Hi I have just added a HDD from our old PC it seemed like the AV was
scanning the slave HDD and seeing the .exe files as viruses, so I have
disconnected it again for now, is this common?

With the slave unplugged the AV has just picked out a .exe file from the
original HDD as if it was a threat, is this common?

I am concerned that it will lock away or quarantine some of the operating
files...

Any ideas.

Many thanks

Steve

What AV?

moonraker wrote:
> Hi I have just added a HDD from our old PC it seemed like the AV was
> scanning the slave HDD and seeing the .exe files as viruses, so I have
> disconnected it again for now, is this common?
>
> With the slave unplugged the AV has just picked out a .exe file from the
> original HDD as if it was a threat, is this common?
>
> I am concerned that it will lock away or quarantine some of the operating
> files...
>
> Any ideas.
>
> Many thanks
>
> Steve

Yes..sorry...reallised I had omitted the details as my finger lifted off the
mouse...whoosh...to late it had gone!!!!

AVIRA Antivir personal (free) was on PC when aquired.

Since the first post the PC has been sat there and another warning flashed
up with a file from the existing HDD drive the (I drive 9 (the slave (C
drive is disconnected for now)

Note!! when I plugged the HDD into the PC I removed the jumper from the rear
as it said on the back that no jumper was "slave"

Some one has mentioned that no jumper is slave ribbon select....as the slave
HDD is listed in the boot menu as maxtor 1st slave do I need to fit the
jumper or not.

Many thanks

"PA Bear [MS MVP]" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> What AV?
>
> moonraker wrote:
>> Hi I have just added a HDD from our old PC it seemed like the AV was
>> scanning the slave HDD and seeing the .exe files as viruses, so I have
>> disconnected it again for now, is this common?
>>
>> With the slave unplugged the AV has just picked out a .exe file from the
>> original HDD as if it was a threat, is this common?
>>
>> I am concerned that it will lock away or quarantine some of the operating
>> files...
>>
>> Any ideas.
>>
>> Many thanks
>>
>> Steve

Send one or two to http://virustotal.com for an opinion.

One of the problems with AV these days is that there are now so many
viruses, some of which are bound to be similar to genuine files, false
detections are very common

"moonraker" wrote:

> Hi I have just added a HDD from our old PC it seemed like the AV was
> scanning the slave HDD and seeing the .exe files as viruses, so I have
> disconnected it again for now, is this common?
>
> With the slave unplugged the AV has just picked out a .exe file from the
> original HDD as if it was a threat, is this common?
>
> I am concerned that it will lock away or quarantine some of the operating
> files...
>
> Any ideas.
>
> Many thanks
>
> Steve
>
>
> .
>

Hi there, thanks for that.

Looking at the AV history it looks like it has been happening for some time.

(I is the original HDD (160gb) to the pc I added a slave (C yesterday
but disconnected it for now when the av started "seeing threats in the
files"

Most are showing "detected in (I system volume
information......................................................

looking at the log, it loks like the av has run every hour (exactly) and
picked out the same file several times and ""deny access"" 5 times (5 hours)
in a row.:-

Guard:malware found
date 15\11\2009 22.47.36

virus or unwanted program "adware\adware.Gen [adware] detected in file
"I: \ system volume
information\restore(79543F85-E178-4BC5-AB89-3972695E-1B68)\RP1354\A0175290.exe

as I say. this entry is lised once every hour 5 times that day....3 times
the next day...4 times the next....6 times on the 20\11\2009

Then when I fitted the slave (C drive the av reported

Guard:malware found
date 14\12\2009 18.42.02

virus or unwanted program "adware\adware.Gen [adware] detected in file

this time in

C: \program files\hewlett-packard\digital
imaging\..................................................

