Jump to content

Microsoft On-Line Security Check Validity

Louis
 Share

Recommended Posts

Louis

Louis

Posted
Posted

I just ran the MS on-line scan of my PC. It found "something" it deemed a threat that it could not remove. :)

I SUSPECT (but do not know) that it is a false positive. Malwarebytes, Superantispyware, Spyware Terminator, etc., find NADA. :)

Unfortunately, the MS scanner does not leave a report and I neglected to write down what it found.

Any history the MS security scan producing false positives? :)

Thanks,

Louis

Link to post
Share on other sites
Louis

Louis

Posted
  • Author
Posted
Could you perhaps run another on-line scan and give us a little more info?

I ran the MS scan again in the "quick scan mode" and it found nothing. But WAIT... I ran it again in the full

scan mode and it found: Trojan Clicker: Win/32/Yabecto r.gen

The MS scanner suggested that the corrupted file is probably in the following location:

C:system volume information\_restore{2 02550a8-7a33-4bca-9586-051d24ddbf8f}\rp677\a0092559.exe

MS said the Trojan could not be removed.

What do you recommend?

Thanks,

Louis

Link to post
Share on other sites
Louis

Louis

Posted
  • Author
Posted
I ran the MS scan again in the "quick scan mode" and it found nothing. But WAIT... I ran it again in the full

scan mode and it found: Trojan Clicker: Win/32/Yabecto r.gen

The MS scanner suggested that the corrupted file is probably in the following location:

C:system volume information\_restore{2 02550a8-7a33-4bca-9586-051d24ddbf8f}\rp677\a0092559.exe

MS said the Trojan could not be removed.

What do you recommend?

Thanks,

Louis

Also... I've run Malwarebytes Anti-Malware before and after the MS scans and (according to MBAM) I have a clean machine.

It appears to me that the "infected file" maybe some bad restore point that I can delete. If I can delete safely, I'd like to give it a shot.

What do you think?

Louis

Link to post
Share on other sites
Louis

Louis

Posted
  • Author
Posted
Please have a look at this article from Microsoft. :)

:) I read it. I've also obtained a case number and called MS on their security tech support line. [i'm literally waiting on line for them to pickup my call.]

I am TEMPTED to try to delete the infected (hidden) file myself. I suppose I could also find the file and have it examined by one of my anti-virus programs.

My PC has ZERO indications that there is an ACTIVE infection. It runs fast and NONE of the other scans I've used indicate any infections.

Should I attempt to delete the presumably infected file myself? :)

Louis

Link to post
Share on other sites
Louis

Louis

Posted
  • Author
Posted
:) I read it. I've also obtained a case number and called MS on their security tech support line. [i'm literally waiting on line for them to pickup my call.]

I am TEMPTED to try to delete the infected (hidden) file myself. I suppose I could also find the file and have it examined by one of my anti-virus programs.

My PC has ZERO indications that there is an ACTIVE infection. It runs fast and NONE of the other scans I've used indicate any infections.

Should I attempt to delete the presumably infected file myself? :)

Louis

UPDATE: I spoke with a Microsoft tech and he suggested we delete all of the old restore points -- which are in the (hidden) files of C:\system volume information\...

We did that, created a new restore point and I am now running a full MS scan. He said the reason that the MS "Quick Scan" did not find it is because the QS does not scan stored restore points.

I am waiting for the scan to complete and will get back to this forum (and MS) with the results. FYI, MS has toll-free e-mail, e-mail chat, and tel support for security related issues. I found that the MS tech (located in India) was very professional.

Louis

Link to post
Share on other sites
Louis

Louis

Posted
  • Author
Posted
Please have a look at this article from Microsoft. :)

Arthur,

The Microsoft tech walked me through the removal of the offending (hidden) file. Basically we deleted all previous restore points in C: system volume information...

We rebooted the PC, did a new, full scan and received an ALL CLEAR...no more "Trojan Clicker: Win32/Yabecto..." ;)

The only scary part is removing ALL of your restore points and rebooting. :)

Fortunately, I use ERUNT as a backup for retore points... :)

The question remains...why didn't MalwareBytes (or any of the other scanners I use) catch the Trojan Clicker in my hidden systems volume information? ONLY the Microsoft on-site full security scan caught it. :)

I am guessing because while the file was probably corrupted by the Trojan Clicker, it was not active...

Any thoughts?

Louis

Link to post
Share on other sites
GT500

GT500

Posted
Posted

The only time something in your System Restore can hurt you is when you restore from an infected restore point. Quick Scans will never check the System Restore because there's just not much of a point to it.

Now if your ran a full scan and it didn't detect it, it's possible that it was old enough that it wasn't much of a threat, or maybe it's something that anti-virus covers very well and there was no need to focus on it.

Also note that running the update before scanning is a good idea. ;)

Link to post
Share on other sites
Louis

Louis

Posted
  • Author
Posted
The only time something in your System Restore can hurt you is when you restore from an infected restore point. Quick Scans will never check the System Restore because there's just not much of a point to it.

Now if your ran a full scan and it didn't detect it, it's possible that it was old enough that it wasn't much of a threat, or maybe it's something that anti-virus covers very well and there was no need to focus on it.

Also note that running the update before scanning is a good idea. ;)

I ALWAYS run the update before scanning. For whatever reason, MBAM did NOT find the infected file and the MS on-line scanner did -- although it could not remove it. THAT took a few phone calls to MS and the deletion of ALL of the restore points, rebooting, rescanning etc.

The obvious question is WHY didn' the presumably thorough MBAM scan discover what the MS scan did? What do you think? :)

Louis

Link to post
Share on other sites
GT500

GT500

Posted
Posted

We don't spend as much time on things that anti-virus software is good at. We believe that we can offer better protection for our users if we dive headlong into the things that they have the most trouble with, and concentrate our efforts there. We believe that if most anti-virus softwares are detecting something, and if there is not an active point of infection for the item, then it's best if we concentrate our efforts on the nastiest stuff.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.