BleepingComputer.com: Logs for Windows Defender Virus

Well that was a DIFFERENT computer, but this one seems pretty hopeless, too at this point. Thanks for trying . . . .

I just posted another reply but think I lost it trying to figure out how to attach my file. After your last reply I just shut down the laptop then rebooted it for the heck of it. It came up FINE - well except for the InitFakeav file that keeps popping up in Symantec. The file is located in c:\users\minotti. If I look there, there are no files by that name but there is an O file with two dots over it. Anyway, if you have a clue what is recreating this file that Symantec keeps "partially" fixing, and how I can remove it, please let me know. I tried attaching an export of the Symantec Risk History so you could see, but I was not permitted.

Dinx

If you did not create that folder and these is nothing good in it delete it. c:\users\minotti <- minotti folder only.

This c:\minotti folder appears to have been set up during creation of my user account. At the minotti folder level, there are two other folders - Default and Public. The minotti folder has subfolders for Documents, Contacts, etc. The file named O with two dots over it, is at this level. I tried to delete and first got a message about the recycle bin (I had to download and run MS Fix IT to get the Recycle Bin back on my desktop because it had apparently disappeared at some point.) So now when I try to delete, a popup asks for permission and if I give it, it grinds on a bit then asks for permission again. This cycle went on for a while until I gave up and cancelled. I went into properties for that file and it said I could not look at certain things as I was not the owner, and in the owner field it said the owner name was not available. I tried to change ownership to minotti and that appears to "take", but when I go back into properties again it again says I am not the owner. The entire time this was going on, Symantec was busy finding and doing a partial fix on InitFakeav - when I shut down there were probably a list of 15 entries in the Auto-Protect window, with each entry showing a File Count of 3. I'm wondering if this "O" file is some kind of container where Symantec is putting the Initfakeav files??

Quote

I do not think so. Norton would not use one of your profile to store or quarantine files.
==

Quote

Can you use that User profile to get to that folder/files and delele the O file?

What we are dealing with is a false positive from Symantec but will not go away until this corrupted file is deleted.

One more thing you can try to delete the bad file is boot to save mode and try to delete if from there.

I did try deleting the file as user minotti but it would not let me. However, I WAS able to delete it when I booted up in safe mode. I also emptied the recycle bin. When I rebooted, I checked to see if another had appeared but there is nothing there. I am going to run a full scan to see if Symantec finds anything now . . .

It has been several days and I see no evidence of a virus. The only weird thing is that most of my disk space is "used" yet I can't account for it. I will look into what I can do to resolve that. I think I am virus free on this computer - thanks very much for all of your help!

Dinx

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.