gullit

Question about a couple things that came up in a scan

Recommended Posts

Hi guys,

I just have a couple quick questions that came up during my A2 free scan. In the past I've had issues with false detections and I just want to be careful. These are the two:

1. C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08800000.VBN detected: Trojan-Downloader.Win32.PassAlert!IK

2. E:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP962\A0067066.inf detected: Trojan.Autorun!IK

E:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP962\A0067070.inf detected: Trojan.Autorun!IK

E:\autorun.inf detected: Trojan.Autorun!IK

For the first one, did it pick up something that was in quarantine by Symantec? If it was quarantined should I leave it alone or should I go ahead and quarantine or delete it anyways?

For the 2nd one, that is from my external hard drive and I have 3 detections. I'm scared to do anything with the autorun file b/c I fear that it won't operate or open correctly after wards. I had a similar issue with a hard drive in the past and I quarantined it and it didn't operate correctly. Please let me know if I should leave all 3 alone, or if I should quarantine or delete any of the 3.

Thank you for the help

Share this post


Link to post
Share on other sites

Create a password protected Zip of the autorun.inf and attach the newly created archive. PM me the password for the zip archive.

Anything in Symantec Quarantine is inactive as well as anything in System Restore.

Share this post


Link to post
Share on other sites

Hi gullit, and welcome to the forum,

First please do what ShadowPuterDude asked you to do

Create a password protected Zip of the autorun.inf and attach the newly created archive. PM me the password for the zip archive.

Anything in Symantec Quarantine is inactive as well as anything in System Restore.

=======

I will just post what I prepared before I found the reply

1) flaggings in Synamtec's quarantine.

If you want to keep quarantined - you may want to find out what is flagged by Symintec by sending (submitting) the file to their developers. The procedure is pretty much standard for all vendors.

As for flagging buy a-squared you most likely should not be concerned because in idea the file should be locked by Symantec. I am not sure whether you will be able to quarantine or delete with a-squared in this case (probably not)

So if you don't want to see the detection by a-squared – whitelist it until you figure out what to do with the file (delete by Symantec or restore if they confirm False Positive)

2) If the items are in system restore – they are inactive.

Antivirus programs cannot remove files from that area.

The only way is to switch System Restore Off; Reboot and turn it back “On”

Please ask if you have questions about procedure but before that provide info about your system as in Forum Posting Rules #2)

3) Specifically about System Restore if that is on your USB.

System Restore has to be disabled on External media. It is just a mistake made by MS that they are setting that on external drives and maintaining, since the information there is irrelevant as soon as you connect to the “alien computer” you can not use that restore point on another (your ) computer. I will find the link that I posted somewhere in the forum about the issue and post it here later

{added} I found it. Home page

Bad practice to let System Restore monitor an external drive

4) Regarding Autoruns, since you mentioned that.

note: *** Please wait for the reply from ShadowPuterDude first re: the <>.inf sent

Since the items are in the Restore Point as it was written above – they are inactive , so you should not be scared...

but re: Autoruns as a whole issue – that feature must be disabled completely through the system ; USB devices included.

Please read Disabling Autoruns and follow

My regards

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.