Windows Defender Warning

July 16, 2007

Hi,

I am running Win XP Pro SP2. In the Event Viewer, in the System log, I

realized that I get 2 warnings every time the computer is started.

Here are the logs:

--------------------------------------------------------------------------------------------------------

1) Type: Warning

Source: WinDefend

Category: None

Event: 3004

Description:

Windows Defender Real-Time Protection agent has detected changes.

Microsoft recommends you analyze the software that made these changes

for potential risks. You can use information about how these programs

operate to choose whether to allow them to run or remove them from

your computer. Allow changes only if you trust the program or the

software publisher. Windows Defender can't undo changes that you

allow.

For more information please see the following:

http://go.microsoft.com/fwlink/?linkid=74409

Scan ID: {3A1A5AD3-EB3A-4A89-8F2A-B6DBC46EC7A4}

User: Computer\User

Name: Unknown

ID:

Severity: Not Yet Classified

Category: Not Yet Classified

Path Found: driver:FLASHSYS

Alert Type: Unclassified software

Detection Type:

For more information, see Help and Support Center at

http://go.microsoft.com/fwlink/events.asp.

2)Type: Warning

Source: WinDefend

Category: None

Event: 3004

Description:

Windows Defender Real-Time Protection agent has detected changes.

Microsoft recommends you analyze the software that made these changes

for potential risks. You can use information about how these programs

operate to choose whether to allow them to run or remove them from

your computer. Allow changes only if you trust the program or the

software publisher. Windows Defender can't undo changes that you

allow.

For more information please see the following:

http://go.microsoft.com/fwlink/?linkid=74409

Scan ID: {3A1A5AD3-EB3A-4A89-8F2A-B6DBC46EC7A4}

User: Computer\User

Name: Unknown

ID:

Severity: Not Yet Classified

Category: Not Yet Classified

Path Found: service:FLASHSYS

Alert Type: Unclassified software

Detection Type:

For more information, see Help and Support Center at

http://go.microsoft.com/fwlink/events.asp.

------------------------------------------------------------------------------

I did a quick search for the file Flashsys.sys and found it under C:

\WINDOWS\system32\drivers\. To be safe, I did a custom scan of the

drivers folder with Windows Defender. It didn't come up with anything.

My system is running fine and smooth, I I'm not worrying too much

about this, but why do those 2 warnings appear everytime I start the

computer?

Thanx in advance

July 16, 2007

Re: Windows Defender Warning

"happymac.support@gmail.com" wrote:

> I did a quick search for the file Flashsys.sys and found it under C:

> \WINDOWS\system32\drivers\.

Check the file properties in order to find out the associated software

and its origin.

--

d-d

July 16, 2007

Re: Windows Defender Warning

On Jul 16, 3:26 am, "Detlev Dreyer" <detdre...@flashmail.com> wrote:

> "happymac.supp...@gmail.com" wrote:

> > I did a quick search for the file Flashsys.sys and found it under C:

> > \WINDOWS\system32\drivers\.

>

> Check the file properties in order to find out the associated software

> and its origin.

>

> --

> d-d

It just says its a "system file" with unknown association.

July 16, 2007

Re: Windows Defender Warning

On Jul 16, 3:26 am, "Detlev Dreyer" <detdre...@flashmail.com> wrote:

> "happymac.supp...@gmail.com" wrote:

> > I did a quick search for the file Flashsys.sys and found it under C:

> > \WINDOWS\system32\drivers\.

>

> Check the file properties in order to find out the associated software

> and its origin.

>

> --

> d-d

The file in the drivers folder has unknown associations and is a

"system file" however, using google I searched for the file and came

up with two results. This was posted by an expert at a forum:

"FLASHSYS.sys used by dvd roms and cd roms"

Another posting on a Chinese page that I translated using Google

Translate says:

"FlashSys.sys on paper have been identified :

FlashSys.sys MSI Live Update FlashSys.sys is MSI Live Update

process-driven document."

I have MSI Live Update on My Computer. The Date of Creation on

Flashsys.sys says September 17, 2006, and I'm almost 100% sure that

was the date I installed MSI Live Update.

July 16, 2007

Re: Windows Defender Warning

"happymac.support@gmail.com" wrote:

>> Check the file properties in order to find out the associated software

>> and its origin.

>

> The file in the drivers folder has unknown associations and is a

> "system file" however, using google I searched for the file and came

> up with two results.

Nope. Why don't you right click that file > Properties > Version.

--

d-d

July 16, 2007

Re: Windows Defender Warning

On Jul 16, 11:30 am, "Detlev Dreyer" <detdre...@flashmail.com> wrote:

> "happymac.supp...@gmail.com" wrote:

> >> Check the file properties in order to find out the associated software

> >> and its origin.

>

> > The file in the drivers folder has unknown associations and is a

> > "system file" however, using google I searched for the file and came

> > up with two results.

>

> Nope. Why don't you right click that file > Properties > Version.

>

> --

> d-d

There is no file version listed for it. The only info given is:

- Type of file: System file

- Opens with: Unknown Application

- Location: C:\WINDOWS\system32\drivers\

- Size: 6.54KB

- Size on Disk: 8.00KB

- Created: Sunday, September 17, 2006, 12:16:50 PM

- Modified: Monday, May 02, 2005, 2:30:48 PM

- Accessed: Today, July 16, 2007, 12:26:31 PM

I'm pretty sure its from MSI Live Update, like it said on that site I

found. The reason that the file says that its being accessed everyday

is because MSI Live Update is one of my startup programs. MSI Live

Update is a program that came with my video card that updates the VGA

BIOS, Drivers, etc.

-

July 16, 2007

Re: Windows Defender Warning

On Jul 16, 12:35 pm, happymac.supp...@gmail.com wrote:

> On Jul 16, 11:30 am, "Detlev Dreyer" <detdre...@flashmail.com> wrote:

>

> > "happymac.supp...@gmail.com" wrote:

> > >> Check the file properties in order to find out the associated software

> > >> and its origin.

>

> > > The file in the drivers folder has unknown associations and is a

> > > "system file" however, using google I searched for the file and came

> > > up with two results.

>

> > Nope. Why don't you right click that file > Properties > Version.

>

> > --

> > d-d

>

> There is no file version listed for it. The only info given is:

>

> - Type of file: System file

> - Opens with: Unknown Application

> - Location: C:\WINDOWS\system32\drivers\

> - Size: 6.54KB

> - Size on Disk: 8.00KB

> - Created: Sunday, September 17, 2006, 12:16:50 PM

> - Modified: Monday, May 02, 2005, 2:30:48 PM

> - Accessed: Today, July 16, 2007, 12:26:31 PM

>

> I'm pretty sure its from MSI Live Update, like it said on that site I

> found. The reason that the file says that its being accessed everyday

> is because MSI Live Update is one of my startup programs. MSI Live

> Update is a program that came with my video card that updates the VGA

> BIOS, Drivers, etc.

>

> -

Also, here is more info to prove the "MSI Live Update" theory:

Go to this site: http://www.siteadvisor.com/sites/msi-computer.nl/downloads/3798488/]

Its a McAffee Site Advisor Report.

Scroll down and you'll see this:

MSI Live Update 3 (liveupdate.exe) made the following
modifications to the hard drive:

