mbr rootkit....is this an FP?

Discussion in 'other anti-virus software' started by thathagat, Apr 19, 2009.

Thread Status:
Not open for further replies.
  1. thathagat

    thathagat Guest

    well.............i hv prevx free.......with avira security v9 no problem..prevx scan always came clean......then i removed avira and installed my licensed Dr web and outpost pro....10 min later prevx warns..............mbr rootkit....dr.web express scan comes clean...........i rollback with rollback8.1 to the image that is taken on every first boot of the day.........it has avira.....prevx scan....is clean after rollback.........so
    1.was this alarm a fp?
    2.if not what were Dr web and outpost doing?
    3.after rollback i still hv that image where infection was detected should i delete it? thanks..
    two screen shots first with dr web and outpost prevx says infected........and second after rollback the scan is clean...
     

    Attached Files:

  2. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Hello,
    I suspect that one of the security products modifies your MBR during uninstallation. If you experience the issue again, please let me know and I'll see exactly what is causing it.
     
  3. Joeythedude

    Joeythedude Registered Member

    Joined:
    Apr 19, 2007
    Posts:
    519
    rollback modifies the mbr , afaik
     
  4. thathagat

    thathagat Guest

    thanks for your reply...........btw i again rollbacked to the image where prevx warned of mbr..........removed prevx and again installed it ..........this time the scan came clean..............so it has to be a FP and something to do with the real time scanning of prevx............pls take a look at this issue for such warnings are a bit too much for my tender heart:doubt:
     

    Attached Files:

Thread Status:
Not open for further replies.