False Alarm Deleted My Notepad.exe!!!

I’m using Windows XP system.

As soon as I updated to June-7 database, I received several alarms which never happened before. Infected files are:

1.Uninstall.exe of a progam.
2.Notepad.exe in C:\windows

After several repairing attempts failed (both in windows and in boot time scan, in boot time scan when trying to repair, I got the 42060 error), I had to delete them.

Then I scanned notepad.ex_ (32K, dated 2001-9-5 20:00) in windows setup directory, and I got the same alarm – Win32: Trojan-Gen (other). The boot time scan didn’t report this, neither does the free virus cleaner. So it definately is a false alarm.

Now my question is, how to restore notepad.exe from notepad.ex_ without re-installing the system?

Yep, I also got several false alarms this morning and it got so annoying I had to uninstall Avast and use a free scanner. Any word on when this will be fixed, as I really like Avast.

Thanks
Simon

It will be fixed later today. But hey, NOTEPAD.EXE? I doubt it was standard part of Windows! We have tested the latest generic detection for several weeks on all Windows systems and > 150 GB database of shareware programs. There is no way it could cause a false alarm on any standard Windows program! I think this Notepad.exe was really trojanized!

Pavel

Sunnyyen,
just Google a little bit and you’ll find million of web pages that contains materials about trojans and worms that attacks NOTEPAD.exe…

e.g. http://www.iss.net/security_center/advice/Intrusions/2001531/default.htm

Cheers !

Unlikely this was a false alarm. Many malicious code is known to replace Notepad.

Well i scanned NOTEPAD.exe with maximal settings(Explorer Extension) and it’s not detected. I have the same latest VPS so its most probably a real threat in your case.

False aram ??? :o :-\ i didn’t know about false alarms i scared about that :frowning:

It maybe that my notepad.exe WAS really infected, but how come notepad.ex_ in the setup directory (32K, 5-9-2001 20:00) also get an alarm?

Yesterday, after I posted the question, I extracted notepad.exe (65K, 8-6-2004) from notepad.ex_ (32K, 5-9-2001). I got loads of alarms for both files by doing this, and cannot use the extracted notepad.exe.

Just now, after the virus database updated, I scanned both files again, and no detection! And I can use the extracted notepad.exe again.