C: \ Windows \ Installer \ pe5x86.zip . . . BootSect.exe

[sludge7051-x]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

After the Avast Boot Time scan, it said that I must activate Windows.

I took a look at System / "View basic information about your computer" / After a minute, it said activated - that didn't seem good

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

What did Avast find?

File C:\Windows\Installer\pe5x86.zip|>Windows AIK\Tools\PETools\x86\BootSect.exe is infected by Win32:Malware-gen, Moved to chest

Please see screenshots

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

What is Windows AIK\Tools\PETools\x86\BootSect.exe . . . http://technet.microsoft.com/en-us/library/cc749177%28v=ws.10%29.aspx

This looks like a false positive.

Avast could not restore BootSect.exe from the Virus Chest.  I think it's safe, so I wanted to.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

I went to Win 8.1 Safe Mode / I went to a restore point I do, before doing a Boot Time Scan / It said the restore was successful, but I'm not sure if the restore point restored BootSect.exe

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Next thing to try:  I ran these two, in this order:

C:\>dism /online /cleanup-image /restorehealth

C:\>sfc /scannow

. . . I ran sfc first, but it failed.  So I ran dism first, and then sfc - and it then said that sfc succeeded.

In looking in File Manager, I see that the pe5x86.zip is back

Questions:

1.)  Should I unzip the archive, and run BootSect.exe, or just leave it as is

2.)  Should I find all occurrences of BootSect.exe on my C: drive, and scan them with Avast?  Please see screenshot for the ones on my hard drive.

3.)  Is it now safe to delete the BootSect.exe entry in the Virus Chest?

[sludge7051-x]

I see that I got this error on 11/27/14 . . . and the last "modification" to one of the three copies of BootSect.exe on there was on 11/19/14

. . . are there supposed to be more than three copies of BootSect.exe installed (which I have), in three different places?

So, Avast just doesn't like the .zip file for some reason . . . This .zip file has been restored, so the problem is fixed? . . . Some program must works with pe5x86.zip, because I never did.

I'll have to see if it happens again

[essexboy]

Do you have an imaging/backup programme as that is generally used by them

[sludge7051-x]

I tried these a while back - months, or maybe even a year, before this error:

Macrium
SeaGate Disc Wizard (Acronis)
Windows 7 File Recovery

. . . but decided on, and have been using Clonezilla

. . . you boot to the Clonezilla CD, so as I understand it, it doesn't use anything on my computer, it just blindly makes a sector by sector copy of my C: drive to the other hard drive.  I think it boots to Linux - it uses a whole different operating system than Win 8.1

[essexboy]

In that case the file belonged to macrium reflect,

[sludge7051-x]

Why would Avast flag it in the zip file, but not the extracted versions?

[sludge7051-x]

I'll was able to delete it from the Virus Chest.  I'll try running the Boot Time Scan again soon, it takes 2 hours 15 minutes.

I've been running Boot Time Scan, and just letting it "Fix All"

- - - - - - - - - - - - - - - - - - - - - - - - - - - -

This page says that you should not do that - it says to just use Boot Time Scan as a last resort.  Can it cause that much of a problem?

https://www.winhelp.us/avast-free-antivirus-boot-time-scan.html

Do not use the Yes or Yes all options for system files - your computer might become unstable or unbootable!

- - - - - - - - - - - - - - - - - - - - - - - - - - - -

I have been setting a restore point before I do the Boot Time scan, in case there is a problem.  I would go into Win 8.1 Safe Mode with the USB drive, and get to the restore point that way.

[essexboy]

Boot scan is a last resort method and can produce false positives so you would need to monitor it

[sludge7051-x]

I'll do some more experimenting and report back the findings.  Thank you!

[sludge7051-x]

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

11/29/14

I deleted this from the Virus Chest, and see that it had put it in Exclusions, before:

File C:\Windows\Installer\pe5x86.zip|>Windows AIK\Tools\PETools\x86\BootSect.exe

I just re-ran Boot-Time Scan - this didn't come up, and is not in Exclusions, either

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

I've been running Boot-Time Scan with the following settings:

Areas to scan:  All harddisks, and Auto-start programs (all users)
Heuristics sensitivity:  High
[check] Scan for PUPs
[check] Unpack archive files
When a threat is found:  Fix automatically

These settings are as high as you can go.  Maybe that's why it found this error, and it's a false positive.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *