use HDHacker to obtain the MBR to send to samples[at]eset.com? Will I get a reply from ESET to let me know what their results are after emailing the MBR? Thanks for your advice Marcos!
Hello, Just to check, is the TSR.BOOT virus still being reported in the MBR of the hard disk drive? Regards, Aryeh Goretsky
Wasn't this a past issue with certain brands of laptops? I had it on 2 Gateways last summer. False positive.
Hi. I'm not sure. I did submit my MBR to ESET using their MBR tool and received a reply that it was indeed a false positive that would be fixed in the next virus definitions release. However, during the time I was waiting for the reply, my system began experiencing random blue screen errors. I reverted back to NOD32 v2.7 thinking that v4 was responsible based on posts I have read here and the timing of the blue screens so soon after installing v4. I subsequently found out by using MEMTEST86+ that the blue screens were being caused by a defective stick of RAM. During the time I had run v4, I didn't see any advantages over v2.7 to re-install it (mainly I don't like the proxy method of web scanning vs. the method used by 2.7). Sorry that I can't report back definitively. If I decide to give v4 a go again, I'll post back. Thanks for checking back in with me.
Hello, A false positive alarm of the TSR.BOOT MBR virus on Jetico BCVE encrypted disk volumes was recently fixed, so unless report otherwise, I will assume the issue has been resolved for you as well. If it is not, or you once again receive a report of a virus in the MBR of the encrypted disk volume, please post a message in the forum. Regards, Aryeh Goretsky