Suspicious Master Boot Record...really?

B

boxgrover

I have had our Dell 4700 desktop Win XP home edition (SP2) for less
than a week and each time the AV program _Freedom_ does its scheduled
scan it comes back with the cryptic message:

Scanned 1 Master Boot Record(s) for viruses.

Scanned 2 Boot Sector(s) for viruses.

The Anti-Virus found 1 suspicious Master Boot Record(s)/Boot Sector(s).

Report Summary

Files scanned: 39995
Total infected files: 0
Total disinfected files: 0
Total deleted files: 0
Total files unable to scan: 0

I have run "error checking" and "defrag" with no effect (ie still the
same message after each scheduled scan)


I know the next step would be to have an 'independent' AV program do a
scan. In that regard is it good enough to turn off the current AV
program and do free on line scan of the C drive...say here at Trend
Micro: http://housecall60.trendmicro.com/en/start_corp.asp?

Does such a free scan scan the Master Boot Record?
 
D

David H. Lipman

From: "boxgrover" <[email protected]>

| I have had our Dell 4700 desktop Win XP home edition (SP2) for less
| than a week and each time the AV program _Freedom_ does its scheduled
| scan it comes back with the cryptic message:
|
| Scanned 1 Master Boot Record(s) for viruses.
|
| Scanned 2 Boot Sector(s) for viruses.
|
| The Anti-Virus found 1 suspicious Master Boot Record(s)/Boot Sector(s).
|
| Report Summary
|
| Files scanned: 39995
| Total infected files: 0
| Total disinfected files: 0
| Total deleted files: 0
| Total files unable to scan: 0
|
| I have run "error checking" and "defrag" with no effect (ie still the
| same message after each scheduled scan)
|
| I know the next step would be to have an 'independent' AV program do a
| scan. In that regard is it good enough to turn off the current AV
| program and do free on line scan of the C drive...say here at Trend
| Micro: http://housecall60.trendmicro.com/en/start_corp.asp?
|
| Does such a free scan scan the Master Boot Record?

Use the following IVINIT tool to check the Master Boot Record.

http://www.invircible.com/iv_tools.php#Ivinit

I don't think that you will find a virus related problem but if there is one, IVINIT will
detect it and fix it.
 
B

boxgrover

Thanks for the reply Dave. This Dell has some kind of "Restore
Partition" that the machine ships with. Is it possible the AV program
is 'bothered' by this?

And now that I think of it wont IVINIT run into problems also because
of the presence of this partition?

Again thanks for your advice.
 
D

David H. Lipman

From: "boxgrover" <[email protected]>

| Thanks for the reply Dave. This Dell has some kind of "Restore
| Partition" that the machine ships with. Is it possible the AV program
| is 'bothered' by this?
|
| And now that I think of it wont IVINIT run into problems also because
| of the presence of this partition?
|
| Again thanks for your advice.

No. It will know what is viral and not viral or if there is something wrong.

If IVINIT finds nothing then ignore the message generated Freedom AV.
 
Z

Zvi Netiv

boxgrover said:
I have had our Dell 4700 desktop Win XP home edition (SP2) for less
than a week and each time the AV program _Freedom_ does its scheduled
scan it comes back with the cryptic message:
Click to expand...

If Freedom AV has an option to disable the boot sectors scanning, then disable
it! There is no point checking the MBR and boot sector on NT based machines
(NT, W2K, XP and W2003) as boot infectors can't "live" on them, nor reside in
their boot sectors. Either the OS will hang on startup, and if can load, then
no "boot virus" can be active.

AV boot sector verification is an archaic remain of early AV products, that AV
producers do not dare removing for the same reason that they do not dump the
100,000 unused signatures of collection viruses that no one ever saw in the
wild, nor will see.
Scanned 1 Master Boot Record(s) for viruses.

Scanned 2 Boot Sector(s) for viruses.

The Anti-Virus found 1 suspicious Master Boot Record(s)/Boot Sector(s).

Report Summary

Files scanned: 39995
Total infected files: 0
Total disinfected files: 0
Total deleted files: 0
Total files unable to scan: 0

I have run "error checking" and "defrag" with no effect (ie still the
same message after each scheduled scan)
Click to expand...

As effective as aspirin for contraceptive. ;)
I know the next step would be to have an 'independent' AV program do a
scan. In that regard is it good enough to turn off the current AV
program and do free on line scan of the C drive...say here at Trend
Micro: http://housecall60.trendmicro.com/en/start_corp.asp?
Click to expand...

You are on a wild goose chase.
Does such a free scan scan the Master Boot Record?
Click to expand...

Some do, most don't.

Regards, Zvi
 
Z

Zvi Netiv

boxgrover said:
Thanks for the reply Dave. This Dell has some kind of "Restore
Partition" that the machine ships with. Is it possible the AV program
is 'bothered' by this?
Click to expand...

It's possible, but if you know that, then why letting the AV look for trouble
where there can't be any?
And now that I think of it wont IVINIT run into problems also because
of the presence of this partition?
Click to expand...

Maybe, and maybe not. Read my other post in this thread and disable the boot
sector(s) verification in your AV. It's plain nonsense to conduct that test on
an NT based PC.

Regards, Zvi
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

svchost and regserv 1
Norton AV finds then denies existence of viruses 5
How best to deal w/ master boot record virus 6
results from test 1
Virus removal help requested -- Trojan.Bat.Noshare.K 1
Mystery 12
KRiLE and Zvi Netiv... for old times sake 8
Rootkit infection (Popureb) requires Windows reinstall, says Microsoft 1

Top