ADD c:\Documents and Settings\All Users\Desktop\MSI Live Monitor.lnk
ADD c:\Documents and Settings\All Users\Desktop\MSI Live Update 3.lnk
ADD c:\Documents and Settings\All Users\Start Menu\MSI Live Update
3.lnk
ADD c:\Documents and Settings\All Users\Start Menu\Programs\MSI\Live
Update 3\MSI Live Monitor.lnk
ADD c:\Documents and Settings\All Users\Start Menu\Programs\MSI\Live
Update 3\MSI Live Update 3.lnk
ADD c:\Documents and Settings\All Users\Start Menu\Programs\MSI\Live
Update 3\Uninstall MSI Live Update 3.lnk
ADD c:\Program Files\MSI\Live Update 3\APList.xml
ADD c:\Program Files\MSI\Live Update 3\BIOSList.xml
ADD c:\Program Files\MSI\Live Update 3\DrvCheck.dll
ADD c:\Program Files\MSI\Live Update 3\DrvList.xml
ADD c:\Program Files\MSI\Live Update 3\GeneGPIOLIB_C.dll
ADD c:\Program Files\MSI\Live Update 3\GeneGPIOLIB_C.lib
ADD c:\Program Files\MSI\Live Update 3\GLM7X.dll
ADD c:\Program Files\MSI\Live Update 3\IAList.xml
ADD c:\Program Files\MSI\Live Update 3\Icon3.ico
ADD c:\Program Files\MSI\Live Update 3\LMonitor.exe
ADD c:\Program Files\MSI\Live Update 3\MSI.htm
ADD c:\Program Files\MSI\Live Update 3\MSIDev.ocx
ADD c:\Program Files\MSI\Live Update 3\MSIDevRg.exe
ADD c:\Program Files\MSI\Live Update 3\MSIFlash.exe
ADD c:\Program Files\MSI\Live Update 3\MSII2C.dll
ADD c:\Program Files\MSI\Live Update 3\MSIWUPro.exe
ADD c:\Program Files\MSI\Live Update 3\NTGLM7X.SYS
ADD c:\Program Files\MSI\Live Update 3\nvapi9x.dll
ADD c:\Program Files\MSI\Live Update 3\nvgpio.dll
ADD c:\Program Files\MSI\Live Update 3\ocget.dll
ADD c:\Program Files\MSI\Live Update 3\Option.ini
ADD c:\Program Files\MSI\Live Update 3\OSDList.xml
ADD c:\Program Files\MSI\Live Update 3\Setupx32.exe
ADD c:\Program Files\MSI\Live Update 3\Uninst.isu
ADD c:\Program Files\MSI\Live Update 3\VBios.dll
ADD c:\Program Files\MSI\Live Update 3\VBWINSYS.exe
ADD c:\Program Files\MSI\Live Update 3\VgaFlash.exe
ADD c:\Program Files\MSI\Live Update 3\VGAList.xml
ADD c:\Program Files\MSI\Live Update 3\VGAOBList.xml
ADD c:\Program Files\MSI\Live Update 3\ATI\ATIFlash.exe
ADD c:\Program Files\MSI\Live Update 3\ATI\atiflrom.cfg
ADD c:\Program Files\MSI\Live Update 3\ATI\ATIFLROM.dll
ADD c:\Program Files\MSI\Live Update 3\ATI\ATIR6GAA.VXD
ADD c:\Program Files\MSI\Live Update 3\ATI\ATIXPGAA.SYS
ADD c:\Program Files\MSI\Live Update 3\ATI\psapi.dll
ADD c:\Program Files\MSI\Live Update 3\ATI\winflash.cfg
ADD c:\Program Files\MSI\Live Update 3\ATI\Winflashenu.dll
ADD c:\Program Files\MSI\Live Update 3\FlashUty\AMI\WinSFI.exe
ADD c:\Program Files\MSI\Live Update 3\FlashUty\AMI\AFUWIN\AFUWIN.EXE
ADD c:\Program Files\MSI\Live Update 3\FlashUty\AMI\AFUWIN
\UCORESYS.SYS
ADD c:\Program Files\MSI\Live Update 3\FlashUty\AMI\AFUWIN
\UCOREVXD.VXD
ADD c:\Program Files\MSI\Live Update 3\FlashUty\AMI\AFUWIN
\UCOREW64.SYS
ADD c:\Program Files\MSI\Live Update 3\FlashUty\AMI\WinSFI\WinSFI.exe
ADD c:\Program Files\MSI\Live Update 3\FlashUty\Award\WinFlash.exe
ADD c:\Program Files\MSI\Live Update 3\FlashUty\Award\WinFlash.sys
ADD c:\Program Files\MSI\Live Update 3\FlashUty\NB\AFUWIN\AFU414_W.EXE
ADD c:\Program Files\MSI\Live Update 3\FlashUty\NB\AFUWIN\UCOREDLL.DLL
ADD c:\Program Files\MSI\Live Update 3\FlashUty\NB\AFUWIN\UCORESYS.SYS
ADD c:\Program Files\MSI\Live Update 3\FlashUty\NB\AFUWIN\UCOREVXD.VXD
ADD c:\Program Files\MSI\Live Update 3\FlashUty\NB\AFUWIN\UCOREW64.SYS
ADD c:\Program Files\MSI\Live Update 3\FlashUty\OSD\cddrv.sys
