Iniciar sesión
Microsoft.com
 
Microsoft
 
 
 
Microsoft >
Undo Virus Removal

Bloqueada Undo Virus Removal

  • domingo, 31 de enero de 2010 16:56
     
     
    Inicie sesión para votar
    0
    Live OneCare provided me with virus definition and decided that there was a virus in Outlook (poisonivy), but rather thn removing the specific email, it removed the Outlook.pst file.  Is there a way to recover this file, undo the virus removal or anything of that sort?  How does OneCare clean files from the hard drive?  Should they be recoverable from empty areas on the harddrive or is data written to those areas?

    I've already looked in all the usual places...undelete folder, temp folders, quarrantine folders but no luck.  I've also attempted to use file recovery tools, such as Recuva, without success.
       

    Todas las respuestas

    • domingo, 31 de enero de 2010 21:35
      Moderador
       
       Respondida
      Inicie sesión para votar
      0
      It surprises me that One Care would delete your entire .pst file. I suggest contacting support to see if there is a way to recover your .pst files. How to reach support - http://social.microsoft.com/Forums/en-US/onecareinstallandactivate/thread/30400b52-7f26-4ba0-bc18-17e305329d90

      Jim
      Microsoft MVP Consumer Security - Forum Moderator - Live One Care - Live Mesh - Microsoft Security Essentials
         
      • lunes, 01 de febrero de 2010 0:03
         
         
        Inicie sesión para votar
        0

        Thank you for responding.  I contacted support and their first reaction was the same as yours, but after looking at the log it was confirmed.  Shown below.  Mostly stress that I should have used the backup feature.  Final recommendation was to contact Outlook support but I don't think there is much they can do without a file.  I was able to restore email contacts using the NK2 nickname file.

        This is where it stands with support "This is Arun Prakash with Windows Live OneCare Technical Support.  It was my pleasure to work with you on your OneCare service request # xxxxxx. I hope that you were completely pleased with the service provided to you.Based on our last conversation, for now I will go ahead and archive the case as Not-Resolved. If this is not correct or if you are not very happy with the support we've provided, please let us know as soon as possible. The case would be re-opened as soon as you give us a call concerning the same."

        Onecare log:

        Beginning threat actions
        Start time:Sat Jan 30 2010 18:08:52
        Threat Name:Backdoor:Win32/Poisonivy.I
        Threat ID:2147603699
        Action:remove
        File scheduled for removal on reboot
        File Name:C:\Documents and Settings\(username)\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst
        Resource action complete:Removal
        Schema:file
        Path:\\?\C:\Documents and Settings\(username)\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst
        Threat ID:2147603699
        Resource refcount:1
        Result:3010
        Finished threat ID:2147603699
        Threat result:0
        Threat status flags:2
        Finished threat actions
        End time:Sat Jan 30 2010 18:08:52
        Result:0
        ************************************************************

        Microsoft OneCare Protection Log, (c) 2006
        Stopped On Sat Jan 30 2010 18:10:26 (Exit Code = 0x0)
        ************************************************************

           
        • lunes, 01 de febrero de 2010 13:22
          Moderador
           
           
          Inicie sesión para votar
          0

          I've marked Jim's post as the answer as contacting support was the only possible solution. I'm sorry to read that it appears that the instructions for the specific malware you encountered caused the deletion of the .pst file. I was under the impression that this was resolved ages ago, but it would appear that it wasn't. I've contacted Microsoft and it has been escalated to the antimalware team. That doesn't help you since the file was removed, but it puts it on the plate of the antimalware team to fix in the engine and definitions.
          -steve

          ~ Microsoft MVP Windows Live ~ Windows Live OneCare| Live Mesh|MS Security Essentials Forums Moderator ~
             
          • lunes, 01 de febrero de 2010 17:35
             
             
            Inicie sesión para votar
            0
            Thanks for your clarification...I try to live by this:

            "Don't worry about life, you're not going to survive it anyway."
               
            • lunes, 01 de febrero de 2010 18:05
              Moderador
               
               
              Inicie sesión para votar
              0
              Thanks for your clarification...I try to live by this:

              "Don't worry about life, you're not going to survive it anyway."

              That's a great mantra. ;-)

              I think I need to remember that more often, too.

              -steve
              ~ Microsoft MVP Windows Live ~ Windows Live OneCare| Live Mesh|MS Security Essentials Forums Moderator ~
                 
              • miércoles, 03 de febrero de 2010 18:25
                Propietario
                 
                 
                Inicie sesión para votar
                0
                MailMess,
                We will need to get a sample.  Do you have an open support case?

                Thank you
                Hazel