[time 25/04/2007 15:08:22: ID 14: machine xxxxx.xxxxx: response 25/04/2007 15:09:13] The BAT/IRCFlood was detected in C:\SYSTEM VOLUME INF...\CHANGE.LOG.2. Machine: XXXXX, User: NT AUTHORITY\SYSTEM. File Status: Cure failed, file renamed.
This is just a log file that's part of the Windows XP system restore feature - the files are held in C:\System Volume Information in a folder to which users don't usually have access.
I'm pretty convinced this isn't a virus - it's just a log file - and I even ran it through VirusTotal which found nothing at all. I've contacted CA about it to see what they think.. we'll see.
In the meantime, if the antivirus alert is bugging you, you can delete the log file from your System Volume Information folder at your own risk. You will need to change permissions on the folder to do this (see this MS Technet article) and then drill down and delete the individual file in question. Like I said.. do this at your own risk!
No comments:
Post a Comment