So what's one care been doing the past few months ?
-
2009年6月21日 23:42Todays 1care did it's normal weekly scan. The same scan it's been doing for several months. Last week or two, I removed a program that I don't use. And todays scan found a trojan in it's folder.
So why did it miss this thing for the past few weeks ?
the name is Trojan:Win32/Orsam!rts- 已移动 Stephen BootsMVP, Moderator 2009年6月22日 1:54 from General (From:Windows Live OneCare General)
全部回复
-
2009年6月22日 1:56版主 It is entirely possible that the trojan had not been previously identifed because it wasn't accounted for in the signatures. OneCare updates the signatures regularly, so it would seem that the signatures can now detect this trojan or the trojan just arrived. I would suspect the former, though.
Did it remove it?
If not, please contact support.
How to reach support (FAQ) - http://social.microsoft.com/Forums/en-US/onecareinstallandactivate/thread/30400b52-7f26-4ba0-bc18-17e305329d90
-steve
Microsoft MVP Windows Live / Windows Live OneCare & Live Mesh Forum Moderator- 已标记为答案 Stephen BootsMVP, Moderator 2009年6月22日 1:56
-
2009年6月22日 21:06And once again, MS & me are the only two that even know this thing exists. It hasn't even made it to google yet.
And 1 care found & removed it. -
2009年6月22日 23:43版主Yes, I noticed that, too. I searched on the name and had no luck - even if I assumed a typo - win32/osram - I still couldn't find a specific reference to it.
-steve
Microsoft MVP Windows Live / Windows Live OneCare & Live Mesh Forum Moderator -
2009年6月25日 3:42This is similar to what happened to me about 8 weeks ago, when I stripped NIS 2009 from my system, after it started slowing down my system among other things, and causing problems with IE 8, and part of the problem was an update in early April for NIS 2009. After the mess with NIS 2009, I reinstalled OneCare, which I had on my system, up until Tuesday, since I'm beta testing Microsoft Security Essentials.
What Live OneCare detected, that was detected only by one other AV Program, which happened to be McAfee, was the JS/Xilos which attempted to slide right on my system, right during websurfing on 64bit Vista running 32bit IE 8. If I had been running NIS 2009, safe bet would be that NIS 2009 wouldn't have detected JS/Xilos, and I now would have a Javascript virus running on my system.
To make a long story short, Live OneCare, blocked, quarantined and then popped up asking me if I wanted it to totally wipe JS/Xilos out(remove), which I said yes to, and Live OneCare removed that sucker. Yes, even a 64bit OS can get a 32bit virus infection, when using a 32bit internet browser, I had this happen to me. This is contrary to what a lot of people will claim about a 64bit OS user not having to worry about viruses. -
2009年6月26日 14:09Running 32 bit on a 64 bit os is no problem. Running 64 bit on a 32 bit os can't happen.
-
2009年12月13日 17:36I got Win32/Orsam!rts on my computer yesterday. It was itentified and supposed to cleaned. However, I turned on my machine today and got a CMOS failure warning and still had the trojan. I had to fix my date and one care ownership. It had messed with my CMOS which caused problems with my One Care scanner. I had to work to get control of one care again. I am scanning to check if I got rid of the bug.
-
2009年12月14日 12:49版主
I got Win32/Orsam!rts on my computer yesterday. It was itentified and supposed to cleaned. However, I turned on my machine today and got a CMOS failure warning and still had the trojan. I had to fix my date and one care ownership. It had messed with my CMOS which caused problems with my One Care scanner. I had to work to get control of one care again. I am scanning to check if I got rid of the bug.
If you are using Windows Live OneCare and you have been infected, but OneCare did not detect or cannot remove the malware, please contact support to report this and for help with removal.
How to reach support (FAQ) - http://social.microsoft.com/Forums/en-US/onecareinstallandactivate/thread/30400b52-7f26-4ba0-bc18-17e305329d90
-steve
~ Microsoft MVP Windows Live ~ Windows Live OneCare| Live Mesh|MS Security Essentials Forums Moderator ~ -
2010年5月5日 17:11I believe MSE will report this from the utility "ComboFix.exe". I don't think its a legitimate threat as Combofix is a utility used to rewrite the reg. and restore so prior reg entries that have been corrupted by malware. I've used this utility before and it works great for the real nasty stuff!
-
2010年5月6日 11:27版主
I believe MSE will report this from the utility "ComboFix.exe". I don't think its a legitimate threat as Combofix is a utility used to rewrite the reg. and restore so prior reg entries that have been corrupted by malware. I've used this utility before and it works great for the real nasty stuff!
Wrong forum for MSE, though OneCare and MSE use the same engine/database. If you've observed this behavior, I suggest submitting the exe to the Antimalware portal for analysis:Please go to https://www.microsoft.com/security/portal/submit.aspx and submit a sample of the suspected file(s).
Please choose "Microsoft Security Essentials" in the product field.
-steve
~ Microsoft MVP Windows Live ~ Windows Live OneCare| Live Mesh|MS Security Essentials Forums Moderator ~
