prevx1 problem

Discussion in 'other anti-malware software' started by archie123, Oct 1, 2006.

Thread Status:
Not open for further replies.
  1. archie123

    archie123 Registered Member

    Joined:
    Aug 14, 2006
    Posts:
    17
    Hello :D

    After a scan using prevx1 it came up with a few finds , well 4 to be exact.

    However three of them turned out to belong to a program i use alot called Driver Cleaner Pro (removes reg entries left behind after uninstalling GPU drivers)

    Because of this im unsure whether the other thing its found is safe to delete or put in the jail............

    its called A0004435.exe and is in C\system volume information\_restore

    and here is a link to what Prevx1 says about it...

    http://info.prevx.com/pxparall.asp?PX5=a4f5869100895655544218051a94c90042d5dc8e&psection=desc

    do i delete it? Jail it? or put it back o_O

    Please help im confused :doubt:
     
  2. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    if youre unsure, just keep it in jail. it wont be able to do any harm if it malicious.

    just by searching google tho, it seems that file is bad and should be deleted.
     
  3. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    That's a system restore point. There are a number of things you can do, for example:
    • Put it back in. While it is in the restore archive, the infected file is effectively quarantined and not functional. If you need the restore point at some later time, you can deal with the file directly at that time.
    • If you machine is known completely stable, you can reset your restore points. This will erase that and all other restore points. Whether or not this is a good thing depends on the state of your machine and only you can answer that. To accomplish this, go to Start>Control Panel>System, under the System Restore tab, check the box to Turn of System Restore and press OK. You'll get a warning message, press OK here as well. This step will erase all restore points. When that's done, simply reenable system restore by undoing what you just did. This will create restore points moving forward.
    • Let Prevx deal with the file. Since it deletes the file, this will simply render restore useful from the point after the one you just deleted moving forward. Pragmatically, this is generally not a major issue.
    Blue
     
  4. archie123

    archie123 Registered Member

    Joined:
    Aug 14, 2006
    Posts:
    17
    Thank you , ive never needed system restore so im gonna take a chance , re set it and let prevx deal with the file

    Cheers :D
     
  5. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Possible bug or it is just me.

    I do this :
    1. I open Prevx1
    2. I click on Preferences
    3. I mark "Enable" under "Event Notification"
    4. I select "Enable" to block "Caution" programs under "Caution Programs"
    5. I click "Apply"-button.
    6. I close Prevx1.
    This is normal.

    Then I reboot :
    1. I open Prevx1
    2. I click on Preferences.
    3. "Enable" is still marked under "Event Notification"
    4. Block "Caution" Program under "Caution Programs" is set back to "Query" (default value) instead of "Enabled" (my choice)
    That is NOT normal and this is very easy to test for EVERY Prevx1-user.
    Am I the only one with this problem or is it a community problem ? ;)
     
    Last edited: Oct 2, 2006
  6. Antarctica

    Antarctica Registered Member

    Joined:
    Feb 25, 2003
    Posts:
    1,617
    Location:
    Canada

    Erik,

    I cannot confirm this on my system. It does remain "Enabled" after a restart of Prevx1.:)
     
  7. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Did you REBOOT before that ?
     
  8. Antarctica

    Antarctica Registered Member

    Joined:
    Feb 25, 2003
    Posts:
    1,617
    Location:
    Canada
    Yes I did.

    And I tried it a second time just now and it does remain "Enabled".:p
     
  9. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Thank you very much, than it is MY problem. I will take care of it.
     
  10. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    My problem is fixed and I'm glad, because the Community doesn't like abnormal Prevx1-users. ;)
     
  11. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    If you even suspect a false positive, bring up the web info (double click the file in the Holding Cell/Jail) and click the "Disagree?" link. That will send a support message and we'll help you from there. If you need to put it back, put it in either the Holding Cell or Probation.
     
  12. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    The problem had nothing to do with Prevx1, I only wanted to know if it was only me or not. If it was a bug, I would have contact the support.
     
  13. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    The OP should probably still contact support :)
     
  14. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    The reason why I was in trouble was due to the fact, that I installed Prevx1 in a frozen snapshot and I had to anchor Prevx1 to allow its changes in a frozen snapshot. After the anchoring the problem was fixed.
    I don't like to anchor in a frozen snapshot, because the more I anchor, the more vulnerable my frozen snapshot becomes. If a malware targets Prevx1, it has now a chance to do it in my frozen snapshot due to this anchoring.

    I only need Prevx1 to stop the execution of malware and I hope it does. If Prevx1 does more than that, that is OK with me too.
     
Thread Status:
Not open for further replies.