Using Avast Free edition on XP. The PC is a Hewlett Packard Pavilion.
Avast has just flagged up
hpt3xxNT.sys
In:
D:\i386\SYSTEM32\drivers
and
D:\MiniNT\system32\drivers
A few days ago also flagged up:
TCPIP.SYS
in
D:\MiniNT\system32\drivers
All three designated as Win32:Malware-gen. They are all in the restore partition. Have searched around and on the forum. There seem to be some cases of wrongful identification on TCPIP.SYS earlier this month but still not sure and finding nothing on the other file. Concerned the restore facility wouldn’t work if needed, or other effects.
Hope someone can help, or point me in the right direction for information.
Ensure that you have the latest virus definitions as I believe the modified tcpip.sys detections were corrected.
The hpt3xxNT.sys you should check at: VirusTotal - Multi engine on-line virus scanner and report the findings here, post the URL in the Address bar of the VT results page. You can’t do this with the file securely in the chest, you need to Open the chest and right click on the file and select ‘Extract’ it to a temporary (not original) location first, see below. If you didn’t send them to the chest, copy it from the original location into the suspect folder you created.
Create a folder called Suspect in the [b]C:[/b] drive. Now exclude that folder in the File System Shield, Expert Settings, Exclusions, Add, type (or copy and paste) C:\Suspect*
That will stop the File System Shield scanning any file you put in that folder.
Interesting that one doesn’t even come up re Avast now. Guess this means the file can be restored but your view welcome. hpt3xxNT.sys is still coming up on Avast and one other, what do you feel is best?
In the meantime (if you accept the limited risk given the VT results), add the full path to the file to the exclusions lists (see Note below): File System Shield, Expert Settings, Exclusions, Add and avast Settings, Exclusions
If required, restore it to its original location, periodically check it (scan it in the chest), there should still be a copy in the chest even though you restored it to the original location. When it is no longer detected then you can also remove it from the File System Shield and avast Settings, exclusions lists.
Note: When using the Browse button it only goes down to folder level accept that. Now open the entry in the exclusions and change the * to \file_name.exe where file_name.exe is the file you want to exclude.