I have a HP Pavilion around two weeks old have been running avast, zone alarm, ad aware SE and MS antispyware since day one. Today avast picked up two Infected files on my D drive, mind you this is the HP recovery drive. So I moved them to the virus chest as suggested, so then I thought I would scan the recovery dvd’s that I had to make when I first setup the computer and was never connected to the internet. The scan found the same two files. Question are these really Trojan’s? If so did HP ship the system with these on them? or can I ignore this and move those files back from the virus chest to the D drive.
Thanks for your replies
The files that it found are
Original file name - A0009821.exe
Org Folder - D:\System Volume Information_restore(106CF321-99A3-4E3A-9103-1BD027606A99}RP60
Size of file - 115389455
Last modification - 7/22/05
Virus description - Win32:Trojan-gen (other)
Original file namae - fatemediaupgrade-silent.exe
Org Folder - d:\I386\App01701\src\install\Worldwide-MediaCenter\other
Size of file - 115389455
Last modification - 7/22/05
Virus description - Win32:Trojan-gen (other)
D:\I386\Apps\APP01701\src\install\Worldwide-MediaCenter\other\fatemediaupgrade-silent.exe [L] Win32:Trojan-gen. {Other} (0)
File was successfully moved to chest…
D:\System Volume Information_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP60\A0009821.exe [L] Win32:Trojan-gen. {Other} (0)
File was successfully moved to chest…
Infected files: 2
They might not be anything do you have any Fate Media stuff that you know of? However, a google search for this file name returns no info, so that to me is strange.
Since they are in the System Volume Information folder a part of system restore something was previously deleted from the D: drive that has for some reason been saved in a System Volume Information_restore point.
The easiest way to sort this is by disabling system restore, reboot and all restore points will be cleared, if you system then shows clear enable system restore again.
I’m not sure if files in the System Volume Information_restore can be checked by a multi engine scanner but it may be worth a try, to confirm one way or another.
Check the offending/suspect file at: Jotti - Multi engine on-line virus scanner if any other scanners here detect them it is less likely to be a false positive. You can’t do this with the file in the chest, you will need to move it out.
Or VirusTotal - Multi engine on-line virus scanner
If it does allow you to upload it let us know the results.
Just thought I would let everyone know, I contacted HP and here is there reply. (I have checked the above mentioned files and found that they are not the virus related files. These files are system related files.)
I thought that’s what it might be since it never picked up anything on my C drive, only on D and my recovery DVD’s that I made
Jotti would have quickly confirmed this as a potential FP without having to wait for a response from HP.
If you are getting a virus warning that you believe is a false positive, then if you can zip and password protect (‘virus’, will do) the suspect file and send it to virus @ avast.com (no spaces), or send from the chest. This will help resolve any false positive, for others as well.
Give a brief outline of the problem (possibly a link to this thread), the fact that you believe it to be a false positive and include the password in the body of the email. Some info on the avast version and VPS number (see about avast {right click avast icon}) will also help.
From your message, I understand that the Avast Antivirus found viruses
in the D: driver(Recovery patition).
I greatly appreciate that you have forwarded your concerns and given me
a chance to assist you with this issue.
Tony, I would like to inform you that the D: drive is not just a hidden
recovery partition it is also a protected partition. There is no chance
of having any virus in the d: drive. Because, it is thoroughly scanned
and placed in the D: drive.
However, HP recommends to use Norton Antivirus. Because, it is
preinstalled with all the updates on the viruses. Also, you can perform
regular live updates. Therefore, if you suspect any viruses in the D:
drive, I recommend you use the Norton Antivirus for scan to check for
the viruses in D: drive.
If you have further questions, please reply to this message and we will
be happy to help you.