locked
How do I see which files are infected after a virus scan? RRS feed

  • Question

  • Hi,

     

    I sat down at my computer this morning, and was presented with a dialog that said "Scan Report" and "OneCare found and automatically stopped 4 potentially harmful program(s).  When I clicked on "View Details" that says it stopped 1 "Trojan:JS/Nimda.A and 3 Virus:VBS/Iframe.  But it doesnt tell me where it found those viruses, which makes the results pretty much worthless.

     

    So, how do I determine which files were found to be infected?  I looked in eventvwr in the Windows OneCare log and the app log, but couldnt find anything about infected files.

     

     

    Thursday, September 13, 2007 1:06 PM

Answers

  • Create a One Care support log and you can view your antivirus scan results in detail. It shouldn't be necessary to do this but right now it's the only way.

     

    Thursday, September 13, 2007 4:50 PM
    Moderator

All replies

  • Create a One Care support log and you can view your antivirus scan results in detail. It shouldn't be necessary to do this but right now it's the only way.

     

    Thursday, September 13, 2007 4:50 PM
    Moderator
  • Jim, sorry to say but your cryptic answer falls in with all the help I have been able to find in OneCare.

     

    I recently had a MS tech refurbish my OneCare which had become corrupted. At the conclusion I mentioned that I was getting a msge from OneCare indicating that a file 'Exploit...........' had been stopped but could not be quarrantined. I did a manual search for ths file but could not locate it. The tech then showed me where the file was by virtue of a support log that he started for me.

     

    My problem is that I cannot find the support log! no matter how many searches and descriptions I use I just cannot find this log file. I did go to the Microsoft OneCare folder but tho there are several log files mentioned, none seem to have anything to do with blocked or quarrantined files.

     

    Can you help?  if so, could you notify me at janner47@yahoo.com

    TIA

    Tom

    Thursday, September 20, 2007 5:26 PM
  • Open OneCare.

    Click on Change Settings.

    Click on the Logging Tab

    Click on create support log.

    The support log will open in Internet Explorer for viewing.

     

    -steve

     

    Thursday, September 20, 2007 5:44 PM
    Moderator
  • Thanks for that Stephen - it is nice to get a clear response such as yours. While not to denigrate the answer that your colleague posted, it reminded of my days in university when, on opening a new text book (relating to my subject) I would invariably find the passage 'it is obvious from the foregoing'  ----

    what foregoing? here I am on the first page and in the first pargraph!!! Aaaaaaargh! 

     

    Tom

    Friday, September 21, 2007 1:34 AM
  • You're welcome, Tom.

    My answers can also be rather cryptic on occasion. :-)

    -steve

     

    Friday, September 21, 2007 4:14 PM
    Moderator
  • The answer was helpful for me as well. Thanks.

     

    Every day OneCare (beta 2) reports that it has prevented 14 items from running. The list is always the same, and the action is always shown as "quarantine failed."

     

    I see they are in Outlook .pst and .ost files and in email attachments.

     

    Why does quarantine fail on these?

     

    DEH

    Tuesday, September 25, 2007 3:05 PM
  • The message is actually a poor choice of words, in my opinion. The reality is that the infected messages can't be cleaned because they exist in a compressed form within the email store. The .pst file is a database. When OneCare scans these files, it uses the functionality for reading through the file that is installed on your PC, the engine in Outlook that handles your mail. Although OneCare can see the data that matches a signature file for an infection, it can't remove the infected data without risking the entire mail store. It lacks the capability to extract or move an individual email or attachment from the mail store.

    -steve

     

    Tuesday, September 25, 2007 3:37 PM
    Moderator
  •  

    yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy
    Thursday, September 27, 2007 9:47 AM
  • Steve,

     

    Do you know what is being improved to be able to locate and delete the files that are infected?  I was able to find one in the log and delete it, but now it's back and there is a second file that joined it - and deletion or quarantine failed on both.

     

    Will Microsoft have a fix for this soon?

     

    Judith

    Thursday, September 27, 2007 2:34 PM
  • It is a little better at this point. Open OneCare, click on change settings, go to the logging tab and create a support log. It opens in your browser. Scroll down to view the antivirus section that identifies the infected item. I'm hoping that this information will be presented *with* the message about the quarantine "failing" when an infection is found that cannot be removed without risking the mail store or other location such as the System Restore points. I don't know if that will happen, though.

    -steve

     

    Friday, September 28, 2007 1:04 AM
    Moderator