is this a false positive?

Discussion in 'malware problems & news' started by ninja_style, Mar 8, 2005.

Thread Status:
Not open for further replies.
  1. ninja_style

    ninja_style Registered Member

    Joined:
    Oct 12, 2004
    Posts:
    41
    ok, i installed the trial version of kaspersky prototype and it detected these two files:
    1) C:\WINDOWS\_MSRSTRT.EXE
    2) C:\System Volume Information\_restore{2030750F-248F-4951-9149-139762C4DA9F}\RP341\A0108232.exe

    i am wondering if they are false positives or virus'?

    thanks
     
    Last edited: Mar 8, 2005
  2. Randy_Bell

    Randy_Bell Registered Member

    Joined:
    May 24, 2002
    Posts:
    3,004
    Location:
    Santa Clara, CA
    What NAME did it give to the virus it detected? ;)
     
  3. ninja_style

    ninja_style Registered Member

    Joined:
    Oct 12, 2004
    Posts:
    41
    lol, hmm, it says "x-files" "not-a-virus:Tool.Win32.Reboot" lol, if it's supposed to be a porn file or whatever i wanna deleted i don't wanted in my computer, but i am asking if it's safe to deleted?
     
  4. Randy_Bell

    Randy_Bell Registered Member

    Joined:
    May 24, 2002
    Posts:
    3,004
    Location:
    Santa Clara, CA
    OH OK, well, that really isn't a viral detection, apparently you are loading the supersecure bases: "normal" + "extended" + "x" bases. It is the "normal" bases which identify malware {worm, virus, trojan, ect.}; the "extended+x" bases flag extra stuff which may or may not be malicious. So if you are unsure, just keep that file, it isn't a serious threat. KAV is just flagging it as a suspicious file or possible security risk, in the extra bases you have loaded. And you are right the "x" bases detect porn-related stuff as well. ;)
     
  5. ninja_style

    ninja_style Registered Member

    Joined:
    Oct 12, 2004
    Posts:
    41
    thanks for your help, but how do i disable the extra bases, i would like to use the extended only, in the old version, you could choose if you wanted normal, extended, or extra bases, but in this one you have a different option it looks like this: http://img150.exs.cx/img150/7317/untitled2mp.jpg but i don't know which one to uncheck, i would only like to use the extended only, not the extra or whatever it's called. i am assuming the extra must be the the third one, which has riskware: remote access tools, dialers, jokes...i am gonna go head and uncheck that for now, assuming it's the extra bases.
     
  6. Randy_Bell

    Randy_Bell Registered Member

    Joined:
    May 24, 2002
    Posts:
    3,004
    Location:
    Santa Clara, CA
    Not sure but I think what you have done is correct; I myself have older versions of KAV and have never used anything but the normal bases. ;)
     
Thread Status:
Not open for further replies.