Infected with Antivirus System PRO with SS running


  • We have Steady State running on a laptop that is used on a daily basis to look at malicious material on the internet.

    When we downloaded one file and ran it, it installed the Antivirus System PRO program/virus/malware (whatever you want to call it).  No big deal, we'll just reboot.

    The system has been corrupted by it and it got around the Steady State program even logging in as administrator it's installed.  It should have been destroyed when turning off the PC.

    How can this be?
    Friday, October 30, 2009 4:45 PM


  • Hi cornick, if you have Windows Disk Protection enabled, then all changes made to the boot volume (that is, the volume that contains the Windows directory--typically C ) will be discarded when the system boots.  WDP will not discard changes made to other volumes (other partitions on the same disk or separate disks).  A virus could also hide in the boot sector or MBR of the hard disk as those areas are not part of the boot volume.  The virus would have to have admistrator access in order to write to the boot sector or MBR, however.

    We still suggest our users to install security software to protect the computer from virus/trojan/malware as Windows Disk Protection cannot replace a antivirus program. Thank you for your understanding.
    Sean Zhu - MSFT
    Monday, November 2, 2009 6:56 AM