Question about Microsoft Security Essentials

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

tomdkat

Thread Starter
Retired Trusted Advisor
Joined
May 6, 2006
Messages
7,148
On a friend's 64-bit Windows 7 machine, Microsoft Security Essentials detected a supposedly infected file in the IE cache. The file is currently quarantined because I want to eventually restore it so I can look at it.

The file is a HTML file that was detected as having "VirTools:JS/Obfuscator.gen!A". MSE is fully patched and updated with the latest definitions. This is the ONLY detection in the MSE history.

IE8 is installed on the system but Google Chrome is the default and primarily used browser. Someone else HAS used the machine and apparently used IE to browse some sites.

Now, the reason I started this thread is to ask two questions:

1) If SUPERAntiSpyware (4.32.1002 with latest updates) and Malwarebytes (1.45 with latest updates) didn't detect anything, is this possibly a false positive detection by MSE?

2) Is it possible to restore the infected file to a different location? I'm having some problems accessing it where it was originally found so I would like to restore the quarantined file to a different location so I can see what's up with it.

Thanks!

Peace...
 

perfume

Banned
Joined
Sep 12, 2008
Messages
2,011
Dear tomdkat,

The answer to the question 1) Yes,what SAS and MBAM might have missed could definitely be found by another security program--MSE, in this case. Considering IE8's vulnerabilities and the suspicion that somebody has used that Browser, it is likely!

2) Where do the quarantained files go? If MSE has not provided the path or was missed by your friend,then search,first off in IE's cache, there is a small tool which is an offering from MS itself--." IECacheView ". Site: http://www.howtogeek.com/howto/4592/view-internet-explorer-cache-files-the-easy-way/

Okay, if it is not there, then where? I have found a tool which is akin to "search" function in Windows. "Agent Ransack". Download site : http://www.mythicsoft.com/page.aspx?type=agentransack&page=home

Right, if you can locate the html "infected file", then the job is done! Otherwise ,we are back to square one! Here is another article, i culled out as further fodder to the fuel! http://www.malwarehelp.org/microsoft-security-essentials-real-time-protection-alert-levels-actions-2009.html (y)
 
Joined
Oct 3, 2007
Messages
7,889
1. If you used quick scan, then MBAM/SAS may not have scanned those folders by default. No program is 100%, that is why I use 3 or more when cleaning a system.

2. Some AV softwares allow you to restore it to a different location, In my AVG workstation edition, you can go into the virus vault and do a "restore as", then choose the folder.

.
 

tomdkat

Thread Starter
Retired Trusted Advisor
Joined
May 6, 2006
Messages
7,148
The answer to the question 1) Yes,what SAS and MBAM might have missed could definitely be found by another security program--MSE,
Yep, I fully realize this which is why I didn't let MSE delete the file but put it in the quarantine. The idea is to get it isolated so I can take a closer look at it later to see if it's an actual detect or a false positive by MSE.

2) Where do the quarantained files go? If MSE has not provided the path or was missed by your friend,then search,first off in IE's cache, there is a small tool which is an offering from MS itself--." IECacheView ". Site: http://www.howtogeek.com/howto/4592/view-internet-explorer-cache-files-the-easy-way/
The question isn't "where is the quarantined file?" but "is it possible to restore the quarantined file to a different location?" MSE provides a restore function for quarantined items but it initially appears to restore it only to the original place where it was found. I would like to restore it somewhere else later so I can grab it and look at the file.

Thanks, I'll check out this page and see what is says about restoring quarantined items. :)

Peace..
 

tomdkat

Thread Starter
Retired Trusted Advisor
Joined
May 6, 2006
Messages
7,148
1. If you used quick scan, then MBAM/SAS may not have scanned those folders by default. No program is 100%, that is why I use 3 or more when cleaning a system.
Yep, I'm aware of this and used complete/full system scans in both SAS and MBAM. In fact, it was during a MBAM scan that MSE identified the infected file through a popup alert.

2. Some AV softwares allow you to restore it to a different location, In my AVG workstation edition, you can go into the virus vault and do a "restore as", then choose the folder.
Yep, I'm aware of this too and was hoping MSE provided this same kind of function. :)

Thanks!

Peace...
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Top