• 所有社区 - 中文
    • 所有社区 - 中文
    • 论坛
    • 创意
    • 博客
高级

不是您要找的? 咨询专家!

此论坛帖文需要解决方案。
好评0

Sudden appearance of viruses in 4 year old files including backups

Hi,

This is somewhat perplexing; this morning I found the last scheduled full backup had failed with error code 0x81000037. A quick Google search revealed that particular  failure occurs when a virus not previously detected is detected within a file during the backup process. A full system scan was recommended to clear out any viruses before restarting the backup.

Quick scans are performed frequently and all downloaded files are scanned on download but it's been over a year since I ran a full system scan so it was certainly overdue. The full system scan took 14 hours (it also scanned all the backup sets in the backup drive - 11 of them) and it found 89 security risks of which 67 were resolved and 22 remain unresolved.

Specifically:

Resolved:

  • 19 Tracking Cookies - all deleted.
  • 5 Trojan.Gen.2 - (virus) - quarantined - in what I think were very old (15 to 20 years maybe) Macromedia flash .exe files, some zipped in archived folders.
  • 26 more of Trojan.Gen.2 - (virus) - quarantined -  files not disclosed, maybe because they are under another account.
  • 1 of Heur.AdvML.B  - (heurustic) - quarantined - in an old left over Adobe Flash player installation file
  • 11 more of Heur.AdvML.B  -  (heurustic) - quarantined - files not disclosed, maybe because they are under another account.
  • 3 of Heur.AdvML.C - (heuristic) - quarantined - in AutoHotKey installation zip files
  • 1 of w32.SillyFDC - (virus) quarantined - file not disclosed, maybe because it's under another account.
  • 1 of PUA.Driverdoc - (security risk) - removed - a deleted file that was still in the recycle bin
  • 1 of PUA.Maltrec!cg1 - (security risk) - removed - in the same recycle bin file as PUA.Driverdoc

Both PUA security risks were counted together as only one security risk in the tallies.

Unresolved (requiring attention):

    • 22 Heuristic viruses detected in compressed system backup files - 2 files in each of 11 backup sets.
      Presumably these remain unresolved as files cannot be removed individually from backup sets without corrupting the backup. These backup sets go back 4 & 1/2  years. I suspect these may all be in the AutoHotKey installation/bin files; 2 in each backup set since I first downloaded and installed AutoHotKey.
      Norton Anti Virus's solution is to have me agree to delete the 11 backup sets in their entirety. That's not what I'd call a desirable way to fix the problem.

    A full system scan has been performed many times over the past 4 and 1/2 years without these viruses being detected. They can't all be recent infections because two of them were detected in each of the backup sets going back over 4 years.

    My Questions are:

    • Has anyone else had this problem?
    • Are they really viruses or are they false detections?
    • Are the old Macromedia flash videos infected or are they coming up as false positives because of their age?
    • Is the old Adobe Flash installation file infected or is it again just it's age? Not that I will ever use it anyway.
    • Is AutoHotKey (AHK) being falsely flagged as infected by the heuristic screen? Why?
    • Is there any way of deleting the two infected files from the system backup sets without losing everything else? If not I really need to now if AutoHotKey has been false flagged as infected before I take such a drastic step.

    Thanks in advance for advice or insight anyone can give.

    G

    回复

    好评0

    Re: Sudden appearance of viruses in 4 year old files including backups

    It was getting late last night (early hours of this morning actually) so maybe I wasn't thinking at my best. Anyway, this morning I logged in as the Admin to have a better look around. I found:

    • Recently new Autohotkey installation files were downloaded by another user and these were the ones that were flagged by the antiviral as Heur.AdvML.C. The original install files (locked away in Admin only directory) were still present and still clean (passed by NIS scan anyway).
    • The infectecd files in the backup sets on the backup drive were not AHK files but were all iLivid setup exe files. These files were present in a copy of a hard drive from an old PC dumped into a folder on one of the hard drives of it's replacement PC for easy access should they ever be needed. From that, rarely accessed, location they were backed up during scheduled backups into each backup set where NIS flagged them as:

    Heuristic virus -- Risk: High (High Stealth, High Removal, High Performance, High Privacy)

    • Strangely though though NIS did not flag them in their original location on the working hard drive. 
      Norton File Insight on the working hard drive file reports: Slightly unstable, Many users, Mature, Unproven.
      I ran a full system scan on the file and it reported No Threats Found.
      I ran a full scan on the folder and it reported: No Threats Found.

    So, for whatever reason, NIS identifies the backup file as high risk in the compressed backup sets but clears the original as being slightly unstable but not a risk.

    To be safe I will now delete the files from the working hard drive but, since I can't delete a file within a backup set, I will just have to wait for all the backup sets on the backup drive to be recycled during future backups to clear it out - shouldn't take more than 5 years. LOL.

    I guess this solves the issue (Unless someone has a better solution?)

    Regards.

    G
    好评0

    Re: Sudden appearance of viruses in 4 year old files including backups

    Perhaps an administrator could now please change the title to:

    • Primary file cleared on working drive but backup copy flagged as High Risk on backup drive.

    Thanks.

    G
    好评0

    Re: Sudden appearance of viruses in 4 year old files including backups

    Hello GTF

    The default  for full system scans is once a month. You do need to scan more than once a year. If you are using an external back up drive, then you should unplug ii when not in use.. Some browsers don't allow Flash Player any more. If you do use it, then you should delete all the older flash player exe files. Flash Player files can easily get infected.

    You should keep your files up to date. Are you up to date with your Windows Updates? You should keep your programs up to date. Any od files that you are in doubt about, you can send to Virus Total    www.virustotal.com 

    Have a Nice Night.

    Thanks.

    Success always occurs in private and failure in full view. Windows 7 Pro 64 bit NSBU 22.17.0.183 Core Firmware 282 I E 11 Chrome latest version.
    好评0

    Re: Sudden appearance of viruses in 4 year old files including backups

    Hello floplot,

    Thanks for replying.

    Until the past year I've done full system scans approx every 4 months. I will increase the frequency now.

    The first level of backups is to an internal drive but access to that drive is restricted. Periodically it is copied to a network drive.which is also restricted.

    I don't use flash anymore, but I did want to keep the Macromedia files, though I have no way to play them now, so rarther pointless keeping them.

    I still don't understand why the 11 backup copies of the two files were flagged as high risk while the originals were no risk - something isn't right there.

    G

    This thread is closed from further comment. Please visit the forum to start a new thread.