Windows 10: False negative or false positive ?

Win 10 Home 10586.164

Did a Sfc /scannow.
Result : found corrupted files but unable to repair some of them.

Did a dism..../restorehealth.
Result : Restore operation successful.

Did a sfc /scannow right after dism.
Result : found corrupted files but unable to repair some of them.

I tried to do a chkdsk /f/r, but scanning and repair stayed at 10% for over 45 minutes.
I aborted it. No patience for that.

Do I have a false negative from sfc, or false positive from dism ?

:)

 

database of malware producing false positives or false negatives

Find the file that is detected by WD, then follow the steps at the following site to submit the sample:

Submit A Virus Sample To Microsoft

<<Submit a file for malware analysis - Windows Defender Security Intelligence>>

`~`

 

database of malware producing false positives or false negatives

The file that WD did not find on quick scan but found on full scan is:

containerfile:\preload\install.wim

file:\preload\install.wim->(Image57828)\Program Files (x86)\HP Games\FATE The Cursed King\Fate-WT.exe->(EXEEmb)->(EXEEmb)

Malwarebytes on repetitive scans over the past few months found no malware on the hard drive.

The hard drive has reached end of life and I am now using this computer as an optical drive for my television. Rarely, I use it for internet activities.

It is 750 GB 7200 RPM.

Seatools for windows SMART test passes but short drive self test and short generic test fail.

I've ran chkdsk /f /r on this drive.

WD has it displayed as a potential threat with recommeded action: remove, quarantine, or allow then apply the action. The color of WD changed to red when it found a potential threat. Choosing the remove option then apply actions always fails as it indicates
that the drive is of insufficient size.

When I check the hard drive:

Using administrative command prompt then chkdsk it displays:

Microsoft Windows [Version 10.0.14393]

(c) 2016 Microsoft Corporation. All rights reserved.

C:\WINDOWS\system32>chkdsk

The type of the file system is NTFS.

Volume label is OS.

WARNING! /F parameter not specified.

Running CHKDSK in read-only mode.

Stage 1: Examining basic file system structure ...

466176 file records processed.

File verification completed.

13589 large file records processed.

0 bad file records processed.

Stage 2: Examining file name linkage ...

560078 index entries processed.

Index verification completed.

0 unindexed files scanned.

0 unindexed files recovered to lost and found.

Stage 3: Examining security descriptors ...

Security descriptor verification completed.

46952 data files processed.

CHKDSK is verifying Usn Journal...

34142664 USN bytes processed.

Usn Journal verification completed.

Windows has scanned the file system and found no problems.

No further action is required.

700224609 KB total disk space.

58512052 KB in 190195 files.

117360 KB in 46953 indexes.

0 KB in bad sectors.

593409 KB in use by the system.

65536 KB occupied by the log file.

641001788 KB available on disk.

4096 bytes in each allocation unit.

175056152 total allocation units on disk.

160250447 allocation units available on disk.

Viewing this PC:

OS (C: 611 GB free of 667 GB

Recovery (D: 3.24 GB free of 27.9 GB

Running apply actions remove changes WD from red to green with scan completed on 3830382 items and your PC is being monitored and protected. It displays this might take a few seconds but it actually takes a many hours. The recommended action to remove
this software immediately repetitively fails after each full scan and attempted removal. It displays: Your actions were successfully applied and your PC will continue to be monitored for threats.

Then further down it displays that the status is Error encountered.

It above indicated that actions were successfully applied then below it indicated an error. It was also misleading where it changed the color from red to green.

The following error occurred: Error code 0x80070070. There is not enough space on the disk.

Category: Trojan

Description: This program is dangerous and executes commands from an attacker.

Recommended action: Remove this software immediately.

Items:

containerfile:\preload\install.wim

file:\preload\install.wim->(Image57828)\Program Files (x86)\HP Games\FATE The Cursed King\Fate-WT.exe->(EXEEmb)->(EXEEmb)

Get more information about this item online.

With 611 GB free of 667 GB what is WD finding on CHKDSK or elsewhere where it displays the disk is insufficient size to remove the potential threat?

For submission of the potential threat do you copy and paste what is displayed in WD? Is upload different than copy and paste? For example is what I posted at the beginning of this reply, the findings in WD, what I should copy and paste into the upload
or additional information section? And then check I believe this file should not be detected as malware?

With it not being removed by defender should I just quarantine it?

Any insights are appreciated:

1) How come WD cannot remove it without error message that was not enough space on the disk?

2) How come it does not take seconds but takes hours for it to display the error message with drive of insufficient size?

3) What does WD look at to conclude the drive is insufficient size?

4) For the upload how should I find it on the computer for the upload and how should I upload it? I have software called everythingsearch that indexes all files on the computer. If I click on the browse link on the Submit a file for malware analysis - Windows Defender Security Intelligence
web site how do I find this potential malware on the drive?

 

Update :
Did another sfc, same negative result.

 

You need to reboot so it can repair files in use.
Sometimes it takes 3-4 times(SFC/Reboot) to fix things.