locked
So what's one care been doing the past few months ? RRS feed

  • Question

  • Todays 1care did it's normal weekly scan. The same scan it's been doing for several months. Last week or two, I removed a program that I don't use. And todays scan found a trojan in it's folder.

    So why did it miss this thing for the past few weeks ?
    the name is Trojan:Win32/Orsam!rts
    Sunday, June 21, 2009 11:42 PM

Answers

All replies

  • It is entirely possible that the trojan had not been previously identifed because it wasn't accounted for in the signatures. OneCare updates the signatures regularly, so it would seem that the signatures can now detect this trojan or the trojan just arrived. I would suspect the former, though.
    Did it remove it?
    If not, please contact support.
     

    How to reach support (FAQ) - http://social.microsoft.com/Forums/en-US/onecareinstallandactivate/thread/30400b52-7f26-4ba0-bc18-17e305329d90

    -steve


    Microsoft MVP Windows Live / Windows Live OneCare & Live Mesh Forum Moderator
    Monday, June 22, 2009 1:56 AM
    Moderator
  • And once again, MS & me are the only two that even know this thing exists. It hasn't even made it to google yet.
    And 1 care found & removed it.
    Monday, June 22, 2009 9:06 PM
  • Yes, I noticed that, too. I searched on the name and had no luck - even if I assumed a typo - win32/osram - I still couldn't find a specific reference to it.
    -steve
    Microsoft MVP Windows Live / Windows Live OneCare & Live Mesh Forum Moderator
    Monday, June 22, 2009 11:43 PM
    Moderator
  • This is similar to what happened to me about 8 weeks ago, when I stripped NIS 2009 from my system, after it started slowing down my system among other things, and causing problems with IE 8, and part of the problem was an update in early April for NIS 2009. After the mess with NIS 2009, I reinstalled OneCare, which I had on my system, up until Tuesday, since I'm beta testing Microsoft Security Essentials.

    What Live OneCare detected, that was detected only by one other AV Program, which happened to be McAfee, was the JS/Xilos which attempted to slide right on my system, right during websurfing on 64bit Vista running 32bit IE 8. If I had been running NIS 2009, safe bet would be that NIS 2009 wouldn't have detected JS/Xilos, and I now would have a Javascript virus running on my system.

    To make a long story short, Live OneCare, blocked, quarantined and then popped up asking me if I wanted it to totally wipe JS/Xilos out(remove), which I said yes to, and Live OneCare removed that sucker. Yes, even a 64bit OS can get a 32bit virus infection, when using a 32bit internet browser, I had this happen to me. This is contrary to what a lot of people will claim about a 64bit OS user not having to worry about viruses.
    Thursday, June 25, 2009 3:42 AM
  • Running 32 bit on a 64 bit os is no problem. Running 64 bit on a 32 bit os can't happen.
    Friday, June 26, 2009 2:09 PM
  • I got Win32/Orsam!rts on my computer yesterday. It was itentified and supposed to cleaned. However, I turned on my machine today and got a CMOS failure warning and still had the trojan. I had to fix my date and one care ownership. It had messed with my CMOS which caused problems with my One Care scanner. I had to work to get control of one care again. I am scanning to check if I got rid of the bug.
    Sunday, December 13, 2009 5:36 PM
  • I got Win32/Orsam!rts on my computer yesterday. It was itentified and supposed to cleaned. However, I turned on my machine today and got a CMOS failure warning and still had the trojan. I had to fix my date and one care ownership. It had messed with my CMOS which caused problems with my One Care scanner. I had to work to get control of one care again. I am scanning to check if I got rid of the bug.

     

    If you are using Windows Live OneCare and you have been infected, but OneCare did not detect or cannot remove the malware, please contact support to report this and for help with removal.

    How to reach support (FAQ) - http://social.microsoft.com/Forums/en-US/onecareinstallandactivate/thread/30400b52-7f26-4ba0-bc18-17e305329d90

    -steve


    ~ Microsoft MVP Windows Live ~ Windows Live OneCare| Live Mesh|MS Security Essentials Forums Moderator ~
    Monday, December 14, 2009 12:49 PM
    Moderator
  • I believe MSE will report this from the utility "ComboFix.exe".  I don't think its a legitimate threat as Combofix is a utility used to rewrite the reg. and restore so prior reg entries that have been corrupted by malware.  I've used this utility before and it works great for the real nasty stuff!
    Wednesday, May 5, 2010 5:11 PM
  • I believe MSE will report this from the utility "ComboFix.exe".  I don't think its a legitimate threat as Combofix is a utility used to rewrite the reg. and restore so prior reg entries that have been corrupted by malware.  I've used this utility before and it works great for the real nasty stuff!


    Wrong forum for MSE, though OneCare and MSE use the same engine/database. If you've observed this behavior, I suggest submitting the exe to the Antimalware portal for analysis:

    Please go to https://www.microsoft.com/security/portal/submit.aspx and submit a sample of the suspected file(s).

    Please choose "
    Microsoft Security Essentials" in the product field.

    -steve


    ~ Microsoft MVP Windows Live ~ Windows Live OneCare| Live Mesh|MS Security Essentials Forums Moderator ~
    Thursday, May 6, 2010 11:27 AM
    Moderator