ADD c:\Program Files\MSI\Live Update 3\FlashUty\OSD\OSDWinFM.exe
ADD c:\Program Files\MSI\Live Update 3\FlashUty\OSD\OSDWinFS.exe
ADD c:\Program Files\MSI\Live Update 3\Lang\res1028.xml
ADD c:\Program Files\MSI\Live Update 3\Lang\res1031.xml
ADD c:\Program Files\MSI\Live Update 3\Lang\res1033.xml
ADD c:\Program Files\MSI\Live Update 3\Lang\res1036.xml
ADD c:\Program Files\MSI\Live Update 3\Lang\res1040.xml
ADD c:\Program Files\MSI\Live Update 3\Lang\res1041.xml
ADD c:\Program Files\MSI\Live Update 3\Lang\res1045.xml
ADD c:\Program Files\MSI\Live Update 3\Lang\res1055.xml
ADD c:\Program Files\MSI\Live Update 3\Lang\res2052.xml
ADD c:\Program Files\MSI\Live Update 3\Lang\res404.dll
ADD c:\Program Files\MSI\Live Update 3\Lang\res407.dll
ADD c:\Program Files\MSI\Live Update 3\Lang\res409.dll
ADD c:\Program Files\MSI\Live Update 3\Lang\res40c.dll
ADD c:\Program Files\MSI\Live Update 3\Lang\res410.dll
ADD c:\Program Files\MSI\Live Update 3\Lang\res411.dll
ADD c:\Program Files\MSI\Live Update 3\Lang\res415.dll
ADD c:\Program Files\MSI\Live Update 3\Lang\res41f.dll
ADD c:\Program Files\MSI\Live Update 3\Lang\res804.dll
ADD c:\Program Files\MSI\Live Update 3\LBios\LBios.htm
ADD c:\Program Files\MSI\Live Update 3\LBios\LGetBios.htm
ADD c:\Program Files\MSI\Live Update 3\LBios\LUVerChk.htm
ADD c:\Program Files\MSI\Live Update 3\LDriver\LDeteDrv.htm
ADD c:\Program Files\MSI\Live Update 3\LDriver\LDriver.htm
ADD c:\Program Files\MSI\Live Update 3\LDriver\LUVerChk.htm
ADD c:\Program Files\MSI\Live Update 3\LIA\IAwarn.htm
ADD c:\Program Files\MSI\Live Update 3\LIA\LGetIA.htm
ADD c:\Program Files\MSI\Live Update 3\LIA\LIA.htm
ADD c:\Program Files\MSI\Live Update 3\LIA\LUVerChk.htm
ADD c:\Program Files\MSI\Live Update 3\LMonitor\LMCheck.htm
ADD c:\Program Files\MSI\Live Update 3\LMonitor\LMItems.htm
ADD c:\Program Files\MSI\Live Update 3\LMonitor\LMonitor.htm
ADD c:\Program Files\MSI\Live Update 3\LMonitor\MSIFAQ.htm
ADD c:\Program Files\MSI\Live Update 3\LMonitor\Result.xml
ADD c:\Program Files\MSI\Live Update 3\LMonitor\Image\btn_bg.gif
ADD c:\Program Files\MSI\Live Update 3\LMonitor\Image\chess003.gif
ADD c:\Program Files\MSI\Live Update 3\LMonitor\Image\chipset.gif
ADD c:\Program Files\MSI\Live Update 3\LMonitor\Image\faq_bottom.gif
ADD c:\Program Files\MSI\Live Update 3\LMonitor\Image\faq_up.gif
ADD c:\Program Files\MSI\Live Update 3\LMonitor\Image\girl_bottom.gif
ADD c:\Program Files\MSI\Live Update 3\LMonitor\Image\girl_up.gif
ADD c:\Program Files\MSI\Live Update 3\LMonitor\Image\ie.gif
ADD c:\Program Files\MSI\Live Update 3\LMonitor\Image\lb1_tab.gif
ADD c:\Program Files\MSI\Live Update 3\LMonitor\Image\lb2_tab.gif
ADD c:\Program Files\MSI\Live Update 3\LMonitor\Image\lb_tab.gif
ADD c:\Program Files\MSI\Live Update 3\LMonitor\Image\ld1_tab.gif
ADD c:\Program Files\MSI\Live Update 3\LMonitor\Image\ld2_tab.gif
ADD c:\Program Files\MSI\Live Update 3\LMonitor\Image\ld_tab.gif
ADD c:\Program Files\MSI\Live Update 3\LMonitor\Image\lmicon.jpg
ADD c:\Program Files\MSI\Live Update 3\LMonitor\Image\losd1_tab.gif
ADD c:\Program Files\MSI\Live Update 3\LMonitor\Image\losd2_tab.gif
ADD c:\Program Files\MSI\Live Update 3\LMonitor\Image\losd_tab.gif
ADD c:\Program Files\MSI\Live Update 3\LMonitor\Image\lu1_tab.gif
ADD c:\Program Files\MSI\Live Update 3\LMonitor\Image\lu2_tab.gif
ADD c:\Program Files\MSI\Live Update 3\LMonitor\Image\lu_tab.gif
ADD c:\Program Files\MSI\Live Update 3\LMonitor\Image\lvb1_tab.gif
