Jump to content

Quarantined items are "Start" menu items

missbrokensmile
 Share

Recommended Posts

missbrokensmile

missbrokensmile

Posted
Posted

I recently used Malwarebytes on a family member's computer and it came up with several hundred infections. One was a serious trojan, the other infections were classified as Malware.Trace. However, all the Malware.Trace items were the "Start" links in the programs/menu. They've been quarantined, but now that they have, all the start menu items do not show up. Is it really possible that all those items were infected with malware (or were they false positives?).

Every time I open MBAM and click on the quarantine tab, it crashes. Is there a way to open quarantine, or remove all the items from quarantine (or is this not a good idea)? Or perhaps you know of any other ways to restore the start menu links in the programs section?

Also, as I was running the scan, an error came up, I think it was (0, 6) or (1, 6). I don't know if that helps (does MBAM keep a log of all the errors it occurs? Where would that be?)

Operating system: Windows XP

Link to post
Share on other sites
gtyhfy

gtyhfy

Posted
Posted

Caution : Please don't try this method, and the methods in post #7 if you use the Simpified Chinese systems, and has similar experience as missbrokensmile. There is a report on an earlier database contained a false positive on the shortcuts in the start menu. Please contact helpdesk at support@malwarebytes.org or http://helpdesk.malwarebytes.org/home. The method present here, as mountaintree16 said below, should only be used if you have/had a real infection.

Hello missbrokensmile, :)

The quarantined items, if needed, can be found at C:\Documents and Settings\<username>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine if you did not choose delete files after the scan.

Have you tried an clean install to see whether it can solve the error (although by doing so it will lose all the quarantined items)? If you would like to try (you can zip and back up the quarantine folder), please follow the instructions below:

  1. Click on Start and select Control Panel
  2. Open Add/Remove Programs
  3. Uninstall Malwarebytes' Anti-Malware
  4. Restart your computer very important
  5. Download and run mbam-clean.exe from here
  6. It will ask to restart your computer, please allow it to do so very important
  7. After the computer restarts, temporarily disable your Anti-Virus and install the latest version of Malwarebytes' Anti-Malware from here

Note:

  • You will need to reactivate the program using the license you were sent via email if using the Pro version
  • Launch the program and set the Protection and Registration. Then go to the UPDATE tab if not done during installation and check for updates.
    Restart the computer again and verify that MBAM is in the task tray if using the Pro version. Now setup any file exclusions as may be required in your Anti-Virus/Internet-Security/Firewall applications and restart your Anti-Virus/Internet-Security applications. You may use the guides posted in the FAQ's here or ask and we'll explain how to do it.

Please post back if you have any further problems.

Thank You :)

Edit -

Just adding a few words to the post by mountaintree16 below. If you really want to post to the false positive forum, please also attach the file(s) in question for the developer to have quicker investigation.

Further Edit - Posting a warning sentence. And with further amendments on 11 May.

Link to post
Share on other sites
mountaintree16

mountaintree16

Posted
Posted

missbrokensmile,

Actually, as long as you have not used the mbam-clean tool and as long as you have not deleted items from quarantine, the items will still be present in quarantine :lol:

However, you may have been infected or you may not have been. You shouldn't just restore items from quarantine unless you know that they are truly a false positive.

You should post your question here:

http://forums.malwarebytes.org/index.php?showforum=42

Along with your complete scan log, so that someone can check for you and see if the items found were indeed False Positives or if you were actually infected. Malware will oftentime cause damage to systems as well.

If you are indeed infected or were infected, you should most definitely follow gtyhfy's directions above my post.

Link to post
Share on other sites
gtyhfy

gtyhfy

Posted
Posted

Caution : Please don't try these methods, and the method in post #4 if you use the Simpified Chinese systems, and has similar experience as missbrokensmile. There is a report on an earlier database contained a false positive on the shortcuts in the start menu. Please contact helpdesk at support@malwarebytes.org or http://helpdesk.malwarebytes.org/home.

Hello missbrokensmile,

Just have read your post at here.

No need to do the restoration for those items as you did not take any actions on them.

...

C:\Documents and Settings\user\「开始」菜单\程序\启动 (Malware.Trace) -> No action taken.

...

For other quarantined shortcuts, you can place those links back to the folder C:\Documents and Settings\<username>\「开始」菜单\程序 with appropriate sub folders. (Here, I assume you have backed up those shortcuts.)

For crashing issues, let's try the solution one by one. If one solution cannot fix that, move on to the another one.

Method 1

http://forums.malwarebytes.org/index.php?s...st&p=242550

Method 2

http://forums.malwarebytes.org/index.php?s...st&p=242593

Method 3

http://forums.malwarebytes.org/index.php?s...st&p=242599

If all the solutions cannot resolve this, please post back here with the system you use (I assume in your case is XP SP3 Simpified Chinese version), any anti-virus/internet security/firewall you are using on the system. In addition, describe what you got and how the things behave after each of the methods.

Thank you.

PS

1. Next time, if you encounter errors from MBAM, please post them in the General Malwarebytes' Anti-Malware Forum.

2. 希望我听到的会是一个好消息。 :angry:

Edit - correcting the path to "programs".

Further Edit - Posting a warning sentence. (13/5)

Link to post
Share on other sites
missbrokensmile

missbrokensmile

Posted
  • Author
Posted

Next time I'll remember to post in the right forum, sorry about that!

Anyway, I tried the 3 methods. Actually, all of them worked, and I could open the quarantine tab. But, when I went to move the previous quarantined files back into the quarantine folder (so I could restore them?) the quarantine tab could not be opened. MBAM crashed, and it just came up with a dialog box that says an error has occurred and asks you whether you want to send a report or not.

The reason I want to restore the quarantine files is so that I can have the start menu items back.

OS: Windows XP SP3 Simpified Chinese version

Programs: ESET NOD32 Antivirus, Comodo, MBAM

Link to post
Share on other sites
gtyhfy

gtyhfy

Posted
Posted

@missbrokensmile

Sorry for not replying as sometimes I forget.

I regret I did not tell you to save the logs first. If I had known you had a simplified Chinese operating system, I would have asked you to back up the logs aside from the quarantine.

But let's try to see whether we can do something first....

First, go to the backup folder. You will see the following:

Right click those information file (starting with the file name BACKUP) and choose "Open With Notepad"

You will see the information of a particular file.

Your attention will be the 4th and 5th lines.

The 4th line, which starts with "3=", shows the path of the original file. The 5th line, which starts with "4=", shows the extension of that quarantined file (starting with QUAR1).

So, if all information are present, you can reverse it by changing the name of that file, and put it back to path, and see if it can back to normal... (or even exclude files without all the information and put them [backup1.xxxxx+QUAR1.xxxxx] back to quarantine, then use MBAM to restore.)

But I regret for a point that the crashing may be caused by lacking of all the information.

That means the method is not possible if part of the information is missing in the information file.

You can ask the helpdesk at support@malwarebytes.org for solving the problem. Mention this topic in your content as well.

If you need further assistance, please post back.

Edit - for the expert/ dev

My initial guess, which MBAM_ERROR_ADD_TO_RESULTS (0, 6) then crash when viewing the quarantine tab in (some of) the XP Chinese systems, is that MBAM cannot write the path of infected file(maybe it only happens for the first infected file) to the logs/backup1 files while scanning in those systems ...

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.