1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Question about Microsoft Security Essentials

Discussion in 'General Security' started by tomdkat, Apr 19, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. tomdkat

    tomdkat Retired Trusted Advisor Thread Starter

    Joined:
    May 6, 2006
    Messages:
    7,148
    On a friend's 64-bit Windows 7 machine, Microsoft Security Essentials detected a supposedly infected file in the IE cache. The file is currently quarantined because I want to eventually restore it so I can look at it.

    The file is a HTML file that was detected as having "VirTools:JS/Obfuscator.gen!A". MSE is fully patched and updated with the latest definitions. This is the ONLY detection in the MSE history.

    IE8 is installed on the system but Google Chrome is the default and primarily used browser. Someone else HAS used the machine and apparently used IE to browse some sites.

    Now, the reason I started this thread is to ask two questions:

    1) If SUPERAntiSpyware (4.32.1002 with latest updates) and Malwarebytes (1.45 with latest updates) didn't detect anything, is this possibly a false positive detection by MSE?

    2) Is it possible to restore the infected file to a different location? I'm having some problems accessing it where it was originally found so I would like to restore the quarantined file to a different location so I can see what's up with it.

    Thanks!

    Peace...
     
  2. perfume

    perfume Banned

    Joined:
    Sep 12, 2008
    Messages:
    2,011
    Dear tomdkat,

    The answer to the question 1) Yes,what SAS and MBAM might have missed could definitely be found by another security program--MSE, in this case. Considering IE8's vulnerabilities and the suspicion that somebody has used that Browser, it is likely!

    2) Where do the quarantained files go? If MSE has not provided the path or was missed by your friend,then search,first off in IE's cache, there is a small tool which is an offering from MS itself--." IECacheView ". Site: http://www.howtogeek.com/howto/4592/view-internet-explorer-cache-files-the-easy-way/

    Okay, if it is not there, then where? I have found a tool which is akin to "search" function in Windows. "Agent Ransack". Download site : http://www.mythicsoft.com/page.aspx?type=agentransack&page=home

    Right, if you can locate the html "infected file", then the job is done! Otherwise ,we are back to square one! Here is another article, i culled out as further fodder to the fuel! http://www.malwarehelp.org/microsoft-security-essentials-real-time-protection-alert-levels-actions-2009.html (y)
     
  3. Mumbodog

    Mumbodog

    Joined:
    Oct 3, 2007
    Messages:
    7,889
    1. If you used quick scan, then MBAM/SAS may not have scanned those folders by default. No program is 100%, that is why I use 3 or more when cleaning a system.

    2. Some AV softwares allow you to restore it to a different location, In my AVG workstation edition, you can go into the virus vault and do a "restore as", then choose the folder.

    .
     
  4. tomdkat

    tomdkat Retired Trusted Advisor Thread Starter

    Joined:
    May 6, 2006
    Messages:
    7,148
    Yep, I fully realize this which is why I didn't let MSE delete the file but put it in the quarantine. The idea is to get it isolated so I can take a closer look at it later to see if it's an actual detect or a false positive by MSE.

    The question isn't "where is the quarantined file?" but "is it possible to restore the quarantined file to a different location?" MSE provides a restore function for quarantined items but it initially appears to restore it only to the original place where it was found. I would like to restore it somewhere else later so I can grab it and look at the file.

    Thanks, I'll check out this page and see what is says about restoring quarantined items. :)

    Peace..
     
  5. tomdkat

    tomdkat Retired Trusted Advisor Thread Starter

    Joined:
    May 6, 2006
    Messages:
    7,148
    Yep, I'm aware of this and used complete/full system scans in both SAS and MBAM. In fact, it was during a MBAM scan that MSE identified the infected file through a popup alert.

    Yep, I'm aware of this too and was hoping MSE provided this same kind of function. :)

    Thanks!

    Peace...
     
  6. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/917991

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice