locked
OneCare detected Virus & Worm incorrectlly RRS feed

  • General discussion

  • Live OneCare detected Virus:Win32/Magistr.B@mm & VBS/Generic2 and Worm:WIN32/Klez.H@mm in Inbox.nco & Trash.nco. These were files backed up with Nero Backitup and the compressed file extension was nco. No viruses or worms were found in the original files these were backed up from.

     

    After marking these files as "Restore" in "Manage Files in Quarantine" "Review last scan report" from main Live OneCare screen showed "OneCare found no potentially harmful or unwanted software on your computer" .  Should the "Last scan report" not indicate what was found and that the uses restored these files? I just don't like there not being any trace of what was found initially.

    Tuesday, August 21, 2007 2:50 PM

All replies

  • Hi, Ernie. The Last Scan report is from a full scan during Tune-up or run manually. Yes, I would expect that threats that were quarantined should be reported there.

     

    Please file a bug on Connect:  https://connect.microsoft.com/site/sitehome.aspx?SiteID=168

    See the Bug Submission Guide - http://connect.microsoft.com/content/content.aspx?ContentID=3480&SiteID=168 - for details on how to create and submit the Support Log zip file with your bug.

    -steve
    Tuesday, August 21, 2007 4:08 PM
    Moderator
  • Steve: Thanks for the info. I have filed a BUG through connect feedback. It took me a while to get setup in the connect feedback so I could file the bug.

    Monday, August 27, 2007 6:53 PM
  • Thanks, Ernie.

    -steve

    Monday, August 27, 2007 6:56 PM
    Moderator
  • Steve: I have narrowed this down. The scheduled virus and tune-up scan does not find these. Only if you do a manual detail or complete scan does the program give this error message. I don't know what the difference is between the two scans but while monitoring both scans they appear to scan these files both times. But only the manual complete scan has this problem.

    Wednesday, September 5, 2007 3:26 PM
  • So, once you restored the two files, the only time you get a hit saying they are infected is when running a full scan, but not a full scan during tune-up? The scheduled scan is a higher level, while a complete scan, deep scans.

     

    --steve

    Wednesday, September 5, 2007 11:50 PM
    Moderator
  •  

    I ran the SD Fix and here is copy of log and i keep getting erros of win pro virus pop ups and windows defender keeps finding w32. foto on heeand removes it and it keeps returning??? What can I do to fix this????  I also would like to know which free virus protector is better? Live one or AVG???  Thank you

                                                                  Melissa

     


    SDFix: Version 1.102

    Run by Owner on Thu 09/06/2007 at 01:28 PM

    <snipped>

    Thursday, September 6, 2007 6:10 PM
  • I see that you have used a ( specific removal tool ) thus it only removed limited number of  infections in your computer. as per option for further asssistance proceed getting assistance from Microsoft Security 866 272 2338 with the complete removal of all things bad in your personal computer and for you inquiry Windows Live Onecare comes in 90 day free trial option which you can use.

     

    Thursday, September 6, 2007 6:43 PM
  • Hello,

     

    Does anybody know what this process is?

     

    wpnsvc.exe:3632 TCP server94:2561 69-64-77-200.dedicated.abac.net:1750 ESTABLISHED

     

    It fires up if I kill it. It resides invisibly in c:/winnt/HELP. I tried Windows Live Care but I couldnt install it on a windows 2003 server. What antivirus is reccomended for a medium-duty windows 2003 server? 

    Thanks

    Sunday, September 9, 2007 11:10 AM
  • I would advise you to use Microsoft Forefront for Win2k3 ( Windows Server 2003 )

    the link for the said security application is

    http://www.microsoft.com/forefront/default.mspx

     

    if you are willing, and would like to share a copy of this file with Microsoft Research for identification and a proper answer for what this file is please zip the file and put a password on it ( or use winrar ) and the password would be unknown and please e-mail the said file on a password enabled file secure@microsoft.com

     

    note please indicate within the e-mail the password:unknown

     

     

    thank you

    Monday, September 10, 2007 1:07 AM