*Win32:AutoRun-YF‏* found in my D (Recovery) drive. Possible false alarm???

[pelican1]

I have a Gateway laptop running XP SP3.  Avast! on its first run-through (free home addition) found two instances of *Win32:AutoRun-YF‏* on my D-drive which is a recovery drive.  First, what is the likelyhood that this is a false positive, since my d-drive has not been used, and was last created when Best Buy's *Geek Squad* did a reformat and reinstall (using my official Gateway disk)?  I would think it unlikely that a virus would be able access this part of my computer. The *system restore* folder is locked (I can't even get in there to look at date stamps) and my understanding is that the drive just lays dormant until it is needed for a recovery.  Previously I used Microsoft's OneCare  and AVG Free--neither ever found any viruses on the D-drive.

Avast! was not able to clean the files, so my only alternative is to delete them.  Of course then I lose the capability of using d-drive to recover from a mishap.  I tried several online virus scans but the 2 files are each about 45 Mb and wont upload to be scanned.   Is there any risk to leaving them there?  I would appreciate any thoughts especially from anyone who has had this problem.  Thanks. 

(edited to clean up grammar and spelling.)

[FreewheelinFrank]

Hi pelican1,

If you can, submit the files to VirusTotal- if only avast! detects them, then they're probably a false positive.

See here for dealing with FP's:

[Mini Sticky] False Positives

[pelican1]

Thanks FreeWheelin'.  Unfortunately I couldn't get the file to upload to the online scanner.  Not the link you gave me, nor the links in the posting you also provided.  Each file is over 40 Mb because I can't get inside the subfolders on D-Drive.  But thanks again for the suggestion.

BTW, the virus locatiions and names are:
  D:\PRELOAD\data7_01.inp
  D:\PRELOAD\data7_05.inp. 

I guess I'll treat them as false positives until or unless something bad happens   I can't see how an infection could plant itself inside the locked rescue files on d-drive.  My very limited understanding is that those files aren't ever active unless one uses them to perform a rescue.   We'll see.    Has anyone had this problem? 

[cififncare]

Yes, avast! has detected Win32:AutoRun-YF in D:\PRELOAD\data7_01.inp.  There are references to it as an actual virus and not a false positive.

http://www.asktheramguy.com/v3/showthread.php?t=66605
"Technical Bulletin:
VIRUS WARNING
Affected Products:
SURVIVOR and PADLOCK Flash Drives
Summary:
We have discovered that a UFD test station within Corsair’s facilities has been infected with a virus. This has caused an indeterminate number of SURVIVOR and PADLOCK drives to become infected with the virus. Inserting an infected drive into a PC may cause that PC to become infected. Corsair will replace these drives upon user request. Details follow.
Virus Overview:
The virus, actually a worm, is known as “Kavo”, or “ntdelect” virus. It is primarily found in Asia. It is spread by portable storage devices, and it is used primarily to hijack passwords for certain online games. The payload consists of two hidden files on an infected drive, F.CMD and AUTORUN.INF. The virus will launch itself when the drive is inserted if autoplay is enabled. It will also launch itself if an application is run from the drive."

http://www.moatsoft.com/News/ysf_look.asp?id=48
"43.Virus.Win32.AutoRun.yf
A trojan-downloader is usually a standalone program that attempts to hiddenly download and run other files from remote web and ftp sites. Usually trojan downloaders download different trojans and backdoors and activate them on an affected system without user's approval."

Grain of salt...  Anyone else?

Update:
It looks like avast! has removed this item from the definitions as a false positive.  I routinely scanned for it after updates and found that it is no longer detected as of 06-22 or 06-23-08, which coincides with the timing of an update released specifically for false positives and existing definition fixes only.
It would appear that the folks at avast! do pay a lot of attention to feedback.  Thanks!