locked
Possible Fix for Quarantine "Unknown Error" Message RRS feed

  • Question

  • I contacted Support almost 2 weeks ago about the Quarantine “unknown error” problem (SRX1056853449), and have not heard from them for a week now. The problem began when OneCare failed to detect Win32.Agent.drq (Kaspersky), which was being started by the system under the alias of “avp.exe”, and was defeating the firewall as “mgrs.exe”. I was deluged by malware and still have virus-like behavior. After running "AntiMalwareRepair.exe" and reinstalling I still had the “unknown error” message. I contacted Support and they suggested “CaclsDeleteDB.exe”, which also had no effect. I just tried reinstalling with “onecarecleanup.exe” because I noticed that the quarantined items are not deleted during a normal uninstall. This failed to eliminate the error message and also didn’t delete the quarantined items. I found the quarantined items stashed away in C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\ Entries. I deleted the entries and this cleared the Quarantine and the error message. My guess (and that's all it is) is that one of the entries was corrupt. If this is the case, it appears that the OneCare error-handling code for quarantined items might need some brushing up. Steve, I am impressed by your even-handed and fair-minded handling of the forum, and will defer to your judgment on whether this is a safe and effective fix for this issue.

    Thursday, February 7, 2008 9:55 PM

Answers

  • Update and Revision: In order to test the hypothesis that a single corrupt entry in the quarantine folder was the source of the “unknown error” message, I restored all of the deleted entries one by one. I was able to restore, view, and delete all of the entries except one, which threw up the familiar error message: "The virus and spyware protection service encountered an unknown problem. Please try again later. If the problem persists, contact support."  I can send you this file if you wish, but I was primarily interested in confirming that file corruption was the culprit here. The revised fix would then be to purge the Entries folder, and restore each entry for examination and potential deletion. This should pinpoint the corrupt file and allow users to send it in for analysis. Hope this helps. GreginMich

    Sunday, February 10, 2008 9:18 PM

All replies

  • Thanks for this information, GreginMich. The possible explanation of this was just posted today in this thread - http://forums.microsoft.com/WindowsOneCare/ShowPost.aspx?PostID=2792198&SiteID=2

     

    Eddy noted that a problem in the Quarantine folder could cause exactly the problem you describe and your solution supports this notion.

     

    Thanks for the kind words, but I'll need to defer to the OneCare team on this one, though I plan to keep it in mind. There's no reason to not delete the contents of the Quarantine folder unless there is a possibility of a false positive residing within that you'd want to recover.

     

    -steve

    Friday, February 8, 2008 2:06 AM
    Moderator
  • Update and Revision: In order to test the hypothesis that a single corrupt entry in the quarantine folder was the source of the “unknown error” message, I restored all of the deleted entries one by one. I was able to restore, view, and delete all of the entries except one, which threw up the familiar error message: "The virus and spyware protection service encountered an unknown problem. Please try again later. If the problem persists, contact support."  I can send you this file if you wish, but I was primarily interested in confirming that file corruption was the culprit here. The revised fix would then be to purge the Entries folder, and restore each entry for examination and potential deletion. This should pinpoint the corrupt file and allow users to send it in for analysis. Hope this helps. GreginMich

    Sunday, February 10, 2008 9:18 PM
  • Greg, I'm quite sure Eddy would want a look at that file, so please hold on to it, if possible.

    -steve

     

    Monday, February 11, 2008 1:58 AM
    Moderator
  • We have been seeing more of this issue lately over at support. It seems that by either deleting the entries within the Quarantine folder or by deleting the Quarantine folder itself the issue gets resolved. It is highly probable that it is a corrupted data in the Entries folder that is causing this problem. Thank you for your added insight regarding this problem.

     

    Tuesday, February 19, 2008 12:01 AM