locked
Quaratined item in one care RRS feed

  • Question

  • one care quaratined a malicious application in my local folder named  exploit" JL/shellcode generator.it is in quaratine,but the advice from my onecare virus program says

    Advice:remove this software immediately

    My question is,how do I remove it,and if windows found it why did it not remove it as it knew it was a dangerous virus...Please help

    Sunday, September 14, 2008 4:49 PM

Answers

  • MCA;

    Are you certain the detection said "JL/ShellCode.generator", and not just "JL/ShellCode.gen".  The gen designation would mean it's a generic detection for objects that exibit suspicious behavior, not that it's confirmed as being malicious.  In that case, putting it in the quarantine folder, where it can do no harm is appropriate, because if it was a mistaken identification and it was automatically deleted, you would then have no capability to restore it.  Deleting a file in quarantine is no problem, once you intelligently establish that you really don't need or want that file.

    Sunday, September 14, 2008 6:46 PM

All replies

  • MCA;

    Are you certain the detection said "JL/ShellCode.generator", and not just "JL/ShellCode.gen".  The gen designation would mean it's a generic detection for objects that exibit suspicious behavior, not that it's confirmed as being malicious.  In that case, putting it in the quarantine folder, where it can do no harm is appropriate, because if it was a mistaken identification and it was automatically deleted, you would then have no capability to restore it.  Deleting a file in quarantine is no problem, once you intelligently establish that you really don't need or want that file.

    Sunday, September 14, 2008 6:46 PM
  • moonchildangel,

     

    Thank you for visiting the OneCare program forum.

     

    Please review and go through the instructions for removing files from OneCare quarantine.

    View the properties and the location of the infected software

    1. In the OneCare scan report, under Software, click the name of the file that OneCare cannot clean or quarantine.
    2. Make a record of the infected file's name, location, and the date that the file was created.
    If the infected file is an executable file from an installed program and OneCare cannot clean it, remove the program, and then reinstall it from the original installation disk. Or, you can restore the file from a backup copy.

    For more information about how to restore files from a backup copy, visit the following Web site:

    If you know when the file was infected, you can use the System Restore feature in Windows XP or in Windows Vista to restore the computer to a point before the file was infected.

    If the infected file is a data file, such as a .doc or an .xls file, locate the file, right-click the file, and then click Scan for viruses. If you cannot manually clean a file, try to restore the file from a backup copy.

    If the infected file is a Microsoft Outlook .pst file, delete the file. To do this, follow these steps:

    1. Open Outlook.
    2. On the File menu, point to Open, and then click Open Data File.
    3. Click the appropriate .pst file, and then click OK.
    4. In the left navigation bar, click the folder where the infected file is located.
    5. Find the e-mail message that contains the infected file.
    6. Right-click the message, and then click Delete.
    7. Right-click the Deleted Items folder, and then click Empty "Deleted Items" Folder.
    8. On the desktop, right-click Recycle Bin, and then click Empty Recycle Bin.

    Perform a virus scan

    1. Open OneCare.
    2. In the OneCare main window, in the Protection Plus area, click Scan for viruses and spyware.
    3. In the Choose a scan window, click Custom Scan.
    4. Under Choose what to scan, select the check boxes for the files, folders, or disk drives that you want to scan.
    5. Click Scan.
    If the file becomes infected again, make sure that your browser's home page is set to a known, reputable Web site.

    Additionally, you can manually update the antivirus signatures. To do this, follow these steps:
    1. Open OneCare.
    2. In the main OneCare window, under Protection Plus, click Check for updates.
    3. Restart the computer.

    Verify your Windows Live OneCare virus and spyware scanning settings

    1. Open OneCare.
    2. Under Quick links, click Change settings.
    3. On the Viruses and Spyware tab, under Virus and spyware monitoring, make sure that the Also look for virus-like behavior check box is selected.
    4. Under Advanced settings, click Exclusions. Make sure that the file is not excluded from a scan.

    Run a complete virus and spyware scan on the computer

    1. Open OneCare.
    2. In the main OneCare window, under Protection Plus, click Scan for viruses and spyware.
    3. In the Choose a scan window, click Complete Scan.

     

    I hope this helps,

     

    Lori MS

    Wednesday, September 17, 2008 9:20 PM
  • Lori,

      This is the exact information that one care is recomending.I am going to write it out word for word as to the quarantined file:

     

    Description:This program is dangereous and exploits the computer on which it runs

    Category: Exploit

    Advice: Remove this software immediately

    Resources: App Data\Local\Microsoft\Windows\Temporary Internet Files\Low|Content.IE5\7OH1B7P4\x12c[1].htm

     

     

     

     

    File                   Where Found             Date Quarantined     Potential Threat

    x12c[1].htm ...C:\users\Moms-PC\App......9/6/08        Exploit:JS/ShellCode.gen

     

     

     

     

    Lori,

         I need simple laymans term to get rid of this item.I am not an IT Pro, but I can follow simple directions if you will please direct me to the simpliest mode to get this Item removed. Thank-you so much for trying to help me. I will be waiting for your reply.

                                                                                   Sincerely,

                                                                                         moonchildangel

     

    Tuesday, September 23, 2008 10:50 AM
  • moonchildangel,

     

    Please run the PC Safety Scanner here.

     

    http://onecare.live.com/site/en-US/default.htm

     

    I hope this helps,

     

     

    Lori MS
    Tuesday, September 23, 2008 3:53 PM
  • Open your web browser settings and delete the Temporary Internet Files. The cached web page is where the threat has been detected. If you visit the site that served that page to you again and it remains coded with what OneCare thinks is this exploit, you will once again see the warning.

    -steve

     

    Thursday, September 25, 2008 5:06 PM
    Moderator