What is Dos.BootInfector and how should I handle it?

  • Thread starter Monique
  • Start date
In summary, the conversation is about the discovery of a suspicious file on a computer, possible strategies for removing potential viruses, and the difficulty in contacting Symantec for assistance. The file is found in the C:\System Volume Information folder and is not detected by two updated virus scanners. The conversation also mentions the potential for a boot sector virus and the steps to remove it. It is suggested to email Symantec for further help and to possibly use a software tool to eliminate the virus. The conversation ends with a discussion about the difficulty in contacting Symantec for assistance and a suggestion to visit their website for information on virus removal.
  • #1
Monique
Staff Emeritus
Science Advisor
Gold Member
4,219
68
I found this file on my computer, called Dos.BootInfector, call me crazy but that sounds like a virus to me. I have got two updated virus scanners and they both don't recognize it as a virus.

Should I delete it or just leave it sitting in the C:\System Volume Information folder for a while?
 
Computer science news on Phys.org
  • #2
hmm, nothing about it turns up on google.

What version of windows do you have. What type of virus scanners are you using and what version? Are you doing a specific virus scan on the boot sector?

If you do have a boot sector virus, they tend to be a little difficult to remove if your antivirus isn't functioning, or has been broken by the virus. Most likety there are multiple copies of the virus on your system, including the boot sector. If your using floppies and putting them on other systems your most likely spreading the virus. To remove, you first want to delete that file your talking about, then all its copies, and finally you want to go into pure dos and type "fdisk /mbr". This will clear the master boot record and be rebuilt by windows. The trouble is in removing the multi copies.

Actually, it would be helpful if you attach the file on this thread so i can analyze it. I'm running linux, so I am impervious to windows viruses.

Finally, it might be a good idea to email symantec or mcafee, or some other antivirus company to find out about the virus, if you even have one.

[edit] Here is a link to a software tool that you can use to try elimiate the virus - http://invircible.com/iv_tools.php#Ivinit
 
Last edited by a moderator:
  • #3
How exactly are you accessing that folder? In any case, a quick search of symantec turns up nothing, but you can email it to them and they'll check it out.
 
  • #4
Do you know how difficult it is to send Symantic an email? :P

They first take you through a 1-hour tour of their website so that
1. you give up before they give you an email address
2. you decide to call them and they earn $29 or so
3. you might actually find the answer yourself
4. you are so persistent that they think you deserve to contact them personally.

Well, no. 4 applied to me and I was privilaged enough to email them, they replied with a document, which thus I could have found myself :P with a nice explanation:

Document ID:2003011615553106
Last Modified:29-07-2003


Symantec Security Check virus scan detects a virus in the _RESTORE or System Volume Information folder but a Norton AntiVirus virus scan does not detect anything

Situation:
You have Norton AntiVirus (NAV) installed with the latest virus definitions. When you scan the computer, NAV does not detect anything. However, when you run a virus scan from the Symantec Security Check Web site, a virus is detected in one of the following folders:
For Windows Me:
C:\_RESTORE
For Windows XP:
System Volume Information

Solution:
One of the new features of Windows Me and Windows XP is System Restore. This feature, which is enabled by default, is used by Windows to restore files on your computer in case they become damaged. Windows Me keeps the restore information in the _RESTORE folder. Windows XP stores this information in the System Volume Information folder. These folders are updated when the computer restarts.

If the computer was previously infected with a virus, then it is possible that the virus was backed up in the _RESTORE or System Volume Information folder. Files in the System Restore folder cannot infect the computer unless the computer is restored to an infected restore date. Because of this, NAV excludes the _RESTORE and System Volume Information folders from scanning by default.




--------------------------------------------------------------------------------
Note: Even though the System Restore folders are excluded, your computer is still protected by Auto-Protect if for some reason the infected files are ever restored. If that should happen, Auto-Protect will automatically detect and repair the infected files.

