Solved: Files possibly infiltrated and then skipped during the scan

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

jaeluuc

Thread Starter
Joined
Apr 30, 2006
Messages
87
I am clueless as to if I even have a problem -

I have whatever protection that comes with Windows defender, F-Secure anti-virus, and what I was told to download free Ad-Aware

I’m more than a little paranoid after my initiating fiasco. I figured if running scans once a week was good – daily is better! Plus I am so trying to learn it all!

Several times it appears that defender lets things get in – here is an example of defenders history: (I’m not impressed!)


NAME....................ALERT LEVE..................ACTION TAKEN............STATUS
Unknown.................Unknown......................Allow........5/9............Succeeded
Network Essentials....Severe........................Ignore.......5/9............Succeeded
KaZaA.....................Medium........................Remove....5/7............Failed
Altnet......................Medium........................Remove....5/7............Failed
Network Essentials...Severe..........................Ignore......5/7...........Succeeded
Unknown.................Unknown......................Allow........5/6...........Succeeded
Unknown.................Unknown......................Allow........5/4...........Succeeded


An example of the specific details of one of them:

Network Essentials Severe Ignore 5/9/06 Succeeded

Category: Browser Modifier

Description
: This program has potentially unwanted behavior

Advice: Remove this software immediately

Resources:
file:
F:\System Volume Information\_restore{CF7947OC-79F7-4821-8E34- 8E6EA7D3E7B5}\RP4\A0000395.exe

file:
F:\System Volume Information\_restore{CF7947OC-79F7-4821-8E34- 8E6EA7D3E7B5}\RP4\A0000396.EXE


There are many more in the \System Volume Information\, especially with Kaza (the F ‘brains’ are from an old computer years ago before we knew not to mess around with down loading ‘free’ music)



NOW; When I run the F-secure it comes back with a good report – nothing found

HOWEVER; it also tells me that it skipped 144 files! Almost all of which have to do with the F:\System Volume Information\......... (again not impressed!)

Here is the first page of the report:

Files not scanned:
• Cannot open file C:\hiberfil.sys
• Cannot open file C:\pagefile.sys
• Cannot open file C:\WINNT\Temp\TMP000000A9D418AAF235C81386
• Cannot open file C:\WINNT\system32\config\DEFAULT
• Cannot open file C:\Documents and Settings\Owner\Application Data\Microsoft\Windows Defender\FileTracker\{59728B2E-CCAF-4187-ADEA-BEE9179A5F90}
• Cannot open file C:\Documents and Settings\Owner\Application Data\ispnews\ispn.ini
• Cannot open file C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\012ab030439e389d6e2d92badf4b55ac_a585e4a4-9725-406e-b638-04f1dc8105ed
• Cannot open file C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2896f3d4c065abc478962f556961fc70_a585e4a4-9725-406e-b638-04f1dc8105ed
• Cannot open file F:\WINNT\BDE\BDEEngine2.dll
• Cannot open file F:\WINNT\$NtUninstallQ323172$\reg00003
• Cannot open file F:\WINNT\$NtUninstallQ319580$\reg00003
• Cannot open file F:\WINNT\$NtUninstallQ315000$\netsetup.exe
• Cannot open file F:\WINNT\$NtUninstallQ315000$\spuninst\spuninst.exe
• Cannot open file F:\WINNT\$NtUninstallQ314862$\qmgr.dll
• Cannot open file F:\WINNT\$NtUninstallQ314862$\spuninst\spuninst.exe
• Cannot open file F:\WINNT\$NtUninstallQ313484$\acgenral.dll
• Cannot open file F:\WINNT\$NtUninstallQ313484$\spuninst\spuninst.exe
• Cannot open file F:\WINNT\$NtUninstallQ311889$\termsrv.dll
• Cannot open file F:\WINNT\$NtUninstallQ311889$\spuninst\spuninst.exe
• Cannot open file F:\WINNT\$NtUninstallQ310507$\aec.sys
• Cannot open file F:\WINNT\$NtUninstallQ310507$\spuninst\spuninst.exe
• Cannot open file F:\WINNT\$NtUninstallQ309521$\dxmasf.dll
• Cannot open file F:\WINNT\$NtUninstallQ309521$\spuninst\spuninst.exe
• Cannot open file F:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP99\A0097546.ini
• Cannot open file F:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP99\A0097555.lnk
• Cannot open file F:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP99\A0097562.ini
• Cannot open file F:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP98\A0096302.ini
• Cannot open file F:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP98\A0096376.ini
• Cannot open file F:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP98\A0096384.lnk
• Cannot open file F:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP98\A0096392.ini
• Cannot open file F:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP98\A0096420.ini
• Cannot open file F:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP98\A0096428.lnk
• Cannot open file F:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP98\A0096435.ini

AND, When I tried to get to these files I was blocked in a variety of ways.

The Ad-Aware did not find anything either, but when you look at the number of files scanned compared to the others it is a lot lower.

Do I have a problem? Or is this normal –

And should I have more layers of protection?

Thanks for your time!

:confused:
 
Joined
Jul 8, 2002
Messages
14,681
Go to Start>>Run. Type msconfig and press Enter
Click Launch System Restore then click System Restore Settings
Put a checkmark next to Turn off system restore on all drives and click Apply>>OK
Close System Restore utility and the System Configuration Utility

Restart your computer

Go to Start>>Run. Type msconfig and press Enter
Click Launch System Restore then click System Restore Settings
Uncheck Turn off system restore on all drives and click Apply>>OK
Close System Restore utility and the System Configuration Utility

And see if its still skipping all those files
 

jaeluuc

Thread Starter
Joined
Apr 30, 2006
Messages
87
Thanks brendandonhu,
I'm still so very new to all of this and I'm scared of making a mistake!

When you say restart the computer, do you mean going through my usual proccess of logging off and shutting down and then starting as if it were the next day?

And I'm nervous about the restore - will there be any other steps that it might be taken for granted that I know what to do? - Because I truly am just now fumbling my way along!
 
Joined
Jul 8, 2002
Messages
14,681
Right, just turn it off and back on. Doing this will remove everything in C:\System Volume Information files
 

jaeluuc

Thread Starter
Joined
Apr 30, 2006
Messages
87
Yeah! No surprise steps involved!

I'll run the scan now and see if it goes into those files. I'll let you know as soon as it's done :)
 

jaeluuc

Thread Starter
Joined
Apr 30, 2006
Messages
87
Scan finally done

basically the same thing! - only 2 of the first 8 were slightly different!

so I still don't know if I have a potential problem here?
 

jaeluuc

Thread Starter
Joined
Apr 30, 2006
Messages
87
Thanks brendandonhu!

Okay, if you say I'm safe I'll let it go - it just looked a bit suspicious to me.

I'll mark it solved if we are done. :)
 

jaeluuc

Thread Starter
Joined
Apr 30, 2006
Messages
87
I know that I already marked this solved, but I feel like I should give an update / FYI / warning.

Since then, 'other' things have happened, installs of spyware protection , etc. and 'odd' things - after so many hours of this my head is spinning as to the all and when of it.

Bottom line:
I'm pretty sure that the skipped files should have alerted me that F-Secure was not functioning properly - I don't really know - but the # of skips kept increasing - and when it jumped from 300 to over 600 in a matter of hours - I called in TSG Live - dumped F-Secure and got Kaspersky - It got rid of almost 100 bad things -

If you have F-Secure, this might be a word of warning
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top