locked
"removing" vs. "quarantining" RRS feed

  • Question

  • What is the OneCare difference between "removing" and "quarantining" a newly found virus?  I just got Trojan:Win32/Killav.P.

    Tuesday, February 5, 2008 6:26 PM

Answers

  • Removing means that the threat was able to be deleted successfully without any impact to other files on the system.

    Quarantining means that it has been blocked and placed in a holding area as deletion of the file is not possible as it may be needed for the system or a installed program to function. In OneCare, you will find a Quarantine button to view files that are in the special area. Change Settings, Virus and Spyware tab.

    -steve

     

    Tuesday, February 5, 2008 8:40 PM
    Moderator

All replies

  • Removing means that the threat was able to be deleted successfully without any impact to other files on the system.

    Quarantining means that it has been blocked and placed in a holding area as deletion of the file is not possible as it may be needed for the system or a installed program to function. In OneCare, you will find a Quarantine button to view files that are in the special area. Change Settings, Virus and Spyware tab.

    -steve

     

    Tuesday, February 5, 2008 8:40 PM
    Moderator
  •  

    Why does : Trojan:Win32/Killav.P keep being detected by Live OneCare. This is the 4th time this week that I've deleted it & I am wondering if it's not being deleted because I've lost some of my music in my Windows Media 11. Please help. Thnx. Rob
    Monday, February 11, 2008 3:31 AM
  •  Robbizzle206 wrote:

     

    Why does : Trojan:Win32/Killav.P keep being detected by Live OneCare. This is the 4th time this week that I've deleted it & I am wondering if it's not being deleted because I've lost some of my music in my Windows Media 11. Please help. Thnx. Rob

    If the same threat is being detected repeatedly, you may want to determine *where* it is being detected by opening OneCare, clicking Change settings, and then going to the logging tab and clicking on Create a Support Log.

    The report will open in your web browser. Scroll down to the Virus and Spyware section to locate the detected infections and note the locations of the infected file.

    If the infections are found in _Restore\{GUID} (where GUID is a long series of letters and numbers) the infection is in your System Restore points. Turn off System Restore and then turn it back on. This will delete all saved Restore Points and eliminate the recurring virus alert. Note that doing this will prevent you from using System Restore to a time before you take this action.

    If you need help with this, please contact support - 

    How to reach support (FAQ) - http://forums.microsoft.com/WindowsOneCare/ShowPost.aspx?PostID=2421771&SiteID=2

    -steve
    Monday, February 11, 2008 1:32 PM
    Moderator
  • 2/11/2008 3:34 PM Windows Live OneCare found potentially harmful or unwanted software on your computer ... does this mean its in my C drive?

     

    And then in: C:\Program Files\Common Files\Real\Update_OB\realsched.exe

    C:\Program Files\Digital Media Reader\readericon45G.exe

    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

    C:\Program Files\McAfee\SpamKiller\MSKDetct.exe

    C:\Program Files\QuickTime\qttask.exe

    C:\Program Files\Qwest\QuickCare\bin\sprtcmd.exe

    C:\WINDOWS\ehome\ehtray.exe

    HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS\\C:\Program Files\Common Files\Real\Update_OB\realsched.exe

    HKCU@S-1-5-21-2731253379-2150285001-4019103877-1006\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\updateMgr

    HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\

    pid:2960

    C:\WINDOWS\ehome\ehtray.exe

    C:\Program Files\Qwest\QuickCare\bin\sprtcmd.exe

    C:\Program Files\QuickTime\qttask.exe

    C:\Program Files\McAfee\SpamKiller\MSKDetct.exe

    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

    C:\Program Files\Common Files\Real\Update_OB\realsched.exe

    C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

    C:\Program Files\Common Files\AOL\1153212132\EE\AOLSoftware.exe

    C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

    do i have to find all these files and take them out?

