Author Topic: Is this a false/positve  (Read 2365 times)

0 Members and 1 Guest are viewing this topic.

SCORPIONINBLUE

  • Guest
Is this a false/positve
« on: November 15, 2004, 12:56:24 AM »
I'm really confused!!  Yesterday I ran a though scan on my  C drive and all folders including all archive material, and I came up clean.  This afternoon I ran a boot scan and the following came up:

virus name:  JS:Seeker_Gen.
location:  C/pagefile.sys
 3 files were found that were 'infected.'

I moved all to the virus chest.  Now when I look in the chest there wasn't anything there under the 'infected' field, I clicked the 'system files' field and the following three items were there :

C:/WINNT/system32 kernel32.dll
...........................etc. winsock.dll
...........................etc. wsock.32dll

are these the so called infected files and if so why weren't the listed as infected?  I'm a novice user and very cautious about removing anything as a matter of fact I was scared the death that I wouldn't be able to boot up, luckily things appear to be okay.  Why weren't these things caught yesterday when I did the 2 separate scans.  I remember other user myself included, complaining about alleged infections in Tuneup utilties, an update came through and it was found clean.   Please clarify.                          

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31078
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re:Is this a false/positve
« Reply #1 on: November 15, 2004, 01:11:05 AM »
Those three files are backups Avast created and can be used to put them back if something happens to the original ones.

Pagefile.sys is your virtual memory. At some point there was malware in the memory on your system. But the content of memory changes all the time if you use the system, so it could be gone now.

SCORPIONINBLUE

  • Guest
Re:Is this a false/positve
« Reply #2 on: November 15, 2004, 03:32:08 AM »
If I run another boot scan and it comes up again should I just ignore it?  You say what I moved was backup files, should I have attempted a repair?  Can I put them back or just leave well enough alone?  Sorry for the barrage!! I heard getting viruses of memory is almost impossible, correct me if I heard wrong.

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31078
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re:Is this a false/positve
« Reply #3 on: November 15, 2004, 03:39:00 AM »
No, you didn't moved the files there. Avast created backups of them as I told you in my previous post.

Quote
I heard getting viruses of memory is almost impossible, correct me if I heard wrong.
You are definatly misinformed. Every application is using the memory, that means malware does it too. So EVERY infection can be found at a certain point in the memory.