Unable to delete unknown TSR.boot virus

Discussion in 'NOD32 version 2 Forum' started by Chiana, Dec 7, 2004.

Thread Status:
Not open for further replies.
  1. Chiana

    Chiana Registered Member

    Joined:
    Oct 7, 2003
    Posts:
    90
    Location:
    Oz
    Hi,

    A scan with NOD32 has revealed a unknown TSR.boot virus in the MBR. I have tried to clean but the virus still hangs on and quarantining is not an available option. Have tried safe mode as well.

    Does anyone have any ideas on how to delete this without a complete system reformat? Any and all help much appreciated.

    Chiana
     
  2. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    With this issue can you please send an email to support@nod32.com and place a link to this thread. If you do not hear from Eset within 3 days (allows for weekends), please advise us here...

    We would appreciate if you could keep us in the loop with your progress, as we all learn this way…

    Cheers :D
     
  3. Chiana

    Chiana Registered Member

    Joined:
    Oct 7, 2003
    Posts:
    90
    Location:
    Oz
    Hi Blackspear,

    Wow, talk about a fast response! :eek: Thank you and will keep you posted. Email has been sent to Eset.

    Rgds

    Chiana
     
  4. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
  5. redwolfe_98

    redwolfe_98 Registered Member

    Joined:
    Feb 14, 2002
    Posts:
    581
    Location:
    South Carolina, USA
    this is the third post today where i read that people had gotten a boot sector virus.. i wish i knew more about the subject..
     
  6. arrowsmithmidwest

    arrowsmithmidwest Registered Member

    Joined:
    May 12, 2004
    Posts:
    165
    Location:
    Midwest
    i have had experience with this before, it for me it was a false positive, it was a boot loading program on Acer laptops, sorry i cannot remember what the program was called though.
     
  7. Chiana

    Chiana Registered Member

    Joined:
    Oct 7, 2003
    Posts:
    90
    Location:
    Oz
    Hi,

    Just thought I would touch base and let you know the latest news re this problem. I received a reply from Eset last Wednesday and subsequently emailed an image of the mbr for analysis.

    The ball is in their court now and I am waiting for a reply.

    Rgds

    Chiana
     
  8. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Thanks Chiana for keeping us up to date.

    Cheers :D
     
  9. Chiana

    Chiana Registered Member

    Joined:
    Oct 7, 2003
    Posts:
    90
    Location:
    Oz
    Just a quick msg to let you know I've made progress, but we're not at the end of this story yet.

    Received an email from Mark at Eset early this morning. He mentioned that the MBR utility needed to be run from true DOS and not a DOS emulation window under windows. (I should've realised this...I'll stand in the corner, later...or maybe I could blame the lack of my brain power on the Christmas gremlins)

    Result...I have successfully saved an image of the MBR and will email to Mark at Eset. Hopefully a result is not far away.

    Merry Christmas to All

    Chiana
     
  10. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Hi Chiana, many thanks for keeping us in the loop, as we all learn this way.

    Wish you the very best for Christmas too.

    Cheers :D
     
  11. Chiana

    Chiana Registered Member

    Joined:
    Oct 7, 2003
    Posts:
    90
    Location:
    Oz
    Hi,

    Finally, we have come to the end of the story. After quite a few emails between myself and Mark at Eset, who I have to say, has gone above and beyond the call of duty, it turns out this was a false positive after all. The time delay in reporting back was due to the Christmas holiday period and my failures to successfully save an image of the MBR. But persistence paid off and as a result, I am also happy to report as of NOD v1.1 the unknown TSR boot virus is no longer detected. :D

    I am sure all this will help to make NOD an even better piece of software than it is already. Keep up the great work Eset. And to Mark, you deserve a gold star! :D

    Regards

    Chiana
     
  12. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Thanks for the update, and great to see you had a good result...

    Cheers :D
     
  13. aoqd22

    aoqd22 Registered Member

    Joined:
    Feb 27, 2005
    Posts:
    1
    Hi from the UK

    Not sure this matter has been resolved yet. Was going to do a disc reformat so bought & downloaded a Blancco Cleaner+ licence onto a new floppy disc.

    Did a restart which normally launches the Blancco programme and Nod32 warned me "probably known TSR.Boot Virus".

    Pulled the floppy out and once XP had opened got Nod32 to scan the floppy got the same TSR.Boot Virus response.

    I am running:

    Virus signature database version: 1.1010 (20050227)
    Dated: 27 February 2005
    Virus signature database build: 5305

    Information on other scanner support parts
    Advanced heuristics module version: 1.012 (20050206)
    Advanced heuristics module build: 1077

    Information on installed components
    NOD32 For Windows NT/2000/XP/2003 - Base
    Version: 2.12.3
    NOD32 For Windows NT/2000/XP/2003 - Internet support
    Version: 2.12.3
    NOD32 for Windows NT/2000/XP/2003 - Standard component
    Version: 2.12.3

    Operating system information
    Platform: Windows XP
    Version: 5.1.2600 Service Pack 2
    Version of common control components: 5.82.2900

    Have emailed support here in the UK & Blancco will report in due course.
     
  14. free

    free Registered Member

    Joined:
    Mar 29, 2005
    Posts:
    1
    i have same problem and if i install some other antivirus it dont detect anything ... what can be problem here?
     
  15. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    If NOD32 reports a probable unknown TSR boot virus, always contact Eset's support at support@eset.com for further instructions.
     
Thread Status:
Not open for further replies.