Do I Have Virus's Or Not?

I have been a Norton anti virus user for years and whenever I did a scan if anything was found it was put into quarantine.

Just recently I switched to Bit Defender because Norton was causing problems with other programs. Bit Defender found 54 infected files but they are all in System Volume Information, and Recycler folders. I have several drives that I use for storage, my OS is on my C drive. On each storage drive I have copied files from one drive to the other over the years and each drive has a System Volume Information and Recycler folder, I can't delete these folders that are in my storage drives even if I unchecked "hide system operating files"

I really done want to do a restore, I am just wondering if I have the virus's or are they just old virus's that were deleted but are still in the System Volume Information and Recycler folders ?

I have done searches for the virus name and nothing is found, only when I run a virus scan are they found.

I would appreciate someone who is educated in computer protection to answer my questions

Thank you in advance

--------------------------------------------------------------------------------

Find more posts tagged with

Comments

alexcrist

Hello Eric,

If the reported files are detected as password infected items, then read this topic: http://forum.bitdefender.com/index.php?showtopic=3584

Other wise, read this (about cleaning System Volume Information): http://forum.bitdefender.com/index.php?showtopic=3575

If none of the above solves it, please post some details about the infection, like the exact path of the infected items.

Cris.

pcbugfixer

G’Day “Eric houston”

What you are getting is what we commonly refer to as a “false positive” i.e. because a scanner cannot complete it’s task correctly (bug in the program or other codes) then to be on the safe side, it reports it as a possible infection that you should investigate to ensure that it is a false positive and not an actual infection.

I have the same issues with the BD scan. More to the point it, the BD scan, also reports any program codes it does not recognise as being possibly infected.

BD is not the only program of it’s type that behaves in this manner. i.e. will as a consequence of not recognising a code, report it as a infection when it is not, hence the term “False positive”

To ensure that your system is not infected, you can run free Online Security and Virus and other specific scanners on your system to double check and test your PC system.

Just about every know Publisher in this protective business has a free scanner that you can use online. Just remember that they take time to perform and sometimes may take several hours depending on the size and number of files on your system.

Hence most of us use additional protection such as AdAware 2007, SpyBot Search and Destroy v1.5.2 and the like, to double check that the other is doing its job correctly. The reason for this is “There is no Program that affords you 100% protection, read the fine print on any one of them.

Put the BD report of these password protections down as being a false positive, also note that the majority of the scanned files, “have no password protection on them” To me it is a “Bug” in their program function Which I believe is being looked at and attempts are being made to solve the issue.

pcbugfixer

alexcrist

What you are getting is what we commonly refer to as a "false positive" i.e. because a scanner cannot complete it's task correctly (bug in the program or other codes) then to be on the safe side, it reports it as a possible infection that you should investigate to ensure that it is a false positive and not an actual infection.

This might be true, and the repored items might be false positives.

But you have no way of knowing this for sure, until you send some samples for analysis.

To submit files, put them in a ZIP archive, protected with the password infected, and attach it to a new thread, in the Malware section. Please don't attach infected samples on other forum sections, because someone else might download them and they might get infected. After you attach the samples, a Virus Analyst will take a look at them and tell you the verdict.

Also, because the files are stored in Reclycle Bin and System Volume Information, they can be treated as "useless" and, if you just don't want to complicate things and search for the files (to send us some samples), you can just delete all of them.

In case of System Volume Information: after you delete those files, Windows will create new System Restore points, as needed.

I have the same issues with the BD scan. More to the point it, the BD scan, also reports any program codes it does not recognise as being possibly infected.

BD is not the only program of it's type that behaves in this manner. i.e. will as a consequence of not recognising a code, report it as a infection when it is not, hence the term "False positive"

Actually... no.

False Positives are generated by BitDefender's Heuristics engine, B-HAVE.

B-HAVE (Behavioral Heuristic Analyzer in Virtual Environments), as it's name states, uses a virtual environment to analyze what a file does. If that file takes suspicious actions against the system, or other files, it is reported as Suspected and blocked.

BitDefender does not block code that it doesn't recognize. When it comes to code, there's nothing to know about it. A code cannot be "read" (as a book), it can only be "interpreted".

When that code is wrongly interpreted, and it is considered a threat (when in reality, it is clean), then that is called a False Positive.

On the opposite direction, when that code is wrongly interpreted and it's considered clean (when, in reality, it's not), then that is called a False negative.

Both these cases have to be analyzed by Virus Analysts to determine the exact situation of the file(s).

To ensure that your system is not infected, you can run free Online Security and Virus and other specific scanners on your system to double check and test your PC system.

Correct.

Also, if you have suspicions about just a few files (1, 2, 3... files), you can use a service like VirusTotal to scan the files. These services scan, in realtime, the submitted files with 30+ AV products, so you have a bigger chance to see if it's a threat or not.

Put the BD report of these password protections down as being a false positive, also note that the majority of the scanned files, "have no password protection on them" To me it is a "Bug" in their program function Which I believe is being looked at and attempts are being made to solve the issue.

The report of password protected items is not a false positive. It was introduced as a method of detection for some malware that spreads through e-mail, in password-protected archives attached to the e-mail.

Being password-protected, the AV scanner cannot scan the files inside. But the user could unpack the files, because the password is written in the e-mail.

As far as I know, the situation has been fixed, and th update is pending release. The next update which includes the file uiscan.exe should fix these reports.

Cris.