tsr.boot

Discussion in 'ESET NOD32 Antivirus' started by ralijs, May 2, 2012.

Thread Status:
Not open for further replies.
  1. ralijs

    ralijs Registered Member

    Joined:
    May 2, 2012
    Posts:
    4
    please tell me what happened with the TSR.BOOT
    it is still detected in windows xp root.
    and how to remove

    or is it a fals possitive?
     
  2. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,033
    Location:
    California
    Hello,

    Can you please tell us the exact message you have received from ESET NOD32 Antivirus, as well as the exact version installed on the computer?

    Regards,

    Aryeh Goretsky
     
  3. ralijs

    ralijs Registered Member

    Joined:
    May 2, 2012
    Posts:
    4
    eset version.jpg

    tsr boot.jpg

    This is what i get
     
  4. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,033
    Location:
    California
    Hello,

    If Google Translate can be trusted, it seems the error message says "Select the boot sector 1. Physical disk - probably TSR.BOOT unknown virus [7] - not disinfect puedre". Does that seem like a correct translation to you?

    If so, my guess would be that there is more than one disk volume attached to the computer, and the second one contains code that looks suspicious (the "probably unknown TSR.BOOT" virus is a type of generic detection for these types of threats).

    By any chance, are you using anything like boot sector-based password protection or disk encryption program on the computer?

    Regards,

    Aryeh Goretsky
     
  5. ralijs

    ralijs Registered Member

    Joined:
    May 2, 2012
    Posts:
    4
    hi Aryeh

    the translated text :
    Exploration's record
    Virus's version of the data base of signatures: 7111 ( 20120504 )
    Date: 05/05/2012 Hora: 11:59:28 a.m.
    Records, folders and explored files: Operating memory;Start C:\Sector;Start Z:\Sector;C:\;Z:\
    The 1 sector of active start. He cannot get disinfected physical record - probably TSR.BOOT unknown virus 7 -
    The 1 sector of active start. He cannot get disinfected physical record - probably TSR.BOOT unknown virus 7 -
    C:\pagefile.sys - error to open 4
    The user finalized exploration.
    Quantity of explored objects: 1275
    Quantity of detected threats: 2
    Quantity of disinfected objects: 0
    Remaining time: 11:59:39 a.m. Total time of exploration: 11 seg ( 00:00:11 )

    Notes:
    4 The object cannot open. It's possible that another application software or operating system are wearing it.
    7 It's Probable That the object is infected with an unknown virus.

    my disk is partitioned in two C: & Z: 100giga for C and 350giga for Z

    I use WORD MAGIC translator wich is 95% ok both ways english and spanish :D

    Idont use any boot sector-based password protection and/or disk encryption program
     
  6. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,033
    Location:
    California
    Hello,

    The virus lab will need to get copies of the boot sector from the disk volumes (and possibly the master boot record from the hard disk drive) in order to determine why a TSR.BOOT virus is being reported. Please contact ESET technical support in your country to open a case with technical support and they will explain the process for making copies of these and sending them in for analysis.

    Regards,

    Aryeh Goretsky
     
  7. ralijs

    ralijs Registered Member

    Joined:
    May 2, 2012
    Posts:
    4
    Hi Aryeh
    i have read your advice .but it is no more possible to get that dates.my hard disk went to heaven:D .I had a lot of troubles the last week .maybe that could be the reason. but i wil remember it for next time.
    thank you very much with helping me

    roberto lijs
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.