The auto scan is bringing up this threat: Prevx Scan Log - Version v3.0.1.65 Log Generated: 3/8/2009 11:34, Type: 1,8192 Windows XP Professional Service Pack 3 (Build 2600) 32bit|1033 Some non-malicious files are not included in this log. Heuristics Settings: Age: 1, Pop: 1, Heu: 2 (Dir: 1) Last Scan: Mon 2009-08-03 11:29:52 GMT Daylight Time. Number of Scans: 275. Last Scan Duration: 4 minutes 13 seconds. [BN] (ACTIVE) c:\windows\system32\winkrnme.dll [PX5: 7EC37D8E0022E906400C002FC87D3100A71E437F] Malware Group: Medium Risk Malware I can see WINKRMME.DLL in w\s32 (in caps) with a created date of 16.07.2005 - so scanned many times? I right clicked w\s32 and scanned from the context menu and it comes up clean: Prevx Scan Log - Version v3.0.1.65 Log Generated: 3/8/2009 11:42, Type: 1,8192 Windows XP Professional Service Pack 3 (Build 2600) 32bit|1033 Some non-malicious files are not included in this log. Heuristics Settings: Age: 1, Pop: 1, Heu: 2 (Dir: 1) Last Scan: Mon 2009-08-03 11:40:56 GMT Daylight Time. Number of Scans: 277. Last Scan Duration: 2 minutes 9 seconds. (ACTIVE) c:\program files\common files\pure networks shared\platform\avmanagerunified.dll [PX5: F988645A001940F86CFB54E2B39DC700FB9391A8] [UN] (ACTIVE) c:\windows\system32\winkrnme.dll [PX5: 7EC37D8E0022E906400C002FC87D3100A71E437F] Can you advise me on this apparent contradiction?
Hello, I think you may have caught a file in between when it was changing its status. We've corrected winkrnme.dll as it was a false positive so both scans should now come up clean. Let me know if you find anything else
Many thanks for your help. I have now run a scan from the Prevx dashboard and it finds no bad files. I'm guessing that this is the same procedure as the auto scan that the program runs. However, as to the reason, I don't think it was because of a status change: this also happened a few days ago. I did some searching but wound up unsure because it looked like an old file that I thought must have been scanned many times and I wondered if the file name in upper and lower case was significant - I was going to post then but I got sidetracked and was not convinced about deleting.
The file looks like a new version of an old file which has only been seen on a couple computers worldwide, possibly from the installation of an old program which dragged that DLL along. Upper/lowercase isn't significant on Windows but feel free to ask any questions!
