mike hagen said:
I've got a boot sector file F-Prot (windows) can't figure out. It claims
it's "suspicious". ...
Is that exactly, precisely and all that it says?
If you want more help I think you should post the exact, _uninterpreted_
text of the "warning" that F-PROT gives you. (You see, for starters, the
boot sector is not a "file", so you're not really helping your efforts
here by guessing at what the words might mean and "describing" your
interpretation of them...).
... Also hiberfil.sys and pagefil.sys are listed as
running and so not scannable either, whether in xp or from safe
mode/command prompt. Any steps to turn these off at the prompt?
Of course.
Both files, for performance reasons, _must_ remain purely and solely under
the OS' control -- one is the "hibernate file" (where the contents of
memory are written and the state of the registers at the moment you choose
to hibernate the sytem are written) and the other is the swap file (where
the system writes the the "less used" contents of memory so it can act as
if your machine has more memory than is physically installed). The latter
is 120% critical during the machine's operation and the former for a few
seconds before it completes going into, and the few seconds while it
"recovers" from, hibernation -- both are sufficiently important that the
host OS will not allow either to be messed with by anything but itself and,
in teh case of the hiberfil.sys, some BIOS code.
I'm running XP and just switched to this antivirus after Nortons cut me
off from updates a month before it's subscription expired. ;( Have not
figured out all the ins and outs of F-Prot yet.
Well, it seems one of the "ins and outs" of F-PROT compared to NAV is that
it warns you about _all_ files that are inaccessible to it scanning, rather
than hiding some (or most or all -- how will you ever know??) of such files
"because its developers think they known best"...
Any suggestions for IDing the boot sector thing? Any competing
antivirus that might scan boot sectors that I don't have to buy before I
try?
You can try another AV, but F-PROT probably has close to the best boot
sector heuristics, so if something else (depending precisely what!) finds
nothing suspicious, that may simply tell you something about the quality
of that product's boot sector heuristics...