Hi. I am running Parallels 4 with Windows XP. its quite tightly locked down in that it has no access to my Mac drives, etc. I only use it for testing my site on other browsers, and access to usenet. I have had Parallels Internet Security installed since the beginning, but it causes me problems with my external netgear SC101 Storage Central, giving me loads of false positives. So, i uninstalled it last night and installed Microsoft Security Essentials instead. this seems to work better with my network drive. However when i ran the first quick scan is detected the Sinowal.H virus on the MBR, and removed it. This made me panic because this is a serious virus, and although I don't normally do anything that might put me at risk through the Windows Installation, we have just been moved in work to an Online solution for our HR needs, including payroll, etc. and this is only accessible through Internet Explorer. So i have changed my password for this service. My question is: why did Parallels Internet Security not detect this? I have no idea how long its been there, but Parallels Internet Security was kept up to date. This makes me wonder if the detection and removal by MS Security Essentials is a false-positive. The VM suffered no ill-effects, it could still boot after the removal. Regards
To clarify, Here's is what i believe, so perhaps somebody might be able to tell me whether i'm right or not: I read somewhere that parallels uses a file containing details of the partitions and uses this for booting Windows, not the hard-disk file's MBR. Is this correct? I think the virus may have been lying dormant in the MBR for the reason above, which is why Parallels Internet security did not find the virus and MS Security Essentials did. I would be grateful if somebody could tell me if im right or not. Thanks