ADD c:\Program Files\MSI\Live Update 3\LMonitor\Image\lvb2_tab.gif
ADD c:\Program Files\MSI\Live Update 3\LMonitor\Image\lvb_tab.gif
ADD c:\Program Files\MSI\Live Update 3\LMonitor\Image\lvd1_tab.gif
ADD c:\Program Files\MSI\Live Update 3\LMonitor\Image\lvd2_tab.gif
ADD c:\Program Files\MSI\Live Update 3\LMonitor\Image\lvd_tab.gif
ADD c:\Program Files\MSI\Live Update 3\LMonitor\Image\msi_banner.gif
ADD c:\Program Files\MSI\Live Update 3\LMonitor\Image\pc-b.gif
ADD c:\Program Files\MSI\Live Update 3\LMonitor\Image\product_mb.gif
ADD c:\Program Files\MSI\Live Update 3\LMonitor\Image
\product_optical.gif
ADD c:\Program Files\MSI\Live Update 3\LMonitor\Image\product_vga.gif
ADD c:\Program Files\MSI\Live Update 3\LMonitor\Image\SkipBtn.jpg
ADD c:\Program Files\MSI\Live Update 3\LMonitor\Image\SkipBtn1.jpg
ADD c:\Program Files\MSI\Live Update 3\LMonitor\Image\SkipBtn2.jpg
ADD c:\Program Files\MSI\Live Update 3\LOSD\LGetOSD.htm
ADD c:\Program Files\MSI\Live Update 3\LOSD\LOSD.htm
ADD c:\Program Files\MSI\Live Update 3\LOSD\LUVerChk.htm
ADD c:\Program Files\MSI\Live Update 3\LOSD\OSDInfo.ini
ADD c:\Program Files\MSI\Live Update 3\LUtility\LONUty.htm
ADD c:\Program Files\MSI\Live Update 3\LUtility\LUtility.htm
ADD c:\Program Files\MSI\Live Update 3\LUtility\LUVerChk.htm
ADD c:\Program Files\MSI\Live Update 3\LVGABios\LUVerChk.htm
ADD c:\Program Files\MSI\Live Update 3\LVGABios\LVGABIOS.htm
ADD c:\Program Files\MSI\Live Update 3\LVGABios\LVONBios.htm
ADD c:\Program Files\MSI\Live Update 3\LVGADrv\LUVerChk.htm
ADD c:\Program Files\MSI\Live Update 3\LVGADrv\LVGADrv.htm
ADD c:\Program Files\MSI\Live Update 3\LVGADrv\LVGAOBDrv.htm
ADD c:\Program Files\MSI\Live Update 3\LVGADrv\LVONDrv.htm
ADD c:\Program Files\MSI\Live Update 3\LVGADrv\LVONOBDrv.htm
ADD c:\Program Files\MSI\Live Update 3\msi.files\AUTOENB.BAT
ADD c:\Program Files\MSI\Live Update 3\msi.files\AUTOEOSD.BAT
ADD c:\Program Files\MSI\Live Update 3\msi.files\AUTOEXEC.BAT
ADD c:\Program Files\MSI\Live Update 3\msi.files\CONFIG.SYS
ADD c:\Program Files\MSI\Live Update 3\msi.files\CONFINB.SYS
ADD c:\Program Files\MSI\Live Update 3\msi.files\CONFIOSD.SYS
ADD c:\Program Files\MSI\Live Update 3\msi.files\left.htm
ADD c:\Program Files\MSI\Live Update 3\msi.files\main.htm
ADD c:\Program Files\MSI\Live Update 3\msi.files\SECTOR.IMG
ADD c:\Program Files\MSI\Live Update 3\msi.files\Support.htm
ADD c:\Program Files\MSI\Live Update 3\msi.files\top.htm
ADD c:\Program Files\MSI\Live Update 3\msi.files\XLive.js
ADD c:\Program Files\MSI\Live Update 3\msi.files\XLive.vbs
ADD c:\Program Files\MSI\Live Update 3\msi.files\FreeDOS\AutoIDE.exe
ADD c:\Program Files\MSI\Live Update 3\msi.files\FreeDOS\CHECKDSK.BAT
ADD c:\Program Files\MSI\Live Update 3\msi.files\FreeDOS\CHOICE.EXE
ADD c:\Program Files\MSI\Live Update 3\msi.files\FreeDOS\CKEVT.EXE
ADD c:\Program Files\MSI\Live Update 3\msi.files\FreeDOS\COMMAND.COM
ADD c:\Program Files\MSI\Live Update 3\msi.files\FreeDOS\COPYING.TXT
ADD c:\Program Files\MSI\Live Update 3\msi.files\FreeDOS\FDKERNEL.LSM
ADD c:\Program Files\MSI\Live Update 3\msi.files\FreeDOS\FDXMS.SYS
ADD c:\Program Files\MSI\Live Update 3\msi.files\FreeDOS\KERNEL.SYS
ADD c:\Program Files\MSI\Live Update 3\msi.files\FreeDOS\KERNEL16.SYS
ADD c:\Program Files\MSI\Live Update 3\msi.files\FreeDOS\README
ADD c:\Program Files\MSI\Live Update 3\msi.files\FreeDOS\TDSK.EXE
ADD c:\Program Files\MSI\Live Update 3\msi.files\Image\btn1.jpg
ADD c:\Program Files\MSI\Live Update 3\msi.files\Image\btn1d.jpg
