Re-opened an old computer (Windows XP Home) I hadn't used for 2 years and brought it up to date.
Ran avast! (free version) Custom Scan (Full system scan plus everything else checked) on the old laptop's C Drive, and for the 1st time in the 2 years that I've been using avast, it found something - 8 items.
Two items are:
a) File name: *BOOTF:
Status: Error: The parameter is incorrect(87)
b) File name: F:\
Status: Error: The system cannot find the path specified.
One odd thing here is that I just installed several programs to my newer computer (Windows Vista Home Premium), as well as to this old computer. Same programs to both.
One program is Macrium Reflect. I made a Boot Rescue CD using this program with both computers.
I also made a Ghost Image of both, and in both cases created the Images in an External Hard Drive (F Drive).
Also made File Backups from both to the F Drive.
When I did the Avast scan, the F Drive was disconnected. I assume the 2 messages above relate to the F Drive being connected previously, and then disconnected when I did the scan.
The strange thing is that I ran the same avast Custom Scan on my new computer. Same situation with F drive connected when I created Boot Rescue CD, ghosted and backed up, and disconnected when I ran the avast Scan.
Yet the scan of the new computer found NO problems.
I assume I'm ok just ignoring these 2 "problems". Agree?
The scan lists 6 other items (actually 4 items, but 2 for some reason are listed twice):
1) C:\Documents and Settings\Owner\Application Data\Sun\Java \Deployment/cache/6.0/57/a441979-51657fc0
Severity: High
Status: Threat:Win32:Malware-gen
2) C:\Documents and Settings\Owner\Local Settings\Temp\661441.exe
Severity: High
Status: Threat: Win32:Malware-gen
3) C:\Documents and Settings\Owner\Local Settings\Temp\loader.exe
Severity:High
Status: Threat:Win32:Cycler-F [Trj]
4) C:\Documents and Settings\Owner\Local Settings\Temp\smss.exe
Severity:High
Status: Threat:Win32:Cycler-F [Trj]
5) C:\System Volume Information\Microsoft\services.exe
Severity:High
Status: Threat:Win32:Cycler-F [Trj]
6) C:\System Volume Information\Microsoft\sms
s.exe
Severity:High
Status: Threat:Win32:Cycler-F [Trj]
It then lists a 2nd time what I've labeled #5 and #6. Identical in every way.
Since I just downloaded a Registry backup program (ERUNT) and did a registry backup onto the C Drive, plus installed a file backup program (Karen's Replicator) and backed up to an external F Drive, and installed Macrium Reflect and did a Ghost image to the external F Drive, I suspect that all of the problems may be linked to a false positive from one of these, or from one of the many updates including Windows XP updates I performed in the last week on this computer.
I'm not sure of the "Java Deployment" problem, but I'd guess that something I installed is related to all of this.
Perhaps it is a real threat.
But I previously used TrendMicro's paid antivirus program, and at one time it found similar problems with my System Volume Information, which I assume are my Windows "System Restore" points.
But in TrendMicro's case, it gave me the file numbers, dates, and file names in question of the threat it perceived in my System Restore point.
With that, I was able to confirm that it was a false positive - an article I had saved had the name of a virus in the article, and for some reason their system misdiagnosed this as an actual virus.
I'm very disappointed with avast. I have no idea what files are involved in this, how many, etc..
Further, I created System Restore points every time I was installing a program/update.
I may need those Restore points in the next few weeks if there's a problem with anything I installed.
Yet avast states that there is a threat in my "System Volume Information", without letting me the date or any other info.
If I apply "Move to Chest", is it going to move 1 specific Restore point to the Chest, or all of my Restore Points?
No way to tell, because the Problem descriptions are too vague (no file name, date, etc.).
If it does move all of my System Restore points (by points I mean specific System Restore backups I've made) to the Chest, and I decide I need one or all, can they be moved back? Will they work if they are moved back? What if there's not enough room in the System Restore file to move them back - what happens then?
Despite this, I went with the default ""Move to Chest".
Afterwards, there was no message anywhere letting me know the result.
Was everything removed successfully? Any problems or anything remaining? Who knows?
Going to the Virus Chest, I see 4 items:
They seem to be the items I've listed above as #1, #2, #3, #4.
To see if this took care of everything (again, no message with any further info), I ran a Boot Scan.
That listed 2 Results:
*RAW:C:\System Volume Information/Microsoft/services.exe
*RAW:C:\System Volume Information/Microsoft/smss.exe
[The items I listed above as #5 and #6]
Both of them are listed as:
Severity: High
Status : Threat:Win32:Cycler-F [Trj]
I decided to take no action, but to post here instead, due to the fears mentioned above re: having all of my System Restore points possible being moved to the Chest.
I assume that whatever avast listed as problems which are now in the chest, were also included in the System Restore point(s) I made.Since these are (I assume) in my System Restore points, and my System itself will eventually delete these when there is no more room in order to make new Restore points, am I ok just leaving these?
(And if I do need to do a System Restore, I can do so and scan once restored to see if avast sees any problem)?
If there is a real Trojan threat in one or several System Restores points, can the Trojan (or a virus) "escape" into my system? Or not unless I actually use that System Restore point in an actual "restore"?
As mentioned, very disappointing that the Results from avast of the scan are so vague, and also disappointing the lack of any notices after I had it "Remove to chest" as far as "Was all removed to chest successfully?"
If there is no solution to this, will have to look elsewhere for an antivirus program, even though I've been completely satisfied with avast up till now (it has periodically intercepted problems before they entered my computer).
Another strange thing that occurred is that my avast Scan Logs on the old computer were still there from a few years ago.
Yet after I did the Boot Scan, they've disappeared, and only the last 2 scans which I've described in this post are still in the Scan Logs.
Looking forward to any analysis/suggestions.
UPDATE:
My mistake on one complaint: just went back to the log of the 1st scan, and I see that there is a scroll on the bottom, with a "Result".
It states for what I listed as #1 above - (Green check) "Action successful".
For the others, it states (Red X) Error: The system cannot find the file specified (2)"
(For the 2 items I labeled "a" and "b" [the F drive items], it has no Result listed, nor should there be).
Strange, since as described 4 of them are in the Chest.
I now recall that I clicked "Apply" ("Move to Chest") a 2nd time, as I hadn't seen any result message (didn't realize at the time that I needed to scroll).
So perhaps the "Errors" are from the 2nd time, after 4 of them were already in the Chest? (Although this doesn't make sense either, as there should've been "Action successful" listed for 4 of them after I clicked "Apply" the 1st time).
