Hi malware fighters,
@Tech
No... in the case that some of your executables are infected, you may as well say goodbye to your system and have to FFR (f-disk- format - reinstall).
What I like to emphasize on is how they can improve against the way of infecting - run as System via WinLogOn infecting from loaded running in mem. In a specific way it knows how to pass the Windows File Protection scheme, and we have only MS to report on that issue lately, av vendors have left users in the dark about this a great deal, and been very silent about the circumvention of WFP, and I like to hear if it is possible to harden against this circumvention, the mods were clear about this - in the case an infection there is no known remedy (not yet or never?). So better prevent infection through the normal methods, upgrade, patch your OS and third party software, use normal user rights for normal online activities, use in browser protection like NoScript in Flock or Fx, and abstain from risky online activities like downloads (keygens, cracks, p2p etc), that is the main line for the moment, and this story was confirmed by "essexboy" and "miekiemoes",
P.S. A way to prevent the circumventing of Windows File Protection is to hide the files in question and make them "hidden" to the virus andf not to the OS (there is software that does this), if this can be accomplished will be my question to the av-developers....
@ Avastfan1 upoload your questionable file (you think it could be a False Positive) to virustotal.com and see what they find and report that here as a link, as they found nothing it shows it is a heuristic find (virustotal does not report these) and that makes the possibility of a FP even greater, or it is more recent,
polonus