locked
Undo Virus Removal RRS feed

  • Question

  • Live OneCare provided me with virus definition and decided that there was a virus in Outlook (poisonivy), but rather thn removing the specific email, it removed the Outlook.pst file.  Is there a way to recover this file, undo the virus removal or anything of that sort?  How does OneCare clean files from the hard drive?  Should they be recoverable from empty areas on the harddrive or is data written to those areas?

    I've already looked in all the usual places...undelete folder, temp folders, quarrantine folders but no luck.  I've also attempted to use file recovery tools, such as Recuva, without success.
    Sunday, January 31, 2010 4:56 PM

Answers

All replies

  • It surprises me that One Care would delete your entire .pst file. I suggest contacting support to see if there is a way to recover your .pst files. How to reach support - http://social.microsoft.com/Forums/en-US/onecareinstallandactivate/thread/30400b52-7f26-4ba0-bc18-17e305329d90

    Jim
    Microsoft MVP Consumer Security - Forum Moderator - Live One Care - Live Mesh - Microsoft Security Essentials
    Sunday, January 31, 2010 9:35 PM
    Moderator
  • Thank you for responding.  I contacted support and their first reaction was the same as yours, but after looking at the log it was confirmed.  Shown below.  Mostly stress that I should have used the backup feature.  Final recommendation was to contact Outlook support but I don't think there is much they can do without a file.  I was able to restore email contacts using the NK2 nickname file.

    This is where it stands with support "This is Arun Prakash with Windows Live OneCare Technical Support.  It was my pleasure to work with you on your OneCare service request # xxxxxx. I hope that you were completely pleased with the service provided to you.Based on our last conversation, for now I will go ahead and archive the case as Not-Resolved. If this is not correct or if you are not very happy with the support we've provided, please let us know as soon as possible. The case would be re-opened as soon as you give us a call concerning the same."

    Onecare log:

    Beginning threat actions
    Start time:Sat Jan 30 2010 18:08:52
    Threat Name:Backdoor:Win32/Poisonivy.I
    Threat ID:2147603699
    Action:remove
    File scheduled for removal on reboot
    File Name:C:\Documents and Settings\(username)\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst
    Resource action complete:Removal
    Schema:file
    Path:\\?\C:\Documents and Settings\(username)\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst
    Threat ID:2147603699
    Resource refcount:1
    Result:3010
    Finished threat ID:2147603699
    Threat result:0
    Threat status flags:2
    Finished threat actions
    End time:Sat Jan 30 2010 18:08:52
    Result:0
    ************************************************************

    Microsoft OneCare Protection Log, (c) 2006
    Stopped On Sat Jan 30 2010 18:10:26 (Exit Code = 0x0)
    ************************************************************

    Monday, February 1, 2010 12:03 AM
  • I've marked Jim's post as the answer as contacting support was the only possible solution. I'm sorry to read that it appears that the instructions for the specific malware you encountered caused the deletion of the .pst file. I was under the impression that this was resolved ages ago, but it would appear that it wasn't. I've contacted Microsoft and it has been escalated to the antimalware team. That doesn't help you since the file was removed, but it puts it on the plate of the antimalware team to fix in the engine and definitions.
    -steve


    ~ Microsoft MVP Windows Live ~ Windows Live OneCare| Live Mesh|MS Security Essentials Forums Moderator ~
    Monday, February 1, 2010 1:22 PM
    Moderator
  • Thanks for your clarification...I try to live by this:

    "Don't worry about life, you're not going to survive it anyway."
    Monday, February 1, 2010 5:35 PM
  • Thanks for your clarification...I try to live by this:

    "Don't worry about life, you're not going to survive it anyway."

    That's a great mantra. ;-)

    I think I need to remember that more often, too.

    -steve
    ~ Microsoft MVP Windows Live ~ Windows Live OneCare| Live Mesh|MS Security Essentials Forums Moderator ~
    Monday, February 1, 2010 6:05 PM
    Moderator
  • MailMess,
    We will need to get a sample.  Do you have an open support case?

    Thank you
    Hazel
    Wednesday, February 3, 2010 6:25 PM