same here
Actually I will pay a yearly subscription if there is any AV which detected it just by heuristics. Back in 1990 we had a-tool on Amiga which could detect such out of nowhere boot block overwrites. If they can't detect such attacks, why do they waste CPU?