Hi all,
I ran "Full system scan" earlier this afternoon,( I have not run the full scan for a while) and I got a positive ID.
However the restore folder on my hard drive is in capital letters (RESTORE )
not in small case as reported by TDS.
Also when I open the RESTORE folder there is no temp folder or file in it. I have been to TOOLS/FOLDERS/show hidden etc, but still no folder or file called temp, and no reference at all to Riskware.Tool.Gendel32.0
As I cant find this file I certainly cant submit it. Is this a `False Positive`?

Hi tut, Not sure about this one could be an FP funny that the text shows 0 files but then System Volume information is a special folder :(
Can you check that your radius file is OK and reads as follows:
Systems Initialised [38179 references - 15546 primaries/10651 traces/11982 variants/other]
Gavin should be a long in a few hours and may be able to give you a proper answer.

I notice in your pic that the directory is not c:\restore it's c:\_restore. The underscore can make all the difference. Make sure that you are able to view hidden files and folders and see if the _restore folder is directly under your C drive. Could be worth a shot.

Hello again,
Yes I have selected show hidden folders, the only RESTORE folder is _RESTORE ( capital letters ) which only contains this.

Hi Pilli,
I have checked my update and it is exactly as you say.
38179references-15546 primaries/10651 traces/11982 variants
so thats ok. I`ve tried `search for folders and files` _restore but all I get is _RESTORE (in capital letters) I do not seem to have a folder called _restore
This is what makes it so confusing.

That's the ME system restore folder

You cannot see any files or folders in there from your usual user account


Turn off system restore by following instructions here
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001012513122239 for ME

That will purge the restore folder and clear any malware that has been put in there.
Then run a tds scan and see if it finds the file I bet it won't

Then reboot & then re-enable sytem restore & create a new restore point.

HI dvk01,
I dont use system restore, it has been disabled for a few months now. I use Go Back 3. As an experiment I rolloed my computer back to Tuesday 21 September, run a `Full system scan` No reports of any thing.
I then downloaded todays update, ran the `Full system scan` and there it was again `Positive ID Riskware.Tool.Gendel C:\_restore\temp\gendel32.0`
This looks to me like todays download is causing this report.