Nod32

Discussion in 'NOD32 version 2 Forum' started by nintendoman, Dec 22, 2006.

Thread Status:
Not open for further replies.
  1. nintendoman

    nintendoman Registered Member

    Joined:
    Dec 22, 2006
    Posts:
    10
    Hi im a user of Nod32 and for just a while ago i discovered a thing when i scanned a file. It was: MBR sector of the 1. physical disk contains probably unknown TSR.BOOT virus [7].Is this something to worry about? I use Nod32 version: 1934.
    Regards Alex
     
  2. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
  3. nintendoman

    nintendoman Registered Member

    Joined:
    Dec 22, 2006
    Posts:
    10
    OK, thanks for the answer i will mail the support about it.
    Regards Alex
     
  4. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
    You're welcome and post back if u can as u progress with this.



    snowbound
     
  5. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
    I still have that "boot virus" in my digital camera .... :)
    Edit: Added ""
     
    Last edited: Dec 22, 2006
  6. ASpace

    ASpace Guest

    May be you should give your camera some pills :D :D :D
     
  7. nintendoman

    nintendoman Registered Member

    Joined:
    Dec 22, 2006
    Posts:
    10
    I`ve got an answer from Eset about the MBR sector of the 1. physical disk contains probably unknown TSR.BOOT virus [7].
    They say that i have to download the utility

    removed: disclosing private correspondence with ESET is forbidden. Should you have any problems following the advice, contact ESET's support and please refrain from disclosing any private communication here, please.

    How do you do?
    Regards Alex
     
    Last edited by a moderator: Dec 25, 2006
  8. ASpace

    ASpace Guest

    Hi ! Download that file and save in the main C .

    After you have saved it in the main C , open Start->Run , type cmd and press ENTER
    Now type the following:


    [ENTER] means to press ENTER ; note there is a space after exe

    After that contact the Support again and ask what to do afterward . They will be able to help you best . Happy holidays ! :thumb:
     
  9. wolf5612

    wolf5612 Registered Member

    Joined:
    Jan 31, 2007
    Posts:
    5
    Me too. I have an "unknown virus in MBR." Nod32 dosen't find it. No matter how many scans I do. Even in SafeMode. Spyweeper with Sophos antivirus dosen't find it. No matter how many times I scan. Even in SafeMode. My "Hips" program (Cyberhawk) sometimes notes a hit. Jv16 powertools cleans about 30 entries out of my registry every time I reboot. I wiped the entire HDD (320Gb) seven times with a program I have. Then I tried to fix the MBR with "Large Drive Tools." It just said "Virus in Master Boot Record" and stopped. Next tried "Acronis" MBR rewriter and it just said "Virus in Master Boot Record" and wouldn't do anything else. Finally I decided to reinstall WinXp with ServicePack 2 from my retail disk. First thing it said was "Virus in Master Boot Record." I clicked continue and here I am. I wrote Eset yesterday and haven't gotten a reply as yet. Any ideas would be helpful. My computer is supposedly protected behind several programs and they all have failed so far. To the person who recieved a reply from Eset please email me that program @ donald.bell at tx.rr.com Thank You.
     
    Last edited by a moderator: Feb 1, 2007
  10. wrenchmonkey

    wrenchmonkey Registered Member

    Joined:
    Feb 1, 2007
    Posts:
    5
    I noticed that alert after installing Primary Response SafeConnect by SanaSecurity.
     
    Last edited: Feb 3, 2007
  11. ASpace

    ASpace Guest

  12. wolf5612

    wolf5612 Registered Member

    Joined:
    Jan 31, 2007
    Posts:
    5
    Hey Wrench Monkey and Hitech Boy: Well, I haven't installed anything unusual recently. To Hitech Boy: Thats just it. NOD32 dosen't detect it. Dosen't mention it. Even one scan it said MDR=OK. Talking to Eset now. Post more as situation develops.
     
  13. wrenchmonkey

    wrenchmonkey Registered Member

    Joined:
    Feb 1, 2007
    Posts:
    5
    I'm also waiting for a response from them. Are you running Windows MCE?
     
  14. ASpace

    ASpace Guest

    May be there are some using Windows XP Media Center edition 05 but I do believe you should contact ESET Tech Support via phone so you check if this is FP or not :thumb:
     
  15. wolf5612

    wolf5612 Registered Member

    Joined:
    Jan 31, 2007
    Posts:
    5
    Hello, everyone. Just to update my previous post. After emailing back and forth with Eset the verdict is they are unable to help. Why, "because NOD32 does not see it, it must not be there. To give Eset credit they really tried to help. So next I used Large Drive Tools to physically rewrite the drive one sector at a time with me entering the zeros. Damn thing is still there. Somewhere. Unbelieveable! Could this be GhostSurf Platinum 2007 leaving traces? Tenebril says NO. I don't know. I ordered a new hdd from NewEgg yesterday and I will see what happens. Let you know then. I wish it was a 'unknown tsr. virus' instead of just unknown virus. Then I would know what to do.
     
  16. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Did you drop an email to support @ eset.com? As far as I know, my colleague has responded to a guy having similar detection of an uncommon boot sector image and provided him with further instructions as how to get it for analysis.
     
  17. ASpace

    ASpace Guest


    Step 1 : Unplug your computer from all the cables
    Step 2 : Open the nearest window
    Step 3 : Take the computer near the windows
    Step 4 : Take the computer and ... (you know the procedure) ....... :D :D :D :D Wow , someone have found a PC on the street :D

    just joking , of course . Seriously , if you mail Marcos , he may be able to help you ;)
     
  18. wolf5612

    wolf5612 Registered Member

    Joined:
    Jan 31, 2007
    Posts:
    5
    Hello, Everyone. Man, do I feel like an idiot. I think I've figured out what was causing all the headaches. I didn't have a virus. At least I don't think I did. I was rummaging (sp) around in bios setup and noticed that it had an option for boot sector virus checking. It was set to on. I built this computer some months ago and didn't think to look there. I disabled it and now I'm not getting those indications anymore. I've wasted two weeks or more on this and I think that is all it took. Hopefully! Sorry for all the misleading posts. it was just me being stupid again. Thanks for all the suggestions, though. Maybe it will help someone else.
     
  19. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
    I have that enabled and I'm not getting any boot_virus warning (only if I plug in my camera).
    Not a place I would look either ;)
     
  20. wolf5612

    wolf5612 Registered Member

    Joined:
    Jan 31, 2007
    Posts:
    5
    Hello, Brian N. I'm sure you are right. I was getting most of my indications from third party disk helpers of various kinds. Large Drive Tools and Acronis MBR Rewriter and some others. Also my hips program had begun acting up. There were other indications but they were more subjective, I suppose. When my hips (CyberHawk) began acting up I started using the other programs because NOD32 and SpySweeper could not find anything. Only time will tell, of course. But I hope it's over with.
     
  21. wrenchmonkey

    wrenchmonkey Registered Member

    Joined:
    Feb 1, 2007
    Posts:
    5
    I was trying to help narrow this down "Hitech boy", but you sure aren't helping much, are you? Put a cork in it.

    UPDATE: Ended up it was the MCE partition that I had suspected. When I added the primary partition after a complete format and reinstall of XP/MCE in a new Dell M2010, the remaing unpartitioned space I left for the MediaDirect part was listed as being in an unknown format. Partition Table Doctor fixed it.
     
    Last edited: Feb 11, 2007
Thread Status:
Not open for further replies.