S
Some Guy
Connected my win-98 drive to an XP-pro development system to scan the
win-98 drive for trojans/virii (The Cleaner, and NAV from NSW-2002 -
both updated to current def's).
Some viral files were found (harmless- attachements saved from spam
e-mails for manual scanning).
I guess it's XP's habbit of creating \System volume information\ on
every drive connected to it. During a scan by the cleaner it found
this:
D:\System Volume
Information\_restore{EDD79313-3427-47E1-8259-F3CC96419F7F}\Rp36\A0002906.scr
The SCR is MyDoom.A (saved from an e-mail attachment - never
executed).
Basically,
1) how did it end up in that directory, and
2) Why does NAV refuse to scan any subdirectories / files in that
folder, and will only scan that (that particular file) when I drag
it's nose down to the file itself?
3) The Cleaner apparently has no problem scanning all files in that
path (when pointed to the top-level directory) and, funny enough, NAV
intercepts the file when The Cleaner tries to access it.
So why does NAV fear to tread into the \System volume information\
directory tree? Is Rp36 a "restore point" ? Just like the recycler,
seens the \sys vol info\ folder would be a good place for virii and
trojans to hang out (and a very important place for NAV to be able to
scan). ???
win-98 drive for trojans/virii (The Cleaner, and NAV from NSW-2002 -
both updated to current def's).
Some viral files were found (harmless- attachements saved from spam
e-mails for manual scanning).
I guess it's XP's habbit of creating \System volume information\ on
every drive connected to it. During a scan by the cleaner it found
this:
D:\System Volume
Information\_restore{EDD79313-3427-47E1-8259-F3CC96419F7F}\Rp36\A0002906.scr
The SCR is MyDoom.A (saved from an e-mail attachment - never
executed).
Basically,
1) how did it end up in that directory, and
2) Why does NAV refuse to scan any subdirectories / files in that
folder, and will only scan that (that particular file) when I drag
it's nose down to the file itself?
3) The Cleaner apparently has no problem scanning all files in that
path (when pointed to the top-level directory) and, funny enough, NAV
intercepts the file when The Cleaner tries to access it.
So why does NAV fear to tread into the \System volume information\
directory tree? Is Rp36 a "restore point" ? Just like the recycler,
seens the \sys vol info\ folder would be a good place for virii and
trojans to hang out (and a very important place for NAV to be able to
scan). ???