(Regular scan was with thorough and archive enabled. Boot time scan was with archive enabled) The infection is only found at host environment on the .vhd files as above matrix. So I noticed that boot time scan is different from regular scan. I watched on the boot time scanning. I suppose boot time scan don’t check .vhd file and other huge archive files except .zip,.cab,.msi,.rar,.lzh,.lha,.exe,.dbx. The boot time scanning was only 45 minutes long, however the regular scanning was more than 24 hours long. So the boot time scanning did not find the infection and the Trend micro online scanning was also same thing, I guess. I still don’t understand why did not regular scan find infection at guest OS. Next I’ve created a new .vhd file that I’ve newly installed Win XP into the .vhd and scanned, however it was no infection found. I suppose this is not false positive. In addition, I’m wondering what is exactly difference between regular scan and boot time scan. Thank you. |