ADD c:\Program Files\MSI\Live Update 3\msi.files\Image\btn1o.jpg
ADD c:\Program Files\MSI\Live Update 3\msi.files\Image\btn2.jpg
ADD c:\Program Files\MSI\Live Update 3\msi.files\Image\btn2d.jpg
ADD c:\Program Files\MSI\Live Update 3\msi.files\Image\btn2o.jpg
ADD c:\Program Files\MSI\Live Update 3\msi.files\Image\btn3.jpg
ADD c:\Program Files\MSI\Live Update 3\msi.files\Image\btn3d.jpg
ADD c:\Program Files\MSI\Live Update 3\msi.files\Image\btn3o.jpg
ADD c:\Program Files\MSI\Live Update 3\msi.files\Image\btn4.jpg
ADD c:\Program Files\MSI\Live Update 3\msi.files\Image\btn4d.jpg
ADD c:\Program Files\MSI\Live Update 3\msi.files\Image\btn4o.jpg
ADD c:\Program Files\MSI\Live Update 3\msi.files\Image\btn5.jpg
ADD c:\Program Files\MSI\Live Update 3\msi.files\Image\btn5d.jpg
ADD c:\Program Files\MSI\Live Update 3\msi.files\Image\btn5o.jpg
ADD c:\Program Files\MSI\Live Update 3\msi.files\Image\btn6.jpg
ADD c:\Program Files\MSI\Live Update 3\msi.files\Image\btn6d.jpg
ADD c:\Program Files\MSI\Live Update 3\msi.files\Image\btn6o.jpg
ADD c:\Program Files\MSI\Live Update 3\msi.files\Image\btn7.jpg
ADD c:\Program Files\MSI\Live Update 3\msi.files\Image\btn7d.jpg
ADD c:\Program Files\MSI\Live Update 3\msi.files\Image\btn7o.jpg
ADD c:\Program Files\MSI\Live Update 3\msi.files\Image\btnlu.jpg
ADD c:\Program Files\MSI\Live Update 3\msi.files\Image\btnlu1.jpg
ADD c:\Program Files\MSI\Live Update 3\msi.files\Image\btnlu2.jpg
ADD c:\Program Files\MSI\Live Update 3\msi.files\Image\Email.gif
ADD c:\Program Files\MSI\Live Update 3\msi.files\Image\goto.jpg
ADD c:\Program Files\MSI\Live Update 3\msi.files\Image\left.jpg
ADD c:\Program Files\MSI\Live Update 3\msi.files\Image\leftlow.jpg
ADD c:\Program Files\MSI\Live Update 3\msi.files\Image\lefttop.jpg
ADD c:\Program Files\MSI\Live Update 3\msi.files\Image\link.gif
ADD c:\Program Files\MSI\Live Update 3\msi.files\Image\no.jpg
ADD c:\Program Files\MSI\Live Update 3\msi.files\Image\noa.jpg
ADD c:\Program Files\MSI\Live Update 3\msi.files\Image\Reset.jpg
ADD c:\Program Files\MSI\Live Update 3\msi.files\Image\Reseta.jpg
ADD c:\Program Files\MSI\Live Update 3\msi.files\Image\SafeBios.jpg
ADD c:\Program Files\MSI\Live Update 3\msi.files\Image\Send.jpg
ADD c:\Program Files\MSI\Live Update 3\msi.files\Image\Senda.jpg
ADD c:\Program Files\MSI\Live Update 3\msi.files\Image\SkipBtn.jpg
ADD c:\Program Files\MSI\Live Update 3\msi.files\Image\SkipBtn1.jpg
ADD c:\Program Files\MSI\Live Update 3\msi.files\Image\SkipBtn2.jpg
ADD c:\Program Files\MSI\Live Update 3\msi.files\Image\star_red.gif
ADD c:\Program Files\MSI\Live Update 3\msi.files\Image\top.jpg
ADD c:\Program Files\MSI\Live Update 3\msi.files\Image\WORK.GIF
ADD c:\Program Files\MSI\Live Update 3\msi.files\Image\yes.jpg
ADD c:\Program Files\MSI\Live Update 3\msi.files\Image\yesa.jpg
ADD c:\Program Files\MSI\Live Update 3\msi.files\warn\Bioswarn.htm
ADD c:\Program Files\MSI\Live Update 3\msi.files\warn\Drvwarn.htm
ADD c:\Program Files\MSI\Live Update 3\msi.files\warn\OSDwarn.htm
ADD c:\Program Files\MSI\Live Update 3\msi.files\warn\VGAwarn0.htm
ADD c:\Program Files\MSI\Live Update 3\msi.files\warn\VGAwarn1.htm
ADD c:\Program Files\MSI\Live Update 3\msi.files\warn\VGAwarn2.htm
ADD c:\Program Files\MSI\Live Update 3\msi.files\warn\VGAwarn3.htm
ADD c:\WINDOWS\system32\FlashVxd.vxd
ADD c:\WINDOWS\system32\Ntaccess.sys
ADD c:\WINDOWS\system32\drivers\FlashSys.sys
<-----------------------------------------
[unquote]

