Hello ;D

After a scan using prevx1 it came up with a few finds , well 4 to be exact.

However three of them turned out to belong to a program i use alot called Driver Cleaner Pro (removes reg entries left behind after uninstalling GPU drivers)

Because of this im unsure whether the other thing its found is safe to delete or put in the jail............

its called A0004435.exe and is in C\system volume information\_restore

and here is a link to what Prevx1 says about it...

http://info.prevx.com/pxparall.asp?PX5=a4f5869100895655544218051a94c90042d5dc8e&psection=desc

do i delete it? Jail it? or put it back ???

Please help im confused :-\

if youre unsure, just keep it in jail. it wont be able to do any harm if it malicious.

just by searching google tho, it seems that file is bad and should be deleted.

-{ Quote: "do i delete it? Jail it? or put it back ???

Please help im confused :-\" }-That's a system restore point. There are a number of things you can do, for example: Put it back in. While it is in the restore archive, the infected file is effectively quarantined and not functional. If you need the restore point at some later time, you can deal with the file directly at that time.
If you machine is known completely stable, you can reset your restore points. This will erase that and all other restore points. Whether or not this is a good thing depends on the state of your machine and only you can answer that. To accomplish this, go to Start>Control Panel>System, under the System Restore tab, check the box to Turn of System Restore and press OK. You'll get a warning message, press OK here as well. This step will erase all restore points. When that's done, simply reenable system restore by undoing what you just did. This will create restore points moving forward.
Let Prevx deal with the file. Since it deletes the file, this will simply render restore useful from the point after the one you just deleted moving forward. Pragmatically, this is generally not a major issue.
Blue

Thank you , ive never needed system restore so im gonna take a chance , re set it and let prevx deal with the file

Cheers ;D

Possible bug or it is just me.

I do this :
1. I open Prevx1
2. I click on Preferences
3. I mark "Enable" under "Event Notification"
4. I select "Enable" to block "Caution" programs under "Caution Programs"
5. I click "Apply"-button.
6. I close Prevx1.
This is normal.

Then I reboot :
1. I open Prevx1
2. I click on Preferences.
3. "Enable" is still marked under "Event Notification"
4. Block "Caution" Program under "Caution Programs" is set back to "Query" (default value) instead of "Enabled" (my choice)
That is NOT normal and this is very easy to test for EVERY Prevx1-user.
Am I the only one with this problem or is it a community problem ? ;)

-{ Quote: "Possible bug or it is just me.

I do this :
1. I open Prevx1
2. I click on Preferences
3. I mark "Enable" under "Event Notification"
4. I select "Enable" to block "Caution" programs under "Caution Programs"
5. I click "Apply"-button.
6. I close Prevx1.
This is normal.

Then I reboot :
1. I open Prevx1
2. I click on Preferences.
3. "Enable" is still marked under "Event Notification"
4. Block "Caution" Program under "Caution Programs" is set back to "Query" (default value) instead of "Enabled" (my choice)
That is NOT normal and this is very easy to test for EVERY Prevx1-user.
Am I the only one with this problem or is it a community problem ? ;)" }-


Erik,

I cannot confirm this on my system. It does remain "Enabled" after a restart of Prevx1.:)

-{ Quote: "Erik,

I cannot confirm this on my system. It does remain "Enabled" after a restart of Prevx1.:)" }-
Did you REBOOT before that ?

-{ Quote: "Did you REBOOT before that ?" }-

Yes I did.

And I tried it a second time just now and it does remain "Enabled".:P

-{ Quote: "Yes I did.

And I tried it a second time just now and it does remain "Enabled".:P" }-
Thank you very much, than it is MY problem. I will take care of it.

My problem is fixed and I'm glad, because the Community doesn't like abnormal Prevx1-users. ;)

If you even suspect a false positive, bring up the web info (double click the file in the Holding Cell/Jail) and click the "Disagree?" link. That will send a support message and we'll help you from there. If you need to put it back, put it in either the Holding Cell or Probation.

-{ Quote: "If you even suspect a false positive, bring up the web info (double click the file in the Holding Cell/Jail) and click the "Disagree?" link. That will send a support message and we'll help you from there. If you need to put it back, put it in either the Holding Cell or Probation." }-
The problem had nothing to do with Prevx1, I only wanted to know if it was only me or not. If it was a bug, I would have contact the support.

The OP should probably still contact support :)

-{ Quote: "The OP should probably still contact support :)" }-
The reason why I was in trouble was due to the fact, that I installed Prevx1 in a frozen snapshot and I had to anchor Prevx1 to allow its changes in a frozen snapshot. After the anchoring the problem was fixed.
I don't like to anchor in a frozen snapshot, because the more I anchor, the more vulnerable my frozen snapshot becomes. If a malware targets Prevx1, it has now a chance to do it in my frozen snapshot due to this anchoring.

I only need Prevx1 to stop the execution of malware and I hope it does. If Prevx1 does more than that, that is OK with me too.