A scan by Dr Webb CureIt revealed several entries, one was BillP which I am sure is a FP. The other three are as shown. I suspect they are also FP, and that is a problem that I have experienced with this AV before.

I am not sure of the entries. Anyone familiar with them? A major problem for me is that I have no idea what the entries mean. Isn't there a better way to identify such?

Thanks,
Jerry

The first column tells you the file type\name. The second tells you the location of the suspect file. The third tells you what it is suspected to be. If you do a Google of just the names in the third column, you will probably get all the information you could ever need to decide whether they are FP`s or not.

Jerry,

GTDown here. (http://castlecops.com/check140987previous.html)I have had Dr Web flag this file on my system.

For the other 2 files, in your System Restore Folder, for confirmation whether they are malware or false positives, have you scanned with your other AV's, KAV/NOD or loaded them up to Jotti's or virus total or virus.org?

You can also send them to the Dr Web Virus Monitoring Service. (http://support.drweb.com/sendnew/)

{QUOTE-> Jerry,

GTDown here. (http://castlecops.com/check140987previous.html)I have had Dr Web flag this file on my system.

For the other 2 files, in your System Restore Folder, for confirmation whether they are malware or false positives, have you scanned with your other AV's, KAV/NOD or loaded them up to Jotti's or virus total or virus.org?

You can also send them to the Dr Web Virus Monitoring Service. (http://support.drweb.com/sendnew/) <-QUOTE}

Thanks. I am not sure I know how to scan those files with KAV, which I have on my computer. How do I find them to do the scan?

I have scanned with KAV and Ewido the last few days.

I know that is a dumb question, but it reveals my level of knowledge here.

Thanks,
Jerry

For scanning your system restore folder see here (http://service1.symantec.com/SUPPORT/nav.nsf/docid/2000092513515106) and here. (http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001111912274039)

You basically need to disable system restore, reboot and then carry out a full system scan.

{QUOTE-> For scanning your system restore folder see here (http://service1.symantec.com/SUPPORT/nav.nsf/docid/2000092513515106) and here. (http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001111912274039)

You basically need to disable system restore, reboot and then carry out a full system scan. <-QUOTE}

I just scanned with KAV6 the Restore folder. I did not disable it. Does it not work if I did not disable Restore? KAV found nothing.
I did not know that the term Volume identified Restore.

Should I do this again with Restore disabled? I can't believe that KAV and Ewido would miss it.

Thanks,
Jerry

You need to turn off System Restore, reboot, scan ALL files with KAV then switch back on System Restore.

BUT, if you do not want to lose your past restore points, confirm first that these are indeed malware or false positives.

{QUOTE-> You need to turn off System Restore, reboot, scan ALL files with KAV then switch back on System Restore.

BUT, if you do not want to lose your past restore points, confirm first that these are indeed malware or false positives. <-QUOTE}

Thanks. I have scanned my system with KAV6, Ewido, and Bit Defender on-line scanner. All have scanned clean. I am satisfied that is the case, and that Dr Webb has given FP. I never go to risky sites and am not really worried.

In the past I found that CureIt did give some FP, and stopped using it, but I did want to have some AV that I could run from a thumbdrive. I am not sure I have a use for it, but wanted to try it.

Thanks again,
Jerry

So it looks like the first file is/maybe a low-risk adware file, while the other two "probably" files are FP's.

I would also take a look at Rollback instead of System Restore.

"I would also take a look at Rollback instead of System Restore."

Is Rollback going to an earlier restore point?

Thanks,
Jerry

Yes. But overall it is a much better way to totally recover previous files/folders than SR.

Take a look here (http://www.horizondatasys.com/product_page.html?page_id=89) and here. (http://www.wilderssecurity.com/showthread.php?t=127866)

{QUOTE-> Yes. But overall it is a much better way to totally recover previous files/folders than SR.

Take a look here (http://www.horizondatasys.com/product_page.html?page_id=89) and here. (http://www.wilderssecurity.com/showthread.php?t=127866) <-QUOTE}

Thanks, Blackcat.
Jerry