Notice the c:\WINDOWS\system32\drivers\FlashSys.sys?

July 16, 2007

Re: Windows Defender Warning

"happymac.support@gmail.com" <> wrote:

>>>> Check the file properties in order to find out the associated software

>>>> and its origin.

>>

>>> The file in the drivers folder has unknown associations and is a

>>> "system file" however, using google I searched for the file and came

>>> up with two results.

>>

>> Nope. Why don't you right click that file > Properties > Version.

>

> There is no file version listed for it.

That's rather unusual. If there is no Version tab, that file is not a

(binary) driver. Try to open with the Editor (Notepad) since this might

be a plain text file. If this applies, check its content.

> I'm pretty sure its from MSI Live Update, like it said on that site I

> found. The reason that the file says that its being accessed everyday

> is because MSI Live Update is one of my startup programs. MSI Live

> Update is a program that came with my video card that updates the VGA

> BIOS, Drivers, etc.

Watch that file if there are changes in size and/or date. Since there

are changes on every reboot according to the Windows Defender, you

should see these changes as well.

--

d-d

July 16, 2007

Re: Windows Defender Warning

On Jul 16, 1:20 pm, "Detlev Dreyer" <detdre...@flashmail.com> wrote:

> "happymac.supp...@gmail.com" <> wrote:

> >>>> Check the file properties in order to find out the associated software

> >>>> and its origin.

>

> >>> The file in the drivers folder has unknown associations and is a

> >>> "system file" however, using google I searched for the file and came

> >>> up with two results.

>

> >> Nope. Why don't you right click that file > Properties > Version.

>

> > There is no file version listed for it.

>

> That's rather unusual. If there is no Version tab, that file is not a

> (binary) driver. Try to open with the Editor (Notepad) since this might

> be a plain text file. If this applies, check its content.

>

> > I'm pretty sure its from MSI Live Update, like it said on that site I

> > found. The reason that the file says that its being accessed everyday

> > is because MSI Live Update is one of my startup programs. MSI Live

> > Update is a program that came with my video card that updates the VGA

> > BIOS, Drivers, etc.

>

> Watch that file if there are changes in size and/or date. Since there

> are changes on every reboot according to the Windows Defender, you

> should see these changes as well.

>

> --

> d-d

OK, I opened the file using Notepad. Most of it was binary junk but I

picked out a few things that may be of use (these are copied right

from the file btw):

-------------------------------------------------------------------------------

- This program cannot be run in DOS mode.

- ÃÌMSI ATI Technologies 113-MS VER 2.05. 2.11. 2.15.

3.05. 3.11. 3.15. 3.20. 3.17. 3.25. 4.17. 4.25.

4.18. 4.28. 4.30. 4.31. 4.34. 4.35. 4.36. 4.37.

