? re. a scan result.

[Chris 2]

I got the following results from my most recent scan
(Sorry, I have to put in a URL to be copied and pasted.
If there is a way of putting in an image I don't know
what it is)

http://img257.echo.cx/img257/1699/msa2348fi.gif

1. Why is the recommendation to ignore, if this is
considered high risk? Quaranteen isn't an option when I
click down arrow beside 'ignore'.
2. Is there any way of knowing from what's here what
exactly the discovered threat is?
3. Would the way to handle this be to delete all restore
points?

 

[D@annyBoy {4XX961}]

IMO, you can ignore it.
BTW are you running system restore?

Chris 2 wrote in news:[email protected]

 

[Chris 2]

Thanks for replying, but.....
WHY do you think it can be ignored when it's classed as
High threat level? And do you have any thoughts on what
MSA has found - i.e. what you're suggesting can be
ignored?
No I'm not doing system restore. Just wondered if
whatever has been found is located in one of the restore
files.

 

[D@annyBoy {4XX961}]

I have been thinking for a long time on how to respond to your
message......................

You are either a newbie or a geek trying to irritate me
(read as responding in a nice manner or be nasty, while waiting for the others
to comment on my/your posting)

see here

http://www.jrsoftware.org/isinfo.php



Chris 2 wrote in news:[email protected]

 

[Andre Da Costa]

Ignored is the default setting. Click the down arrow and choose what you
want to do.

 

[Ron Chamberlin]

Chris,
This may be related to the 'oops' in a recent round of definitions from
MWAS.
Update your defs and run another scan and report back OK?

Ron Chamberlin
MS-MVP

 

[Andre Da Costa]

5709 to 5711 Ron?

 

[Bill Sanderson]

Chris--you may safely ignore this result.

Here's why:

Going by the MD5 hash in that result, I can say for certain that this is a
false positive. This false positive has been fixed in the 5711 definitions,
so one way to prove this to yourself is to update to 5711 and re-scan.

Check the signatures group for lots more information about this--the
developer who wrote the installer which uses that file has confirmed that
his file as distributed has that MD5 hash, and is spyware-free.

Additionally, as you're aware, the system restore restore points aren't a
problem unless you do use them to restore. It is possible go remove all but
the latest restore point, or all of them, but in this case, you needn't do
either.

If you do update to 5711 and re-scan and STILL see this issue, write
back--there are a number of folks having trouble with this definition
update.

On my own system, I saw this issue with 5709 definitions, updated to 5711,
and it was gone--so I know that it should be gone with 5711.

 

[Chris 2]

You're right. Have had 2 clean scans since the false
positive. Thanks for the info.

 

[Guest]

Thank you very much Bill for the explanation. I'm glad
I did check back here, you've restored my hope that it
may in fact be possible to get useful information here!
Have done a couple more scans with clean results. I
thought my defs. were up to date previously, but possibly
not. Thanks again. Chris

 

[Bill Sanderson]

There's a fair amount of noise in these groups, I'm afraid--but this one is
well covered--mainly in the .signatures group, though.