    Windows Live OneCare found potentially harmful or unwanted software on your computer
    Threat Name: Trojan:JS/Agent.FA
    Detection Date and Time: 2/9/2008 9:22 PM
    File Name: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\H4UALFCW\popup[1].htm
    Threat Severity: Severe
    Threat Category: Trojan
    Virus and spyware monitoring found potentially unwanted software: (ANTIVIRUS_ONACCESS)
    Threat Status:

    Removed

    2/4/2008 10:22 PM
    Windows Live OneCare found potentially harmful or unwanted software on your computer
    Threat Name: Trojan:Win32/Killav.P
    Detection Date and Time: 2/4/2008 10:15 PM
    File Name: C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
    Threat Severity: Severe
    Threat Category: Trojan
    Virus and spyware monitoring found potentially unwanted software: (ANTIVIRUS_ONACCESS)
    Threat Status: Removed
    Windows Live OneCare found potentially harmful or unwanted software on your computer
    Threat Name: Trojan:Win32/Killav.P
    Detection Date and Time: 2/4/2008 10:15 PM
    File Name: C:\Program Files\Common Files\AOL\1153212132\EE\AOLSoftware.exe
    Threat Severity: Severe
    Threat Category: Trojan
    Virus and spyware monitoring found

    Tuesday, February 12, 2008 12:09 AM
  • Based on your post, yes, it infected a number of files on the C:\ drive, but each time it tries to do it's dirty work, OneCare is removing the infection.

    I suggest that you run a full scan and then contact support if further infections are found after the full scan.

    -steve

     

    Tuesday, February 12, 2008 1:46 AM
    Moderator
  • will do thanks for all ov UR help there Steve. i will be doing as advised. you deserve a raise.

    Tuesday, February 12, 2008 4:09 AM
  • Good luck. As for the raise, a 100% raise on $0 still equals $0.  (We're volunteer moderators!)

    -steve

    Tuesday, February 12, 2008 1:06 PM
    Moderator
  • OMGosh good ppl who want, like, & are actually "here" to help! i gotta write this down! this is not the last you will hear from me mister! lol so far so good no tro juns. again thnx for all ov UR help and God bless all: volunteer moderators! may they all walk above all hackers in the light of day. & if they were hackers in thier past lives ... well you get the wiff ov thingz.

    Wednesday, February 13, 2008 1:53 AM
  •  Robbizzle206 wrote:

    OMGosh good ppl who want, like, & are actually "here" to help! i gotta write this down! this is not the last you will hear from me mister! lol so far so good no tro juns. again thnx for all ov UR help and God bless all: volunteer moderators! may they all walk above all hackers in the light of day. & if they were hackers in thier past lives ... well you get the wiff ov thingz.

     

    ps happy valentinez!!!

    Wednesday, February 13, 2008 1:54 AM
  •  Robbizzle206 wrote:
    ps happy valentinez!!!

    And the same to you.

    -steve

    Wednesday, February 13, 2008 3:27 PM
    Moderator
  • uh steve help please. my pc crashed! and everything is up and running somewhat up to par execpt that the pc doesnt play any dvds/r or rw whats goin on with that ive searched google n they offer a new player to play it on i dont wanna play dvds on a diff window i want to play in reg media player. Happy (late) St. Pattys Day! i only got pinched once. lol

    Thursday, March 20, 2008 7:39 PM
  •  Robbizzle206 wrote:

    uh steve help please. my pc crashed! and everything is up and running somewhat up to par execpt that the pc doesnt play any dvds/r or rw whats goin on with that ive searched google n they offer a new player to play it on i dont wanna play dvds on a diff window i want to play in reg media player. Happy (late) St. Pattys Day! i only got pinched once. lol

    It sounds like you may have reinstalled or repaired Windows and your problem is with the existing Media player and the codecs needed for playing DVDs.

    You may need to reinstall the Windows Media Player, but without knowing more about what happened in the crash, what you did to resolve it, or where the original DVD codecs came from, I can't offer more help than sending you to the Windows Media Player newsgroup for help:

    http://www.microsoft.com/communities/newsgroups/list/en-us/default.aspx?dg=microsoft.public.windowsmedia.player&cat=en_us_b80c408d-117a-4d9c-9ba5-55785432b592&lang=en&cr=us

     

    Windows Media Player downloads - http://www.microsoft.com/windows/windowsmedia/download/AllDownloads.aspx

     

    -steve

    Friday, March 21, 2008 3:29 PM
    Moderator