4.38. 5.40. 5.43. 5.44

- !�IoCreateSymbolicLink ��IoCreateDevice d�RtlInitUnicodeString

·�IofCompleteRequest %�IoDeleteDevice '�IoDeleteSymbolicLink

��ZwClose 4�ZwMapViewOfSection µ�ObReferenceObjectByHandle

<�ZwOpenSection M�MmMapIoSpace ntoskrnl.exe W READ_PORT_ULONG ]

WRITE_PORT_ULONG \ WRITE_PORT_UCHAR V READ_PORT_UCHAR ^

WRITE_PORT_USHORT / HalTranslateBusAddress HAL.dll

- D:\Task\LIVEUP~1\sys\objfre\i386\FlashSys.pdb

-------------------------------------------------------------------------------

I understand the ATI Technologies thing because my graphics chipset is

an ATI Radeon X1300 PRO. I think then it lists all the versions of MSI

Live Update it works with. I don't understand the Io gibberish but the

next thing (the filepath) "D:\Task\LIVEUP~1\sys\objfre

\i386\FlashSys.pdb" I think I understand. I think it is showing the

path where it was copied from, in this case the MSI Utilities CD (My

DVD-RW drive's letter is D). I know it came from MSI Live Update Now

because in the filepath, there is a subfolder called "LIVEUP~1" with

I'm pretty sure stands for MSI Live Update.

If you want to see the full text contents of the file, go to this page

(I uploaded it): http://pcwiz.50webs.com/FlashSysContents.txt

If you want a copy of the FlashSys.sys file, download it from here (I

uploaded it): http://pcwiz.50webs.com/FlashSys.sys

Hope this helps

Thanks for the help

July 17, 2007

Re: Windows Defender Warning

"happymac.support@gmail.com" wrote:

> If you want a copy of the FlashSys.sys file, download it from here (I

> uploaded it): http://pcwiz.50webs.com/FlashSys.sys

Yep, that is a 32-bit binary file, however, w/o any version information.

It doesn't seem to be virulent according to a thorough scan and can be

opened with a Hex Editor. It contains a list of "MSI ATI Technologies"

VER (versions) from 2.05 to 5.44 and that may or may not be the reason

why this file is subject to frequent updates, apparently. The embedded

path "D:\Task\LIVEUP~1\sys\objfre\i386\FlashSys.pdb" should be a static

leftover (debug information file) and confirms more or less that this

particular file belongs to your "MSI Live Update" software. Under the

bottom line, there is nothing to worry about - estimated from afar.

> Thanks for the help

You're certainly welcome.

--

d-d

July 17, 2007

Re: Windows Defender Warning

On Jul 17, 1:18 am, "Detlev Dreyer" <detdre...@flashmail.com> wrote:

> "happymac.supp...@gmail.com" wrote:

> > If you want a copy of the FlashSys.sys file, download it from here (I

> > uploaded it):http://pcwiz.50webs.com/FlashSys.sys

>

> Yep, that is a 32-bit binary file, however, w/o any version information.

> It doesn't seem to be virulent according to a thorough scan and can be

> opened with a Hex Editor. It contains a list of "MSI ATI Technologies"

> VER (versions) from 2.05 to 5.44 and that may or may not be the reason

> why this file is subject to frequent updates, apparently. The embedded

> path "D:\Task\LIVEUP~1\sys\objfre\i386\FlashSys.pdb" should be a static

> leftover (debug information file) and confirms more or less that this

> particular file belongs to your "MSI Live Update" software. Under the

> bottom line, there is nothing to worry about - estimated from afar.

>

> > Thanks for the help

>

> You're certainly welcome.

>

> --

> d-d

When MSI Live Update starts up, it asks me sometimes to update to a

newer version of MSI Live Update (4.08 I think). That might be why its

accessed everyday. Just thought that you might like to know. Anyway, I

think to stop the warning that comes up in Event Viewer, I'll add

FlashSys.sys to Windows Defender's allowed list.

Thanks again

July 17, 2007

Re: Windows Defender Warning

"happymac.support@gmail.com" wrote:

> When MSI Live Update starts up, it asks me sometimes to update to a

> newer version of MSI Live Update (4.08 I think). That might be why its

> accessed everyday. Just thought that you might like to know. Anyway, I

> think to stop the warning that comes up in Event Viewer, I'll add

> FlashSys.sys to Windows Defender's allowed list.

Thanks for this update.

--

d-d

July 17, 2007

Re: Windows Defender Warning

I think I am 100% sure now that it is Live Update, because I updated

to a new version of the software and a new FlashSys file was created.

Thanks again

July 17, 2007