Nattaphon Phattanathong 0 Posted July 24, 2023 Share Posted July 24, 2023 Hi ESET Support team, We found Boot sector virus that ESET status shows action was unable to clean. Why ESET Antivirus can't the system be cleaned? So, Are we other options to clean and setup automatically clean or remove it? Link to comment Share on other sites More sharing options...
Most Valued Members Nightowl 205 Posted July 24, 2023 Most Valued Members Share Posted July 24, 2023 (edited) 21 minutes ago, Nattaphon Phattanathong said: Hi ESET Support team, We found Boot sector virus that ESET status shows action was unable to clean. Why ESET Antivirus can't the system be cleaned? So, Are we other options to clean and setup automatically clean or remove it? Hello, Check here for instructions how to repair the MBR because as far as I know AVs cannot do it / dis-infect the MBR. https://neosmart.net/wiki/fix-mbr/ And here is from ESET Hungaria https://www.eset.hu/tamogatas/viruslabor/virusleirasok/abcd They explain about the threat you have in your detection log. It's pretty old virus , but how did you revive that up? did you plug an old hard disk? Edited July 24, 2023 by Nightowl Link to comment Share on other sites More sharing options...
itman 1,668 Posted July 24, 2023 Share Posted July 24, 2023 I translated what the Eset Hungarian web site states about this ABCD virus; Quote Methods of infection A virus entered into memory becomes infected when a suitable target comes into its field of vision. Depending on the managed interrupt and the code of the virus program, we can distinguish between viruses that infect when program files are run, others when files are opened or closed, copied, read or written, or even when the table of contents is retrieved, and it is not uncommon to encounter combinations of these. A memory-resident MS-DOS/Abcd virus infects any program file it tries to access in any way. Memory The majority of viruses enter the memory in a resident manner, but there are some that are directly infectious (parasitic) and return control to the host program after running their program code and leave the memory. The MS-DOS/Abcd virus is memory resident. Others Programmers of malicious programs can place messages and images in the completed code, which are usually encrypted in some form. In the program code of viruses, worms, and other malware, we often find characteristic texts in which we can respect either the signature of the creator of the virus, or the typical parts of the text used for the operation of the virus (file and directory names, etc.). These texts are not always directly recognizable, they mostly only become visible and readable by decoding the coded virus program. Text(s) included in the program code of the MS-DOS/Abcd virus, but never displayed: ABCDh Are you running Win 7? I thought DOS based malware wasn't possible on Win 10/11. Link to comment Share on other sites More sharing options...
itman 1,668 Posted July 24, 2023 Share Posted July 24, 2023 (edited) 1 hour ago, itman said: I thought DOS based malware wasn't possible on Win 10/11. Confirmed; Quote Not without additional efforts by the user. 16-bit instructions are not executed natively by 64-bit Windows 10, and require a compatibility feature named ntdvm be enabled. It is disabled by default, and DOS/Windows 16-bit programs do not run. Additionally, a lot of your DOS malware requested direct access to 😄 drive. That request is will denied on modern Windows unless you are running with elevated privileges. So 1. It’s not going to run out of the box and 2. probably won’t get to do any damage before being terminated by the OS. https://www.quora.com/Can-old-MS-DOS-viruses-infect-computers-with-the-latest-Windows-operating-systems However, if the OP did this; Quote require a compatibility feature named ntdvm be enabled. MS-DOS malware is possible. Edited July 24, 2023 by itman Link to comment Share on other sites More sharing options...
Nattaphon Phattanathong 0 Posted August 10, 2023 Author Share Posted August 10, 2023 It is infected from the machine in the production pattern which is the old windows version. Link to comment Share on other sites More sharing options...
Nattaphon Phattanathong 0 Posted August 10, 2023 Author Share Posted August 10, 2023 On 7/24/2023 at 8:29 PM, itman said: I translated what the Eset Hungarian web site states about this ABCD virus; Are you running Win 7? I thought DOS based malware wasn't possible on Win 10/11. Yes, It is infected from the machine in the production pattern which is the old windows version such as Win XP and Win 7. How every, You can help how to block or clean it ? Thank you. Link to comment Share on other sites More sharing options...
Most Valued Members Solution Nightowl 205 Posted August 10, 2023 Most Valued Members Solution Share Posted August 10, 2023 2 hours ago, Nattaphon Phattanathong said: It is infected from the machine in the production pattern which is the old windows version. Here bro , you have to repair the Master Boot Record for the devices. Check instructions for which Windows is running. https://neosmart.net/wiki/fix-mbr/ Link to comment Share on other sites More sharing options...
Nattaphon Phattanathong 0 Posted August 10, 2023 Author Share Posted August 10, 2023 Thanks so much will try action later. 😉 Link to comment Share on other sites More sharing options...
Recommended Posts