[false positive?] unknown Virus TSR.BOOT w/inserting USB stick

Discussion in 'ESET NOD32 Antivirus' started by hrundi, Oct 28, 2012.

Thread Status:
Not open for further replies.
  1. hrundi

    hrundi Registered Member

    Joined:
    Oct 28, 2012
    Posts:
    4
    Location:
    DE
    inserting an usb stick results in warning (german system):

    "Warnung
    Bedrohung erkannt
    Objekt: Bootsektor von Laufwerk F:
    Bedrohung: möglicherweise unbekannter Virus TSR.BOOT Virus
    Bitte reichen Sie das Objekt zur Analyse bei ESET ein.

    Keine Aktion
    Das Objekt enthält eine potenzielle Bedrohung. Es wird jedoch weder gesäubert noch gelöscht, sondern verbleibt unverändert auf Ihrem System"

    Stick is Kingston Data Traveler 400 (tends to a corrupt filesystem ;-)

    NOD32 5.9.2.12 complains about the sticks bootsector, on-demand scan is OK. Signature is 26.10.2012 20:40

    Avira, Kaspersky, Bitdefender, Malwarebytes, McAfee Stinger -> everything is OK!

    May be a false positive?

    Regards,
    hrundi
     
  2. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
  3. hrundi

    hrundi Registered Member

    Joined:
    Oct 28, 2012
    Posts:
    4
    Location:
    DE
    ... opened a ticket but no response from ESET yet.
     
  4. hrundi

    hrundi Registered Member

    Joined:
    Oct 28, 2012
    Posts:
    4
    Location:
    DE
    ... got response from german distributor after a week asking me to overwrite the MBR and check if the warning still exists :eek:(

    [no comment]

    Asked him to route the ticket to ESET >>>support<<<.
     
  5. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    There's a tool for dumping MBR, run it and send the dumps to ESET as per the instructions here. Check your PM for more information.
     
  6. hrundi

    hrundi Registered Member

    Joined:
    Oct 28, 2012
    Posts:
    4
    Location:
    DE
    ... was confirmed as false positive. Should be eliminated in next version.
     
Thread Status:
Not open for further replies.