-=PCTechTalk=- Re: Strange error report and resident shield findings

  • From: "Sandi Beach" <sandib2@xxxxxxxxx>
  • To: <pctechtalk@xxxxxxxxxxxxx>
  • Date: Sun, 23 Aug 2009 19:27:06 -0500

The last infection I put in the vault showed to be in System Volume 
Information so I am ignoring it.
You will note from subsequent posts that I am continuing to have some 
strange behaviors such as the black screen, recalcitrant mouse, and alerts 
from Win Patrol.
Sandi
----- Original Message ----- 
From: "Gman" <gman.pctt@xxxxxxxxx>
To: <pctechtalk@xxxxxxxxxxxxx>
Sent: Sunday, August 23, 2009 4:53 PM
Subject: -=PCTechTalk=- Re: Strange error report and resident shield 
findings


> Sandi,
>    The folder called WERfaf6.dir00 is just one that Windows puts there to
> hold its reports following a crash.  They can be deleted unless you plan 
> to
> use them to try and track down the actual problem.  I should probably
> mention that using them is a nightmare unless you have specialized (very
> expensive) software designed for that task.
>
>    It sure sounds like a false positive to me (i.e. your AV is flagging
> files that Windows created as part of a crash report), but that's easy to
> say given that it's not a system sitting right in front of me.  It could 
> be
> that the system crashed at the same time that the original false positive
> files (from Weather Pulse?) were loaded into memory.  The report includes 
> a
> dump of your memory contents, so it likely triggered a second false 
> positive
> based on that duplicated code in the report itself.
>
>    I suspect you won't have any more problems with it since you updated
> Weather Pulse and quarantined the report files.  Those two actions should
> have removed the false positive from most locations on your system.  The
> only one left would be in your System Restore files.  If you cone up with
> any more alerts, check to see where the file is located before you panic.
> If it's in the "System Volume Information" folder (as I suspect it will 
> be),
> ignore it.  The alternative would be to turn off System Restore, reboot 
> and
> then turn it back on to clear out all of your restore points.  That just
> seems like overkill to me in this situation.
>
> Peace,
> Gman
>
> http://www.thevenusproject.com/index.php
>
> "The entire future of humankind is yet to be written"
>

---------------------------------------------------------------
Please remember to trim your replies (including this sentence and everything 
below it) and adjust the subject line as necessary.

To subscribe, unsubscribe or modify your email settings:
//www.freelists.org/webpage/pctechtalk
OR
To subscribe to the mailing list, send an email to 
pctechtalk-request@xxxxxxxxxxxxx with "subscribe" in the Subject. To 
unsubscribe send email to pctechtalk-request@xxxxxxxxxxxxx with "unsubscribe" 
in the Subject.

To access our Archives:
http://groups.yahoo.com/group/PCTechTalk/messages/
//www.freelists.org/archives/pctechtalk/

To contact only the PCTT Mod Squad, write to:
pctechtalk-moderators@xxxxxxxxxxxxx

To join our separate PCTableTalk off-topic group, send a blank email to:
pctabletalk+subscribe@xxxxxxxxxxxxxxxx
---------------------------------------------------------------

Other related posts: