Virus Defense, 2 threats detected so far

Hi everyone, I am looking for advice.
On the Summary page, Virus Defense says, 2 threats detected so far. So I find in the Anti-Virus Events window the following 2 identical entries: C:\System Volume Information_restore{DC05C1D9-1D66-4994-A3BE-90571DE412D4}\RP1550\A0303372.exe Heur.Suspicious@2543802 Action Detect Status Success.
The question is Do I need to do anything?
I know that the threat has been successfully detected but what has happened to it? Has it been deleted?
I am not allowed to access the System Volume Information folder to see if the file is there.
I am concerned that the file may be waiting to do damage, however, it looks like part of the System Restore feature.
I would be most grateful for any advice.

I am using Version 3.14.130099.587
Windows XP SP3

The files have probably been quarantined.

Go to Antivirus / Quarantined Items. See if they’re in there.

Hi Chiron.
I have looked in Quarantined items but they are not listed.
By the way, I made a mistake in my previous post sorry. The Malware name should have been: Heur.Suspicious@25438032.

jamarisk

They are probably deleted by default . I believe there should be some improvements for example when the user hit ‘’ Clean ‘’ button it should try to repair if not it should send it to quarantine .

Thanks for your comments.

Sorry if I appear to be thick!

I dont know where the “clean” button is ?

The problem that I have is:
1 I dont know if the “threat” is real or false.
2 If it is false, I obviously dont want the file deleted or quarantined.
3 If the threat is real, has CIS taken any action? If yes, what action has it taken?
4 If CIS has not taken any action, do I need to do anything?

If there is a virus on my machine, either CIS or myself need to do something about it. Do you not agree?

By the way, my virus scanner is set to Stateful
The Firewall and Defense+ are both set to Safe Mode.

jamarisk

Go to Antivirus / Scanner Settings. Let me know if the box that says “Automatically quarantine threats found during scanning” is checked or not.

If there is active infection, the integrated BOClean should kill it because it is memory scanner.

Hi Chiron

Thanks for your help

“Automatically quarantine threats found during scanning” is unchecked

jamarisk

Hi Chiron

I let you know that it is unchecked, but you have not been able to tell me what to do next. :frowning:

jamarisk

Sorry, I’m not sure what’s going on.

Can you please post a screenshot of your AV log?

Has anything else been found on your computer, or have the only detections come from the system restore folder?

By the way it’s probably just a file that was backed up by System Restore and is no longer on your computer. It’s probably not actually part of System Restore.

Just to make sure can you please perform a scan with the two scanners given here:
How to check if your computer is infected
Don’t worry, they won’t take long. Just let me know if they find anything suspicious.

Hi Chiron

I have attached a screenshot of the latest entries in the AV log. If you need the earlier ones as well, I can do it.

The scan results are as follows:

Comodo Cloud scanner gives:
Malware & suspicious files 16
Privacy issues 11947
Registry errors 630
Junk files 453

Shall I submit these for analysis?

Hitman Pro shows -No threats found.

jamarisk

[attachment deleted by admin]

Can you please report some of those items which were previously detected to Comodo as false positives via:
Comodo Malware/False-Positive Submission
Can you also send a few of these to virustotal and post a link to the results?

Also, yes, submit the files for analysis and see what CIMA has to say about it.
Can you also post a screenshot of these results?

Also, can you please post your AV log in you next post?

Edit: Actually, can you instead perform a complete scan with your AV and post the results? Please set the heuristics to high.

Hi Chiron

Here are the screenshots and the Virus Total links.
I also sent them to Comodo Malware/False positive Submission but I have not had any results yet.

One of my problems is that the C:\System Volume Information Folder contains zero files, according to My Computer. However, I saw these files go past whilst the scan was taking place, so I know they are somewhere!
I have also done a search for them unsuccessfully.
I dont know how to access them.

This must be taking a lot of your time and I am extremely grateful for your help.

jamarisk

[attachment deleted by admin]

I don’t see anything to worry about.

I think you had an infection in the past, but now all that is left of it is the files in System Restore.

In the future if Comodo Antivirus identifies a file as malicious that you’re not sure about just submit it as a false positive to the website and see what they have to say about it.

also the only ones you have to worry about possible being false positives are the ones that start with heur ( heuristics), if you get a detection that has a real name like for example “Application.Win32.HackTool.MyCCL.~B” that means it has been identified as a piece of malware/potentially unwanted program or if you see “UnclassifiedMalware” it means it has also been identified as malware but it has not been given a name. The reason heur.###### can be false positives is because those are generated by a computer and a computer can create FP signatures.

Thank you all very much for your expert help, it is greatly appreciated.

Your taking me through this process has taught me a lot about how to interpret CIS warnings.
I hope I dont need to bother you again in the near future!

Once again, many thanks, especially Chiron.

jamarisk
:-TU :-TU

In case you want to delete those files from System Restore folders you can open them following this Microsoft KB article: http://support.microsoft.com/kb/309531 .