Hope this helps

Cheers........steve







"Anteaus" <(E-Mail Removed)> wrote in message
news0CDF0F2-8595-477F-86D5-(E-Mail Removed)...
>
> Send one or two to http://virustotal.com for an opinion.
>
> One of the problems with AV these days is that there are now so many
> viruses, some of which are bound to be similar to genuine files, false
> detections are very common
>
> "moonraker" wrote:
>
>> Hi I have just added a HDD from our old PC it seemed like the AV was
>> scanning the slave HDD and seeing the .exe files as viruses, so I have
>> disconnected it again for now, is this common?
>>
>> With the slave unplugged the AV has just picked out a .exe file from the
>> original HDD as if it was a threat, is this common?
>>
>> I am concerned that it will lock away or quarantine some of the operating
>> files...
>>
>> Any ideas.
>>
>> Many thanks
>>
>> Steve
>>
>>
>> .
>>

moonraker wrote:
> Hi there, thanks for that.
>
> Looking at the AV history it looks like it has been happening for some time.
>
> (I is the original HDD (160gb) to the pc I added a slave (C yesterday
> but disconnected it for now when the av started "seeing threats in the
> files"
>
> Most are showing "detected in (I system volume
> information......................................................
>
> looking at the log, it loks like the av has run every hour (exactly) and
> picked out the same file several times and ""deny access"" 5 times (5 hours)
> in a row.:-
>
> Guard:malware found
> date 15\11\2009 22.47.36
>
> virus or unwanted program "adware\adware.Gen [adware] detected in file
> "I: \ system volume
> information\restore(79543F85-E178-4BC5-AB89-3972695E-1B68)\RP1354\A0175290.exe
>
> as I say. this entry is lised once every hour 5 times that day....3 times
> the next day...4 times the next....6 times on the 20\11\2009
>
> Then when I fitted the slave (C drive the av reported
>
> Guard:malware found
> date 14\12\2009 18.42.02
>
> virus or unwanted program "adware\adware.Gen [adware] detected in file
>
> this time in
>
> C: \program files\hewlett-packard\digital
> imaging\..................................................
>
> Hope this helps
>
> Cheers........steve
>

Take Anteaus's advice, and upload the smallest infected file
to the www.virustotal.com web site. Virustotal has about 20 different
virus scanners in it. You upload a file to them, they decompress it
if that is necessary, take it apart, run it through all the scanners,
and give you a report automatically. It's a great service and it is free.

Paul

>
> "Anteaus" <(E-Mail Removed)> wrote in message
> news0CDF0F2-8595-477F-86D5-(E-Mail Removed)...
>> Send one or two to http://virustotal.com for an opinion.
>>
>> One of the problems with AV these days is that there are now so many
>> viruses, some of which are bound to be similar to genuine files, false
>> detections are very common
>>
>> "moonraker" wrote:
>>
>>> Hi I have just added a HDD from our old PC it seemed like the AV was
>>> scanning the slave HDD and seeing the .exe files as viruses, so I have
>>> disconnected it again for now, is this common?
>>>
>>> With the slave unplugged the AV has just picked out a .exe file from the
>>> original HDD as if it was a threat, is this common?
>>>
>>> I am concerned that it will lock away or quarantine some of the operating
>>> files...
>>>
>>> Any ideas.
>>>
>>> Many thanks
>>>
>>> Steve
>>>
>>>
>>> .
>>>
>
>

Thankyou for the reply,

The pc in question is not online as yet, could I copy the file to a memory
stick and upload it via this PC

> Take Anteaus's advice, and upload the smallest infected file

Do I take it I hunt down the actual file on the PC, copy it and then upload
it?

> to the www.virustotal.com web site. Virustotal has about 20 different
> virus scanners in it. You upload a file to them, they decompress it
> if that is necessary, take it apart, run it through all the scanners,
> and give you a report automatically. It's a great service and it is
free.

