Jump to content

Will re-install of MWB show quarantined files from previous installation?

Highcountryrider
 Share

Recommended Posts

Highcountryrider

Highcountryrider

Posted
Posted

Have a friend who just got a new laptop with Windows 7 Pro 64 bit installed and he has been configuring it. He installed the latest version of MWB (from the website). Ran it after updating and it probably came up with the Hijack.Display Properties notice which was quarantined. I don't know if he also had the Trojan.BHO detections connected to the Partner.dll program. He then had a system crash and upon rebooting decided that MWB was causing the problem and uninstalled it. I know, I know...but he is not very computer savvy.

I tried to do a system restore to the last available restore point, which was before MWB was uninstalled, which showed that Malwarebytes was included but might not work properly and might need to be reinstalled. Problem was the system restore did not work. Upon reboot, error message said that restore failed, nothing had been changed, etc. and that a file was missing that was part of the restore. Tried the next restore point and same results. I know I probably could have tried all the restore points and hopefully one might have worked but friend was absolutely against it. He said that too many programs, updates etc. would have to be re-installed and that the computer seemed to be working fine.

I have absolutely no idea what MWB found and quarantined before it was uninstalled. If I did a re-installed MWB would it be able to recover the files that were in the quarantine or was all that information lost when MWB was uninstalled?

TIA for any assistance.

Link to post
Share on other sites
Highcountryrider

Highcountryrider

Posted
  • Author
Posted
Please back up any User data and do a clean install

There is no way of telling exactly all the "configuring" that has been done on this infected computer

Thanks for the reply. Appreciate the advice but I'm pretty certain that the only detections from MWB were the documented Vista/7 FPs regarding the Partner.dll and the Hijack.DisplayProperties. I'm sure my friend wasn't downloading any type of software (except MWB), sceensavers, etc. that might have infected him. He also does very little web surfing except for his financial services websites. Besides he would have to do a recovery from the Sony Vaio recovery discs. I know that's the only way to be sure but going to be hard to convince him to do this.

I guess I should have just asked is if Malwarebytes is installed on a system, detects issues on a scan, quarantines the items and then is uninstalled would a re-installation of Malwarebytes show what had been quarantined in the previous installation? My instincts say no but that's why I'm asking the question here.

Link to post
Share on other sites
mountaintree16

mountaintree16

Posted
Posted

Highcountryrider,

Yes it actually would show unless you've used mbamclean on the system :)

And where is he getting these screensavers? Those can be a common infection point unfortunately.

Link to post
Share on other sites
Highcountryrider

Highcountryrider

Posted
  • Author
Posted
Highcountryrider,

Yes it actually would show unless you've used mbamclean on the system :)

And where is he getting these screensavers? Those can be a common infection point unfortunately.

Thanks for the information. If you'll re-read the post you responded to you'll see I said wasn't downloading any software or screensavers. :)

I guess what I will do is re-install the latest MWB and see if I can find what might have been quarantined before the un-installation to see if I can restore anything that needs to be restored.

Link to post
Share on other sites
mountaintree16

mountaintree16

Posted
Posted

@ Highcountryrider

Please, next time use the "add reply"button at the bottom of the page or erase what the person before you said :)

Oh, sorry. It's good that screensavers are not being downloaded :)

Yeah, re-install it, and post a log here: http://www.malwarebytes.org/forums/index.php?showforum=42

so someone can review the logo and tell you if its a FP or not...

( note, old logs should be saved too :) )

Since you don't want to restore something that isn't really a false positive :)

Also, depending on what it is, malware may have actually done something here, not Malwarebytes. Malware can (but doesn't always) unfortunately cause damage when its removed.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.