Hi...

I have a problem with PCtools AV 5.0.0.16 giving a false-positive for an Auto Hotkey script I have running on my system. Basically, the script is a "view hidden files" toggle for Windows Explorer (XP Home SP3) which runs at bootup and remains memory resident.

The executable and related Startup Folder shortcut are in my "Scan Exclusions" list. The exclusion works just fine for any file/folder scan. However, a full scan detects it running in memory as a threat (Worm.AutoRun.BY), kills the process, and then moves to quarantine the very same executable that exists in the "Scan Exclusions" list. It appears that the memory scan does not check this list before taking action.

As a side note, this was also occurring in PCtools 4.x.x.x versions.

Is there any solution for this?

e.ghost

Hi e.ghost,

We will need to view the scan logs so we can proceed investigating this problem. To send us the scan logs, please follow the steps below.

1. Launch "PC Tools AntiVirus"
2. Click on "Settings"
3. Click on "Log Settings"
4. Select "Current Log"
5. Click on "View Log"

Your Browser should then launch and show you the log. On your browser, do the following to save the log.

6. Click on File
7. Click on Save As
8. On the new window, type in "Scan Logs" under file name and save the file to your desktop.

You then attach the "Scan Logs" file by zipping it up and attaching to this thread or you can send this to me via email.

Hi Anthony...

I've attached ToggleHiddenFiles.zip for your analysis. It is password protected, and I will send you the password via Private Message.

The ZIP file includes the scan log for the specific folder where the executable is stored on my computer (no detection) and the scan log for last night's full scan (detected in memory). I have also included the executable, as well as the Auto Hotkey script from which it was created.

Thanks...

e.ghost