Author Topic: undetected virus  (Read 7537 times)

0 Members and 1 Guest are viewing this topic.

bencon2

  • Guest
undetected virus
« on: March 18, 2004, 07:02:59 AM »
What happens if avast doesn't find a virus in a file you think is infected? Specifically, I think I have a boot sector virus, which has gone undetected by avast. Any ideas?

shgoh

  • Guest
Re:undetected virus
« Reply #1 on: March 18, 2004, 07:21:36 AM »
hmm....maybe u can try some other online scanners...
http://www.security-ops.tk/

courtesy of rejzor!... ;D

if the above still can't convince you...maybe you can also send it to virus@avast.com for verification..

Offline MikeBCda

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2247
Re:undetected virus
« Reply #2 on: March 18, 2004, 07:18:59 PM »
if the above still can't convince you...maybe you can also send it to virus@avast.com for verification..

Duhhhhh - maybe I'm just not awake yet, but how do you do that with the boot sector??
Intel Atom D2700, 2 gig RAM, Win 7 x64 SP1 & IE-11, Firefox 51.0
(default). 320 gig HD, 15Mb DSL, Win firewall, Avast 12.3.2280 free, SpywareBlaster, MBAM Prem., Crypto-Prevent

Offline MWassef

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1315
Re:undetected virus
« Reply #3 on: March 18, 2004, 08:06:29 PM »
CA offers a free utility to get the boot sector. It "Creates boot image files (boot.dmp,mbr.dmp) of the c: drive".
ftp://ftp.cai.com/pub/InocuLAN/il0172.zip
« Last Edit: March 18, 2004, 08:07:22 PM by minacross »
MW

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67185
Re:undetected virus
« Reply #4 on: March 19, 2004, 04:30:32 AM »
What happens if avast doesn't find a virus in a file you think is infected? Specifically, I think I have a boot sector virus, which has gone undetected by avast. Any ideas?

Which behavior gave you the feeling you were infected?
Do you know the virus name?
Which is your OS? Did you 'detect' the virus in the floppy or the HDD boot sector?
The best things in life are free.

bencon2

  • Guest
Re:undetected virus
« Reply #5 on: March 19, 2004, 08:32:26 AM »
for "Technical"

I accidentally left a floppy in the drive, shut down my computer. When it booted, it tried to boot from the floppy. I took it out and booted normally, but from then on...Windows 98 SE no longer recognizes my second hard drive, nor either of my CD drives. I have driver errors listed in the device manager for both primary and secondary IDE controllers, and for my SCSI controller. The file IOS.LOG in the c:\windows directory indicates that some unknown device/driver "hooked" mbrint13.sys, or mbrint13.sys did the hooking...? All I know is that the symptoms point to a boot sector virus as far as I know, and Microsoft says the mbrint13.sys thing points to a virus.

whocares

  • Guest
Re:undetected virus
« Reply #6 on: March 19, 2004, 09:08:18 AM »
Hi,

if you have a clean, write-protected Win98(SE) disk,
you can boot from it, and then run an AV-Scan with F-Prot-DOS_AV-disks (made on another, clean PC)

See below or www.f-prot.com

 ;)

bencon2

  • Guest
Re:undetected virus
« Reply #7 on: March 20, 2004, 05:20:03 AM »
for "whocares"

Does F-Prot AV have to be run from a disk? From a clean computer? It shouldn't really matter, as long as the boot disk is clean, right? If I just load it onto c:\ and run it from there, wouldn't it work?

bencon2

  • Guest
Re:undetected virus
« Reply #8 on: March 21, 2004, 09:43:15 AM »
I identified the virus. It was parity_boot.b
avast! seems to have missed it, multiple times. Apparently, avast! doesn't catch any of the five versions of it that exist, parity_boot.a, .b, .c, .d, or .e
Now if I can only get rid of it...

whocares

  • Guest
Re:undetected virus
« Reply #9 on: March 21, 2004, 06:43:15 PM »
It was parity_boot.b
avast! seems to have missed it, multiple times. Apparently, avast! doesn't catch any of the five versions of it that exist, parity_boot.a, .b, .c, .d, or .e

Hi,
avast should catch it; have you maybe disabled bootsektor scanning somehow ?
what is the version number and date of your avast prog and VPS ?
test your avast installation (mainscanner & Res. Shield) with the harmless AV-testfile  eicar.com from www.eicar.com

Anyway, as to removal:
http://www.virusbtn.com/resources/vgrep/vgrep.cgi?terms=parity_boot.b&product=7

the red links to trend, mcafee and symantec should be most helpful

as always when dealing with MBR/bootsector infections, better backup important data first

scan/clean all disks, Zips, removal media etc. after cleaning your PC with F-prot, avast and other scanners


 ;)

bencon2

  • Guest
Re:undetected virus
« Reply #10 on: April 17, 2004, 08:49:52 PM »
Hello. The problem has been solved. I ended up having to backup and format all hard drives. The virus did not "follow" me on the backup CD. Thanks for all the help!

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67185
Re:undetected virus
« Reply #11 on: April 19, 2004, 05:03:39 AM »
Have you maybe disabled bootsektor scanning somehow?

Have you changed the default options for the Stardard Shield protection on the Scanner (basic) tab?
There is one related to boot sector of floppies  :-\
The best things in life are free.