--------------------------------------------------------------------------------

The Symantec Security Check Web site virus scan does not exclude the System Restore folders. Because of this, the scan will detect any viruses in those folders. If that happens, perform the following steps to ensure that NAV is optimally configured. Then scan again with NAV to make sure that no other files except files in the System Restore folder are infected.
Start NAV.
Run LiveUpdate and download the latest virus definitions.
Follow the steps in the document How to configure Norton AntiVirus to scan all files to make sure that the program is configured to scan all the files.
Run a full system scan.

If NAV does not detect anything, then you have the following options:
Leave the computer as it is. The infected file or files will not infect the computer unless you restore the system to the date that includes the infected file or files. Even if you do restore the computer to the date that includes the infected file or files, then NAV Auto-Protect will detect and repair them during the restore process.
Follow the steps in the document Cannot repair, quarantine, or delete a virus found in the _RESTORE or System volume information folder to disable System Restore, and restart the computer. This will purge the contents of the _RESTORE or System Volume Information folder.


--------------------------------------------------------------------------------
Note: All Restore points will be lost when you disable System Restore.

--------------------------------------------------------------------------------
 
  • #5
Originally posted by Monique
Do you know how difficult it is to send Symantic an email? :P

They first take you through a 1-hour tour of their website so that
1. you give up before they give you an email address
2. you decide to call them and they earn $29 or so
3. you might actually find the answer yourself
4. you are so persistent that they think you deserve to contact them personally.

Well, no. 4 applied to me and I was privilaged enough to email them, they replied with a document, which thus I could have found myself :P with a nice explanation:

Monique,

You can go to www.sarc.com which is Symantec's virus removal site. You can find out any information about any viurs and/or find out how to submit to SARC.

Depending on what version of theprogram you can submit right thru the quarantine portion of the program.
 
  • #6


The repair outlook and data email recovery has prompted you a path of the Outlook Express files' storage. And now save the damaged dbx files in the safe folder, they can be useful.
 
  • #7
I don't like Symantec and I'm willing to get into an argument on that. :smile: I use Panda Antivirus. They have an http://www.pandasoftware/activescan" , which also collects suspicious files and gives you the option of sending them over to their labs for inspection. Last time i did this they replied very fast in the negative, which i thought was nice.
 
Last edited by a moderator:

FAQ: What is Dos.BootInfector and how should I handle it?

What is Dos.BootInfector?

Dos.BootInfector is a type of computer virus that infects the boot sector of a computer's hard drive. It can cause damage to the computer's operating system and data.

How does Dos.BootInfector spread?

Dos.BootInfector can spread through infected files, removable media, and network shares. It can also be spread through email attachments or malicious websites.

How can I prevent Dos.BootInfector?

To prevent Dos.BootInfector, it is important to have a reliable and updated antivirus software installed on your computer. Avoid downloading files from unknown sources and be cautious when opening email attachments or clicking on links.

What should I do if my computer is infected with Dos.BootInfector?

If you suspect that your computer is infected with Dos.BootInfector, it is important to immediately disconnect it from the internet and other devices. Then, run a full system scan with your antivirus software to remove the virus.

Can Dos.BootInfector be removed completely?

Yes, Dos.BootInfector can be removed completely by using a reliable antivirus software. It is important to regularly scan your computer for viruses and keep your antivirus software updated to prevent future infections.

Similar threads

Copy a file that is being used by another process
Replies
12
Views
8K
Dashcam is leaving file artifacts on SD card
2
Replies
35
Views
4K
Can I safely delete /run/timeshift/backup in Ubuntu 20.04?
Replies
24
Views
8K
How Can I Remove the Dos.Bootinfector Virus from My PC?
Replies
2
Views
3K
Should I delete all PPAs to fix failed updates on Ubuntu 18.04?
Replies
2
Views
1K
I have virus in my computer just can't delete it
Replies
7
Views
5K
Win 10 bug: "explorer" folder window spontaneously dies
Replies
13
Views
2K
Why Does Windows 8.1 Flicker After Updates?
Replies
5
Views
3K
Did Amazon stop trying, once they chose E Ink?
Replies
1
Views
230
How can I remove a stubborn virus from my computer?
Replies
15
Views
5K

Hot Threads

Recent Insights

Back
Top