CONFIRMING: the F/P has been FIXED in definitions 12 06 30 - 0
I thank avast for the timely response to my posting the F/P [in the other thread]... but feel bad about the others who have posted in this thread, who didn't realize it was (or know about) a F/P .
Per a remark by Purplemuse [elsewhere], I just checked on my system, and discovered that I DO have a copy of that file in my
C:\WINDOWS\dell\cercsr6
subdirectory [and have compared with the system32\drivers file to confirm its the same version]. Hopefully, those who deleted theirs may be fortunate enough to find they do too.
==============================
to Strafe:
1) Being "delete trigger happy" is not a good thing. As you've now experienced, anti-virus programs are ocassionally guilty of making False Positive detections --- it's a fact of life, and there's nothing that can be done about it.
I strive to keep my systems "squeaky clean", so ANY time I get a virus warning [which is extremely rare for me], I treat it as likely being a F/P. First and foremost, NEVER DELETE files: once deleted, it may be impossible to get it back. QUARANTINE (VIRUS VAULT) is
preferable, in that you can always restore it from the vault to your system. However, even quarantine is not foolproof: in the extreme case, if the F/P is for a critical WINDOWS SYSTEM FILE and you quarantine it, you may find that your system will not boot up again :-( That's why I do my research, and posting, before quarantining.
A great place to start is by uploading the file to
https://www.virustotal.com/ which will then have it analyzed by 42 different anti-virus companies. in the case of cercsr6.sys , only 2 of 42 companies reported it infected. [Note: In order to be able to access/upload this file, I had to add it as an exclusion to avast's file system shield --- otherwise, I couldn't get near it.]
2) Be very careful with tinkering with System Restore: when you disable it, you are REMOVING ALL of your restore information... meaning when you re-enable it, it's starting with NO data there!