[Solved]Nod32 Beta detects unknown tsr boot virus

Discussion in 'NOD32 Early v2 Beta' started by smooth, Jun 2, 2003.

Thread Status:
Not open for further replies.
  1. smooth

    smooth Guest

    Everytime I run a check I get:

    MBR sector of the 1. physical disk contains probably unknown TSR.BOOT virus.

    How do I get rid of it? What is it even? I tried clicking on clean but that didn't do anything. any help is appreciated.
     
  2. jan

    jan Former Eset Moderator

    Joined:
    Oct 25, 2002
    Posts:
    804
    Re:Nod32 Beta detects unknown tsr boot virus

    Hi Smooth,

    pls. send the sample to samples@eset.com with cc to support@eset.com with a subject "Smooth - TSR.BOOT virus - for Jan", if possible.

    Thanks, :)

    jan
     
  3. Andreas1

    Andreas1 Security Expert

    Joined:
    Jan 29, 2003
    Posts:
    367
    Location:
    Mainz (Ger)
    Re:Nod32 Beta detects unknown tsr boot virus

    If there is no sample to send - after all the alert is about a virus in some special sector on your hdd, not in some file -, you can make an image of that sector with MBRTool and then send that. But this is just in case that it isn't obvious from the alert what you're supposed to send...
    HTHH,
    Andreas
     
  4. Smooth

    Smooth Registered Member

    Joined:
    Jun 2, 2003
    Posts:
    16
    Re:Nod32 Beta detects unknown tsr boot virus

    Thanks Andreas, I was wondering about that.
     
  5. Smooth

    Smooth Registered Member

    Joined:
    Jun 2, 2003
    Posts:
    16
    Re:Nod32 Beta detects unknown tsr boot virus

    I can't do squat. MBRTools claims I don't have any hard drives.

    I'm running XP so that's the first error that pops up.

    My hard drive is on an integrated RAID channel on my ABIT KT7a-RAID board (Highpoint 370).

    Not really sure what to do now. No other virus program has detected this so what else could be going on?
     
  6. Andreas1

    Andreas1 Security Expert

    Joined:
    Jan 29, 2003
    Posts:
    367
    Location:
    Mainz (Ger)
    Re:Nod32 Beta detects unknown tsr boot virus

    here's another tool: http://www.ranish.com/part/
    If that doesn't work you could try some of those Bootable Linux CDs like Knoppix or so.
    I have no experience with RAID, so others will have to help you further.
    CU,
    Andreas
     
  7. Smooth

    Smooth Registered Member

    Joined:
    Jun 2, 2003
    Posts:
    16
    Re:Nod32 Beta detects unknown tsr boot virus

    Actually , I realized that I don't have it on the RAID channel anymore (it never was part of an array).

    I used to dual boot gentoo on this and I wonder if some remnants of grub were left behind--although I don't know if that would trigger this.

    I can't figure out why the program you suggested won't work except for the fact that I'm running XP.

    Also, no other virus scanner has picked this up--something seems fishy...
     
  8. Smooth

    Smooth Registered Member

    Joined:
    Jun 2, 2003
    Posts:
    16
    Re:Nod32 Beta detects unknown tsr boot virus

    Does anyone have any ideas or other suggestions as to how I can clean my boot sector?

    Can I just wipe it out?

    I have NTFS so maybe that's why mbrtools isn't working. I don't know how to make a current emergency boot disk and, even if I did, nothing can clean it since it's an "unknown" virus.
     
  9. faffy

    faffy Registered Member

    Joined:
    Jan 7, 2003
    Posts:
    23
    Re:Nod32 Beta detects unknown tsr boot virus

    You could try to boot from a win98 floppy and write

    fdisk /mbr

    Be careful, if you use lilo or grub to load linux then it will delete them!

    Faffy
     
  10. Smooth

    Smooth Registered Member

    Joined:
    Jun 2, 2003
    Posts:
    16
    Re:Nod32 Beta detects unknown tsr boot virus

    Thank you.

    I should be more clear:

    Will fixing the mbr eradicate this unknown tsr boot virus?

    will installing lilo or grub (effectively destroying my windows boot manager) wipe out the virus and then I can use XP to fix the mbr?

    Or, are remnants of grub or lilo being tagged by nod as a virus as a false positive?


    failing all that, does anyone know how I can get a copy of my ntfs boot sector to jan so the problem can be addressed correctly?
     
  11. jan

    jan Former Eset Moderator

    Joined:
    Oct 25, 2002
    Posts:
    804
    Re:Nod32 Beta detects unknown tsr boot virus

    Hi Smooth,

    you've got a mail!

    Rgds, :)


    jan
     
  12. Smooth

    Smooth Registered Member

    Joined:
    Jun 2, 2003
    Posts:
    16
    Re:Nod32 Beta detects unknown tsr boot virus

    Thanks, Jan.

    That didn't work but I used my XP CD and went into repair mode.

    typed "fixmbr"

    seemed to work.

    Thanks for everyone's help.
     
  13. Smooth

    Smooth Registered Member

    Joined:
    Jun 2, 2003
    Posts:
    16
    Re:Nod32 Beta detects unknown tsr boot virus

    Jan, since I was a guest when I started the topic I can't edit the title to reflect that the issue is solved.

    Could you take care of that when you have the time?
     
  14. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    Re:Nod32 Beta detects unknown tsr boot virus

    :) Not normal procedure here Smooth, but if it makes you feel better. :)

    Regards,

    Pieter
     
  15. jan

    jan Former Eset Moderator

    Joined:
    Oct 25, 2002
    Posts:
    804
    Hi Smooth,

    >Jan, since I was a guest when I started the topic I can't edit the title to reflect that the issue is solved.

    I think this is not necessary - the main point is you are OK now :)

    Have a great time, :cool:

    jan
     
Thread Status:
Not open for further replies.