Dos.BootInfector what to do?

Monique · Oct 10, 2003

I found this file on my computer, called Dos.BootInfector, call me crazy but that sounds like a virus to me. I have got two updated virus scanners and they both don't recognize it as a virus.

Should I delete it or just leave it sitting in the C:\System Volume Information folder for a while?

dduardo · Oct 10, 2003

hmm, nothing about it turns up on google.

What version of windows do you have. What type of virus scanners are you using and what version? Are you doing a specific virus scan on the boot sector?

If you do have a boot sector virus, they tend to be a little difficult to remove if your antivirus isn't functioning, or has been broken by the virus. Most likety there are multiple copies of the virus on your system, including the boot sector. If your using floppies and putting them on other systems your most likely spreading the virus. To remove, you first want to delete that file your talking about, then all its copies, and finally you want to go into pure dos and type "fdisk /mbr". This will clear the master boot record and be rebuilt by windows. The trouble is in removing the multi copies.

Actually, it would be helpful if you attach the file on this thread so i can analyze it. I'm running linux, so im impervious to windows viruses.

Finally, it might be a good idea to email symantec or mcafee, or some other antivirus company to find out about the virus, if you even have one.

[edit] Here is a link to a software tool that you can use to try elimiate the virus - http://invircible.com/iv_tools.php#Ivinit [Broken]

russ_watters · Oct 12, 2003

How exactly are you accessing that folder? In any case, a quick search of symantec turns up nothing, but you can email it to them and they'll check it out.

Monique · Oct 12, 2003

Do you know how difficult it is to send Symantic an email? :P

They first take you through a 1-hour tour of their website so that
1. you give up before they give you an email address
2. you decide to call them and they earn $29 or so
3. you might actually find the answer yourself
4. you are so persistent that they think you deserve to contact them personally.

Well, no. 4 applied to me and I was privilaged enough to email them, they replied with a document, which thus I could have found myself :P with a nice explanation:

Document ID:2003011615553106
Last Modified:29-07-2003

Symantec Security Check virus scan detects a virus in the _RESTORE or System Volume Information folder but a Norton AntiVirus virus scan does not detect anything

Situation:
You have Norton AntiVirus (NAV) installed with the latest virus definitions. When you scan the computer, NAV does not detect anything. However, when you run a virus scan from the Symantec Security Check Web site, a virus is detected in one of the following folders:
For Windows Me:
C:\_RESTORE
For Windows XP:
System Volume Information

Solution:
One of the new features of Windows Me and Windows XP is System Restore. This feature, which is enabled by default, is used by Windows to restore files on your computer in case they become damaged. Windows Me keeps the restore information in the _RESTORE folder. Windows XP stores this information in the System Volume Information folder. These folders are updated when the computer restarts.

If the computer was previously infected with a virus, then it is possible that the virus was backed up in the _RESTORE or System Volume Information folder. Files in the System Restore folder cannot infect the computer unless the computer is restored to an infected restore date. Because of this, NAV excludes the _RESTORE and System Volume Information folders from scanning by default.

--------------------------------------------------------------------------------
Note: Even though the System Restore folders are excluded, your computer is still protected by Auto-Protect if for some reason the infected files are ever restored. If that should happen, Auto-Protect will automatically detect and repair the infected files.

--------------------------------------------------------------------------------

The Symantec Security Check Web site virus scan does not exclude the System Restore folders. Because of this, the scan will detect any viruses in those folders. If that happens, perform the following steps to ensure that NAV is optimally configured. Then scan again with NAV to make sure that no other files except files in the System Restore folder are infected.
Start NAV.
Run LiveUpdate and download the latest virus definitions.
Follow the steps in the document How to configure Norton AntiVirus to scan all files to make sure that the program is configured to scan all the files.
Run a full system scan.

If NAV does not detect anything, then you have the following options:
Leave the computer as it is. The infected file or files will not infect the computer unless you restore the system to the date that includes the infected file or files. Even if you do restore the computer to the date that includes the infected file or files, then NAV Auto-Protect will detect and repair them during the restore process.
Follow the steps in the document Cannot repair, quarantine, or delete a virus found in the _RESTORE or System volume information folder to disable System Restore, and restart the computer. This will purge the contents of the _RESTORE or System Volume Information folder.

--------------------------------------------------------------------------------
Note: All Restore points will be lost when you disable System Restore.

--------------------------------------------------------------------------------

Sourire · Oct 19, 2003

Originally posted by Monique
Do you know how difficult it is to send Symantic an email? :P

They first take you through a 1-hour tour of their website so that
1. you give up before they give you an email address
2. you decide to call them and they earn $29 or so
3. you might actually find the answer yourself
4. you are so persistent that they think you deserve to contact them personally.

Well, no. 4 applied to me and I was privilaged enough to email them, they replied with a document, which thus I could have found myself :P with a nice explanation:

Monique,

You can go to www.sarc.com which is Symantec's virus removal site. You can find out any information about any viurs and/or find out how to submit to SARC.

Depending on what version of theprogram you can submit right thru the quarantine portion of the program.

outlook · Nov 8, 2005

re:

The repair outlook and data email recovery has prompted you a path of the Outlook Express files' storage. And now save the damaged dbx files in the safe folder, they can be useful.

-Job- · Nov 8, 2005

I don't like Symantec and i'm willing to get into an argument on that. I use Panda Antivirus. They have an http://www.pandasoftware/activescan" [Broken], which also collects suspicious files and gives you the option of sending them over to their labs for inspection. Last time i did this they replied very fast in the negative, which i thought was nice.

Log in or Sign up

Dos.BootInfector what to do?

Monique

dduardo

russ_watters

Staff: Mentor

Monique

Sourire

outlook

-Job-