locked
My Live OneCare didn't find 6 threats that the online version found and neither deleted them. RRS feed

  • Question

  •  

    Hi,

    I've noticed over the past month or so that the performance on my new (less than a year old) PC was getting slower and slower.  Then, after IE would hang and have to be aborted through the Task Manager every time I tried to open a new tab, I looked for ways to identify and remedy my problem.

     

    I found the website on MS site http://support.microsoft.com/gp/pc_ie_methodone0100.  After I made sure my system was up-to-date, I then followed the instructions to have my system scanned at this URL: http://onecare.live.com/scan.  When the scan was complete, it indicated that there were six threats.  There were check marks in all the boxes, which indicated which ones I wanted to delete, according to the instructions, and I clicked 'Next'.  The next screen indicated that none of them were removed and that the data would be uploaded to Microsoft.

     

    Well, I was a concerned about this, so I ran my version of Live OneCare's full system scan.  It didn't find a thing.  I was very upset and went to bed hoping it "went away".  I checked again tonight with the online version and the same six threats are still in my computer and that program failed once again to remove them.  Here is the list I was unable to copy or print (think goodness I still can type):

     

    Exploit: Java/ByteVerify.F

    Trojan: Java/ByteVerify

    Trojan: Java/Classloader

    TrojanDownloader: Win32/OpenConnection.P

    TrojanDownloader: Win32/OpenConnection.Q

    TrojanDownloader: Win32/ OpenStream.C

     

    I checked online about the first one, and it says not to delete it manually, but to let Live OneCare do it.  Well, if it can't find it, or has been corrupted, how can it do anything about it?  It is very upsetting to think I'm safe with this product when I am not at all.

     

    How can I get rid of this and find out why this program failed to prevent this from getting installed, failed to detect it once it was there, and failed to delete it once it was detected by the online version?  I need answers!

     

    Regards,

    Allan

     

    Friday, May 23, 2008 2:14 AM

Answers

  • Hello, Allan.

    The detection and signatures of the online free scanner and the full install should be the same at a minimum and better on the full install. I'm not sure why the free scanner is reporting these threats found when a full scan does not find them, particularly when the free scanner is then unable to remove what it claims to have found.

    In any event, the following instructions will get you help:

    If you are using Windows Live OneCare and you have been infected, but OneCare did not detect or cannot remove the malware, please contact support to report this and for help with removal.

    How to reach support (FAQ) - http://forums.microsoft.com/WindowsOneCare/ShowPost.aspx?PostID=2421771&SiteID=2

     

    If you are in North America, you can call 866-727-2338 for help with virus and spyware infections. See http://www.microsoft.com/protect/support/default.mspx  for details.  For international information, see your local subsidiary Support site.

     

    -steve

    Friday, May 23, 2008 2:31 PM
    Moderator

All replies

  • Hello, Allan.

    The detection and signatures of the online free scanner and the full install should be the same at a minimum and better on the full install. I'm not sure why the free scanner is reporting these threats found when a full scan does not find them, particularly when the free scanner is then unable to remove what it claims to have found.

    In any event, the following instructions will get you help:

    If you are using Windows Live OneCare and you have been infected, but OneCare did not detect or cannot remove the malware, please contact support to report this and for help with removal.

    How to reach support (FAQ) - http://forums.microsoft.com/WindowsOneCare/ShowPost.aspx?PostID=2421771&SiteID=2

     

    If you are in North America, you can call 866-727-2338 for help with virus and spyware infections. See http://www.microsoft.com/protect/support/default.mspx  for details.  For international information, see your local subsidiary Support site.

     

    -steve

    Friday, May 23, 2008 2:31 PM
    Moderator
  • I used the online free scanner and it found the Java ByteVerify.F problem as well (which Norton did not find).  However Live Onecare could not remove it, and the MS help page it pointed to did not resolve the problem.  Has anyone found a way to fix the issue or delete the trojan?

     

    Saturday, May 31, 2008 5:49 PM
  • The post above yours explains how to contact OneCare support and/or the PC Safety team for help with removal.

    -steve

     

    Saturday, May 31, 2008 9:08 PM
    Moderator
  • Steve,

    Actually no.  They did respond somewhat quickly (within 2 days), but I wasn't able to get to it until last night.  They gave me instructions to use the on-line scan (as described in my original post) in safe mode, and other ideas, but none of them worked.

    So, I used the on-line scanner again, and noticed that the next step that tells you that you what intruders are on your system, and whether or not it can remove them.  It says that one of the reasons that it can’t remove it is perhaps due to it being in use.  Then, if you expand on the intruder name the location is there also.  So, I opened up Windows Explorer and found all of them.  I deleted them all along with their index file (indicated by the ‘.idx’ extension), ran the virus check again, and they were gone.  Why is it that the online program that detected it couldn’t remove it?  Why couldn’t my purchased program even detect this?

     

    p.s. I had to add this one twice because the first time it didn't put my text it, and you deleted it as it appeard to be blank.  It took three more tries to get this to post this time.  Very odd.

    Sunday, June 1, 2008 2:15 AM
  • IDX file-type extension - as in an Outlook Express Mailbox Index File, or was it something else?  So the question is, were the file locations that you erased old pre-version 5 Outlook Express Mailboxes, which could have carried an infected attachment that can be detected but can't be cleaned by the OneCare Safety Scanner, because they were a mail store (.MBX file)?

     

    http://www.fileinfo.net/extension/idx

    Sunday, June 1, 2008 3:38 AM
  • I don't know why the online scanner saw the threats and not OneCare installed - that should not be the case. Had you run a complete scan with OneCare? Are there any exclusions in your Virus settings in OneCare? Where were the infected files actually located?

    -steve

    Monday, June 2, 2008 1:27 AM
    Moderator
  • I'm stumped why the online scanner saw anything that the installed OneCAre did not.  I had run a few FULL scans after the online one found what it did, and I was upset (to say the least) that the one I paid money for didn't find what the free one did.  I looked at all of the settings including the exclusions settings, and no matter what I did the installed version didn't see any intrusions.

     

    The funny thing is the reason I started this whole adventure was because of a problem with IE7.  When I would try to open up a tab from the main page that opens when you first start IE.  Normally, you get an indication that the system is "thinking" and opens up a window in this new tab you've opened up.  However, lately when I try to open a new tab (on a different computer than what I am on now) there's an indication that it is trying to open up a tab, but nothing happens.  After a few minutes the window freezes, you get the hourglass, and the process becomes unresponsive.  I've had to abort the process either with the Task Manger or clicking on 'X' in the upper right hand corner of the window.

     

    So, I was looking at that problem when I encountered this issue with intruders, spyware and bugs (oh my!).  I hope someone somewhere might be able to find out what's causing this problem.

     

    L8R,

    Allan

     

    Wednesday, June 4, 2008 2:32 AM
  • For the IE problem, have you tried disabling all add-ins? Deleting all temporary Internet files?

    -steve

     

    Wednesday, June 4, 2008 4:42 PM
    Moderator
  •  

    As far as the first 3 issues I had the same problem.

    To solve it go to Control Panel, double click on Java,  under Temporary Internet Files click Settings and then Delete Files.

    Run the scan again and they should be gone.

    Sunday, September 7, 2008 8:29 AM