Many thank
Steve

moonraker wrote:
> Hi there, thanks for that.
>
> Looking at the AV history it looks like it has been happening for some time.
>
> (I is the original HDD (160gb) to the pc I added a slave (C yesterday
> but disconnected it for now when the av started "seeing threats in the
> files"
>
> Most are showing "detected in (I system volume
> information......................................................
>
> looking at the log, it loks like the av has run every hour (exactly) and
> picked out the same file several times and ""deny access"" 5 times (5 hours)
> in a row.:-
>
> Guard:malware found
> date 15\11\2009 22.47.36
>
> virus or unwanted program "adware\adware.Gen [adware] detected in file
> "I: \ system volume
> information\restore(79543F85-E178-4BC5-AB89-3972695E-1B68)\RP1354\A0175290.exe
>
> as I say. this entry is lised once every hour 5 times that day....3 times
> the next day...4 times the next....6 times on the 20\11\2009
>
> Then when I fitted the slave (C drive the av reported
>
> Guard:malware found
> date 14\12\2009 18.42.02
>
> virus or unwanted program "adware\adware.Gen [adware] detected in file
>
> this time in
>
> C: \program files\hewlett-packard\digital
> imaging\..................................................
>
> Hope this helps
>
> Cheers........steve
>
>
>
>
>
>
>
> "Anteaus" <(E-Mail Removed)> wrote in message
> news0CDF0F2-8595-477F-86D5-(E-Mail Removed)...
>> Send one or two to http://virustotal.com for an opinion.
>>
>> One of the problems with AV these days is that there are now so many
>> viruses, some of which are bound to be similar to genuine files, false
>> detections are very common
>>
>> "moonraker" wrote:
>>
>>> Hi I have just added a HDD from our old PC it seemed like the AV was
>>> scanning the slave HDD and seeing the .exe files as viruses, so I have
>>> disconnected it again for now, is this common?
>>>
>>> With the slave unplugged the AV has just picked out a .exe file from the
>>> original HDD as if it was a threat, is this common?
>>>
>>> I am concerned that it will lock away or quarantine some of the operating
>>> files...
>>>
>>> Any ideas.
>>>
>>> Many thanks
>>>
>>> Steve
>>>
>>>
>>> .
>>>
>
>

The first example you picked (I:\system volume information\restore ...)
is in a System Restore point. I suggest clearing out all restore points
on that partition by turning off System Restore. It's not clear from
your post which partition is your system partition (e.g., the one where
Windows is located). As a general rule, you should turn off System
Restore on all partitions *other* than the system partition.

--
Lem

Apollo 11 - 40 years ago:
http://www.nasa.gov/mission_pages/ap...0th/index.html

moonraker wrote:
> Thankyou for the reply,
>
> The pc in question is not online as yet, could I copy the file to a memory
> stick and upload it via this PC
>
> > Take Anteaus's advice, and upload the smallest infected file
>
> Do I take it I hunt down the actual file on the PC, copy it and then upload
> it?
>
> > to the www.virustotal.com web site. Virustotal has about 20 different
> > virus scanners in it. You upload a file to them, they decompress it
> > if that is necessary, take it apart, run it through all the scanners,
> > and give you a report automatically. It's a great service and it is
> free.
>
> Many thank
> Steve
>
>

Well, every idea has a few gotchas.

There is some malware, that spreads from computer to computer
vis USB flash. It could be using "autorun" as a mechanism.
Pressing and holding the "shift" key, while inserting
the USB stick, may stop "autorun". But I don't know if that
is guaranteed to be enough to stop something like that or
not.

You could set up networking on the machine in question, and
try to upload from there. There is even malware, that won't
let the browser reach the virustotal.com web site (that
can be done by adding an entry to the "hosts" file). But that
would be a dead giveaway the machine was infected, so you'd know
there was trouble if that happened.

You could use a "security by obscurity" technique. If you copied
the file to USB flash on the suspect Windows computer, and
plugged the USB flash into a Linux computer, there is a chance
the malware may not be able to infect all OSes equally. So perhaps
using a browser on a Linux machine might be an alternative.

Is it that hard to get networking going on the affected machine ?

Yet another thing to consider, is if the machine you're going
to use to do the upload, has its own AV software running. It
could scan the USB flash as soon as it is plugged in and
quarantine the file. I suppose that proves it is infected
too, so doesn't really raise any additional issues. If
the AV on that computer doesn't complain, and you don't
manage to infect the networked computer, then you're ready
to upload to virustotal.

Paul