FlashDisinfector is not
malware. However, certain embedded files that are part of legitimate programs or specialized fix tools such as FlashDisinfector may at times be detected by some anti-virus and anti-malware scanners as a "Risk Tool
", "Hacking Tool
", "Potentially Unwanted Program
", or even "Malware
" (virus/trojan) when that is not the case
. This occurs for a variety of reasons to include the tool's compiler, the files it uses, registry fixes and malware strings it contains.
Such programs have legitimate uses in contexts where a Malware Removal Expert asked you to use the tool or when an authorized user/administrator has knowingly installed it. When flagged by an anti-virus or security scanner, it's because the program includes features, behavior or files that appear suspicious or it can potentially be used for malicious purposes. These detections do not necessarily mean the file is malware or a bad program. It means it has the potential
for being misused by others or that it was simply detected as suspicious due to the security program's Heuristic analysis
engine which provides the ability to detect possible new variants of malware. Anti-virus scanners cannot distinguish
between "good" and "malicious" use of such programs, therefore they may alert you or even automatically remove them. In these cases the detection
is a "False Positive
". Either have your anti-virus ignore the detection or temporarily disable it until you run the tool.
Alternatively, you can download and use Panda USB Vaccine
. Computer Vaccination will prevent any AutoRun file from running, regardless of whether the removable device is infected or not. USB Vaccination disables the autorun file so it cannot be read, modified or replaced by malicious code. The Panda Resarch Blog
advises that once USB drives have been vaccinated, they cannot be reversed except with a format
. If you do this, be sure to back up your data files first or they will be lost during the formatting process.
Try a difffferent rootkit tool.
Please download Sophos Anti-rootkit
& save it to your desktop.alternate download linkNote: If using the vendor's download site you will be asked to register with MySophos so an email containing an activation link can be sent to your email address.Be sure to print out and read the Sophos Anti-Rookit User Manual and Release Notes
- Double-click sar_15_sfx.exe to begin the installation, read the license agreement and click Accept.
- Allow the default location of C:\Program Files\Sophos\Sophos Anti-Rootkit and click Install.
- A message will appear "Sophos Anti-Rootkit was successfully installed. Click 'yes' to start it now".
- Click Yes and allow the driver and its randomly named .tmp file (i.e. F.tmp) to load if asked.
- If the scan did not start automatically, make sure the following are checked:
- Running processes
- Windows Registry
- Local Hard Drives
- Click Start scan.
- Sophos Anti-Rootkit will scan the selected areas and display any suspicious files in the upper panel.
- When the scan is complete, a pop-up screen will appear with "Rootkit Scan Results". Click OK to continue.
- Click on the suspicious file to display more information about it in the lower panel which also includes whether the item is recommended for removal.
- Files tagged as Removable: No are not marked for removal and cannot be removed.
- Files tagged as Removable: Yes (clean up recommended) are marked for removal by default.
- Files tagged as Removable: Yes (but clean up not recommended) are not marked for removal because Sophos did not recognize them. These files will require further investigation.
- Select only items recommended for removal, then click "Clean up checked items". You will be asked to confirm, click Yes.
- A pop up window will appear advising the cleanup will finish when you restart your computer. Click Restart Now.
- After reboot, a dialog box displays the files you selected for removal and the action taken.
- Click Empty list and then click Continue to re-scan your computer a second time to ensure everything was cleaned.
- When done, go to Start > Run and type or copy/paste: %temp%\sarscan.log
- This should open the log from the rootkit scan. Please post this log in your next reply. If you have a problem, you can find sarscan.log in C:\Documents and Settings\\Local Settings\Temp\.
Before performing an ARK scan it is recommended to do the following to ensure more accurate results and avoid common issues that may cause false detections.
- Disconnect from the Internet or physically unplug you Internet cable connection.
- Clean out your temporary files.
- Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
- Temporarily disable your anti-virus and real-time anti-spyware protection.
- After starting the scan, do not use the computer until the scan has completed.
- When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.