Perhaps a bit late for this problem today - but hopefully will provide for future reference. Keep in mind although this is referring to NAV - the Symantec Security Virus Scan referenced is
free and will work as a second opinion to tell you if it was a false trigger or not.
Situation:
You have Norton AntiVirus (NAV) installed. When you scan the computer, NAV does not detect anything. However, when you run a virus scan from the Symantec Security Check Web site
http://security.symantec.com/ssc/vc_about.asp?langid=ie&venid=sym&plfid=23&pkj=MMQNOOTGUSDJNRNJWDJ, a virus is detected in one of the following folders:
For Windows Me:
C:\_RESTORE
For Windows XP:
System Volume Information
Solution:
One of the new features of Windows Me and Windows XP is System Restore. This feature, which is enabled by default, is used by Windows to restore files on your computer in case they become damaged. Windows Me keeps the restore information in the _RESTORE folder. Windows XP stores this information in the System Volume Information folder. These folders are updated when the computer restarts.
If the computer was previously infected with a virus, then it is possible that the virus was backed up in the _RESTORE or System Volume Information folder. Files in the System Restore folder cannot infect the computer unless the computer is restored to an infected restore date. Because of this, NAV excludes the _RESTORE and System Volume Information folders from scanning by default.
NOTE: Even though the System Restore folders are excluded, your computer is still protected by Auto-Protect if for some reason the infected files are ever restored. If that should happen, Auto-Protect will automatically detect and repair the infected files.
The Symantec Security Check Web site virus scan does not exclude the System Restore folders. Because of this, the scan will detect any viruses in those folders. If that happens, then follow these steps to make sure that NAV is optimally configured and then scan again with NAV to make sure that no other files except files in the System Restore folder are infected.
1. Start NAV.
2. Run LiveUpdate and download the latest virus definitions.
3. Follow the steps in the document How to configure Norton AntiVirus to scan all files to make sure that the program is configured to scan all the files.
4. Run a full system scan.
If NAV does not detect anything, then you have the following options:
- Leave the computer as it is. The infected file or files will not infect the computer unless you restore the system to the date that includes the infected file or files. Even if you do restore the computer to the date that includes the infected file or files, then NAV Auto-Protect will detect and repair them during the restore process.
- Follow the steps in the document Cannot repair, quarantine, or delete a virus found in the _RESTORE or System volume information folder to disable System Restore, and restart the computer. This will purge the contents of the _RESTORE or System Volume Information folder.
NOTE: All Restore points will be lost when you disable System Restore.