What happens if avast doesn’t find a virus in a file you think is infected? Specifically, I think I have a boot sector virus, which has gone undetected by avast. Any ideas?
hmm…maybe u can try some other online scanners…
http://www.security-ops.tk/
courtesy of rejzor!.. ;D
if the above still can’t convince you…maybe you can also send it to virus@avast.com for verification…
Duhhhhh - maybe I’m just not awake yet, but how do you do that with the boot sector??
CA offers a free utility to get the boot sector. It “Creates boot image files (boot.dmp,mbr.dmp) of the c: drive”.
ftp://ftp.cai.com/pub/InocuLAN/il0172.zip
Which behavior gave you the feeling you were infected?
Do you know the virus name?
Which is your OS? Did you ‘detect’ the virus in the floppy or the HDD boot sector?
for “Technical”
I accidentally left a floppy in the drive, shut down my computer. When it booted, it tried to boot from the floppy. I took it out and booted normally, but from then on…Windows 98 SE no longer recognizes my second hard drive, nor either of my CD drives. I have driver errors listed in the device manager for both primary and secondary IDE controllers, and for my SCSI controller. The file IOS.LOG in the c:\windows directory indicates that some unknown device/driver “hooked” mbrint13.sys, or mbrint13.sys did the hooking…? All I know is that the symptoms point to a boot sector virus as far as I know, and Microsoft says the mbrint13.sys thing points to a virus.
Hi,
if you have a clean, write-protected Win98(SE) disk,
you can boot from it, and then run an AV-Scan with F-Prot-DOS_AV-disks (made on another, clean PC)
See below or www.f-prot.com
for “whocares”
Does F-Prot AV have to be run from a disk? From a clean computer? It shouldn’t really matter, as long as the boot disk is clean, right? If I just load it onto c:\ and run it from there, wouldn’t it work?
I identified the virus. It was parity_boot.b
avast! seems to have missed it, multiple times. Apparently, avast! doesn’t catch any of the five versions of it that exist, parity_boot.a, .b, .c, .d, or .e
Now if I can only get rid of it…
Hi,
avast should catch it; have you maybe disabled bootsektor scanning somehow ?
what is the version number and date of your avast prog and VPS ?
test your avast installation (mainscanner & Res. Shield) with the harmless AV-testfile eicar.com from www.eicar.com
Anyway, as to removal:
http://www.virusbtn.com/resources/vgrep/vgrep.cgi?terms=parity_boot.b&product=7
the red links to trend, mcafee and symantec should be most helpful
as always when dealing with MBR/bootsector infections, better backup important data first
scan/clean all disks, Zips, removal media etc. after cleaning your PC with F-prot, avast and other scanners
Hello. The problem has been solved. I ended up having to backup and format all hard drives. The virus did not “follow” me on the backup CD. Thanks for all the help!
Have you changed the default options for the Stardard Shield protection on the Scanner (basic) tab?
There is one related to boot sector of floppies :-\