Jump to content

Can be remove Boot sector virus automatic ?


Go to solution Solved by Nightowl,

Recommended Posts

Posted

Hi ESET Support team,

We found Boot sector virus that ESET status shows action was unable to clean.

Why ESET Antivirus can't the system be cleaned?

So, Are we other options to clean and setup automatically clean or remove it?

image.png

  • Most Valued Members
Posted (edited)
21 minutes ago, Nattaphon Phattanathong said:

Hi ESET Support team,

We found Boot sector virus that ESET status shows action was unable to clean.

Why ESET Antivirus can't the system be cleaned?

So, Are we other options to clean and setup automatically clean or remove it?

 

image.png

Hello,

Check here for instructions how to repair the MBR because as far as I know AVs cannot do it / dis-infect the MBR.

https://neosmart.net/wiki/fix-mbr/

And here is from ESET Hungaria https://www.eset.hu/tamogatas/viruslabor/virusleirasok/abcd

They explain about the threat you have in your detection log.

It's pretty old virus , but how did you revive that up? did you plug an old hard disk?

Edited by Nightowl
Posted

I translated what the Eset Hungarian web site states about this ABCD virus;

Quote

 

Methods of infection

A virus entered into memory becomes infected when a suitable target comes into its field of vision. Depending on the managed interrupt and the code of the virus program, we can distinguish between viruses that infect when program files are run, others when files are opened or closed, copied, read or written, or even when the table of contents is retrieved, and it is not uncommon to encounter combinations of these.

A memory-resident MS-DOS/Abcd virus infects any program file it tries to access in any way.

Memory

The majority of viruses enter the memory in a resident manner, but there are some that are directly infectious (parasitic) and return control to the host program after running their program code and leave the memory.

The MS-DOS/Abcd virus is memory resident.

Others

Programmers of malicious programs can place messages and images in the completed code, which are usually encrypted in some form. In the program code of viruses, worms, and other malware, we often find characteristic texts in which we can respect either the signature of the creator of the virus, or the typical parts of the text used for the operation of the virus (file and directory names, etc.). These texts are not always directly recognizable, they mostly only become visible and readable by decoding the coded virus program.

Text(s) included in the program code of the MS-DOS/Abcd virus, but never displayed:

    ABCDh

 

Are you running Win 7?

I thought DOS based malware wasn't possible on Win 10/11.

 
 
Posted (edited)
1 hour ago, itman said:

I thought DOS based malware wasn't possible on Win 10/11.

Confirmed;

Quote

Not without additional efforts by the user. 16-bit instructions are not executed natively by 64-bit Windows 10, and require a compatibility feature named ntdvm be enabled. It is disabled by default, and DOS/Windows 16-bit programs do not run.

Additionally, a lot of your DOS malware requested direct access to 😄 drive. That request is will denied on modern Windows unless you are running with elevated privileges.

So 1. It’s not going to run out of the box and 2. probably won’t get to do any damage before being terminated by the OS.

 

https://www.quora.com/Can-old-MS-DOS-viruses-infect-computers-with-the-latest-Windows-operating-systems

However, if the OP did this;

Quote

require a compatibility feature named ntdvm be enabled.

MS-DOS malware is possible.

 

Edited by itman
  • 3 weeks later...
Posted
On 7/24/2023 at 8:29 PM, itman said:

I translated what the Eset Hungarian web site states about this ABCD virus;

Are you running Win 7?

I thought DOS based malware wasn't possible on Win 10/11.

 
 

Yes, It is infected from the machine in the production pattern which is the old windows version such as Win XP and Win 7.
How every, You can help how to block or clean it ?
Thank you.

  • Most Valued Members
  • Solution
Posted
2 hours ago, Nattaphon Phattanathong said:

It is infected from the machine in the production pattern which is the old windows version.

Here bro , you have to repair the Master Boot Record for the devices.

Check instructions for which Windows is running.

https://neosmart.net/wiki/fix-mbr/

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...