13 September 2007 13:06
I sat down at my computer this morning, and was presented with a dialog that said "Scan Report" and "OneCare found and automatically stopped 4 potentially harmful program(s). When I clicked on "View Details" that says it stopped 1 "Trojan:JS/Nimda.A and 3 Virus:VBS/Iframe. But it doesnt tell me where it found those viruses, which makes the results pretty much worthless.
So, how do I determine which files were found to be infected? I looked in eventvwr in the Windows OneCare log and the app log, but couldnt find anything about infected files.
13 September 2007 16:50ModeratorCreate a One Care support log and you can view your antivirus scan results in detail. It shouldn't be necessary to do this but right now it's the only way.
20 September 2007 17:26
Jim, sorry to say but your cryptic answer falls in with all the help I have been able to find in OneCare.
I recently had a MS tech refurbish my OneCare which had become corrupted. At the conclusion I mentioned that I was getting a msge from OneCare indicating that a file 'Exploit...........' had been stopped but could not be quarrantined. I did a manual search for ths file but could not locate it. The tech then showed me where the file was by virtue of a support log that he started for me.
My problem is that I cannot find the support log! no matter how many searches and descriptions I use I just cannot find this log file. I did go to the Microsoft OneCare folder but tho there are several log files mentioned, none seem to have anything to do with blocked or quarrantined files.
Can you help? if so, could you notify me at email@example.com
20 September 2007 17:44Moderator
Click on Change Settings.
Click on the Logging Tab
Click on create support log.
The support log will open in Internet Explorer for viewing.
21 September 2007 1:34
Thanks for that Stephen - it is nice to get a clear response such as yours. While not to denigrate the answer that your colleague posted, it reminded of my days in university when, on opening a new text book (relating to my subject) I would invariably find the passage 'it is obvious from the foregoing' ----
what foregoing? here I am on the first page and in the first pargraph!!! Aaaaaaargh!
21 September 2007 16:14Moderator
You're welcome, Tom.
My answers can also be rather cryptic on occasion. :-)
25 September 2007 15:05
The answer was helpful for me as well. Thanks.
Every day OneCare (beta 2) reports that it has prevented 14 items from running. The list is always the same, and the action is always shown as "quarantine failed."
I see they are in Outlook .pst and .ost files and in email attachments.
Why does quarantine fail on these?
25 September 2007 15:37Moderator
The message is actually a poor choice of words, in my opinion. The reality is that the infected messages can't be cleaned because they exist in a compressed form within the email store. The .pst file is a database. When OneCare scans these files, it uses the functionality for reading through the file that is installed on your PC, the engine in Outlook that handles your mail. Although OneCare can see the data that matches a signature file for an infection, it can't remove the infected data without risking the entire mail store. It lacks the capability to extract or move an individual email or attachment from the mail store.
27 September 2007 9:47
27 September 2007 14:34
Do you know what is being improved to be able to locate and delete the files that are infected? I was able to find one in the log and delete it, but now it's back and there is a second file that joined it - and deletion or quarantine failed on both.
Will Microsoft have a fix for this soon?
28 September 2007 1:04Moderator
It is a little better at this point. Open OneCare, click on change settings, go to the logging tab and create a support log. It opens in your browser. Scroll down to view the antivirus section that identifies the infected item. I'm hoping that this information will be presented *with* the message about the quarantine "failing" when an infection is found that cannot be removed without risking the mail store or other location such as the System Restore points. I don't know if that will happen, though.