MBR sector of the 1. physical disk probably unknown TSR.BOOT virus unable to clean

Discussion in 'ESET NOD32 Antivirus' started by weemarn, Nov 11, 2009.

Thread Status:
Not open for further replies.
  1. weemarn

    weemarn Registered Member

    Joined:
    May 28, 2009
    Posts:
    34
    Hi,
    I have 3 x 2003r2 servers on 3.0.672\4595 that have the following message on the erc when restarted;

    'MBR sector of the 1. physical disk probably unknown TSR.BOOT virus unable to clean'

    any pointers whilst i am slugging through the Forums. a visit to the dc would like to be avoided.
     
  2. weemarn

    weemarn Registered Member

    Joined:
    May 28, 2009
    Posts:
    34
  3. Mister Natural

    Mister Natural Registered Member

    Joined:
    May 10, 2007
    Posts:
    225
    Location:
    3rd density St. Louis
  4. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,032
    Location:
    California
    Hello,

    Did this just start? Is there anything unusual about the storage controller or the disk volumes on those servers?

    Regards,

    Aryeh Goretsky
     
  5. weemarn

    weemarn Registered Member

    Joined:
    May 28, 2009
    Posts:
    34
    Hi,
    The 2 boxes were rebooted and the virus was detected then.
     
  6. scouseneil

    scouseneil Registered Member

    Joined:
    Nov 12, 2009
    Posts:
    1
    Using Eset Security 4 and got the same problem, have we got infected or is it false positive
     
  7. SolidState

    SolidState Registered Member

    Joined:
    Dec 18, 2007
    Posts:
    92
    I'd make a BartPE bootdisk and run various AV on that disk. This is the only real way to remove something like that if it's not a false positive. Here is a great video on how to do this...

    http://www.youtube.com/watch?v=OYIktyeIKqI&feature=related

    Matt has great videos and reviews!

    http://www.youtube.com/user/mrizos

    He's not the most technical nor is he a programmer etc. But this guy has some really good REAL WORLD experience and he's willing to share it with the world. I've found his methods for removal are the best around using a BartPE bootdisk with combofix, SAS and Antivir etc. Shame we can't get NOD32 on a BartPE disk ESET or scan registry hives from something other than the host machine! SAS can scan hives from a windows install other than the one it's running on! Please add this functionality Eset!
    Solid-State
     
    Last edited: Nov 12, 2009
Thread Status:
Not open for further replies.