locked
does this thing work ? RRS feed

  • Question

  • Virus:Win32/Virut.gen!E
    I have no idea what that is.
    here's some of the log on this. There's about 10 duplicates of everything below.

    Virus and spyware monitoring found potentially unwanted software: (ANTIVIRUS_ONACCESS)
    Threat Status: Remove failed
    ----------------------
    Virus and spyware monitoring found potentially unwanted software: (ANTIVIRUS_ONACCESS)
    Threat Status: Clean failed
    ------------------------
    Virus and spyware monitoring found potentially unwanted software: (ANTIVIRUS_ONACCESS_INFECTED)
    Threat Status: Detected
    not really sure what to make of this infected.. I'm assuming it just means the program I had in my temp folder was infected.
    -------------------
    4/2/2009 4:40 PM

    Windows Live OneCare found potentially harmful or unwanted software on your computer
    Threat Name: Virus:Win32/Virut.gen!E
    Detection Date and Time: 4/2/2009 4:40 PM
    File Name: C:\Users\cintiq\AppData\Local\Temp\rpSmqbgo.exe.part
    Threat Severity: Severe
    Threat Category: Virus
    Virus and spyware monitoring found potentially unwanted software: (ANTIVIRUS_ONACCESS_INFECTED)
    Threat Status: Detected
    This one has me confused. there was only a detection on it. It should be a legitimate file. Not sure why it only says '.part' that suggests part of a download. It shows the same infection as everything else. I did update to the newest cintiq drivers yesterday. But there was no prompt to remove or clean this one. Plus it's in a complete different part of the drives folders. I'm thinking that folder is only used to install drivers and other stuff to individual accounts. The file itself no longer exists [suggesting it was part of the driver update.] And with no other comments than detected, I have no idea what happened or why..

    -----------------------------------
    Now repeat those detections/failures about 10 times. What with my level of trust to a machine, and a program, that's how long it took me to throw in the towel and put a stop to it's repetitive sillines..
    ----------------------
    It couldn't clean the file, it couldn't remove it.
    I put the cursor on it and hit delete. Gone...

    What's wrong with this program, it can't do a simple deletion ? Or for that matter, ask to scan/remove ONLY once ?
    This is why I don't have the 'take automatic actions against software rated moderate also' toggled to yeah, yeah delete my hard drive without asking..

    It can't or doesn't delete what it determines as severe [I'm glad it detects it], what does it consider moderate ? and what are these automatic actions ?

    Or is this more problems related to that update that fouled up my program ?
    Maybe Conficker problems ?
    Friday, April 3, 2009 1:33 PM

Answers

  • I've seen similar behavior when the file is in use. The other possibility, since it was in your temp folder was that the file was regenerated before it could be deleted by OneCare.
    Do you have anything else that might be scanning files on access? That would be my first suspicion for the repeated failed attempts to delete or quarantine the file. The other hint is the "part" in the file name, indicating that perhaps the file was in process of being downloaded/unpacked, hence held in place by whatever program was doing this, so OneCare could not delete the file.

    I don't know what causes an infection to be tagged as severe, low, moderate, other than information for the infection in the signature database.

    The selection for automatic actions for moderate would mean that when an infection is found, it will be quarantined, cleaned or deleted if detected, without prompting you first.
    -steve
    Microsoft MVP Windows Live / Windows Live OneCare & Live Mesh Forum Moderator
    Friday, April 3, 2009 3:41 PM
    Moderator

All replies

  • I've seen similar behavior when the file is in use. The other possibility, since it was in your temp folder was that the file was regenerated before it could be deleted by OneCare.
    Do you have anything else that might be scanning files on access? That would be my first suspicion for the repeated failed attempts to delete or quarantine the file. The other hint is the "part" in the file name, indicating that perhaps the file was in process of being downloaded/unpacked, hence held in place by whatever program was doing this, so OneCare could not delete the file.

    I don't know what causes an infection to be tagged as severe, low, moderate, other than information for the infection in the signature database.

    The selection for automatic actions for moderate would mean that when an infection is found, it will be quarantined, cleaned or deleted if detected, without prompting you first.
    -steve
    Microsoft MVP Windows Live / Windows Live OneCare & Live Mesh Forum Moderator
    Friday, April 3, 2009 3:41 PM
    Moderator
  • Hah. 1care gives me 10 repeats of the same thing. And you go for 2 repeats.
    I don't know anything about the cintiq temp thing. That was in the log for 4/2/2009 4:40 PM. The repetitive stuff happened with a file I downloaded to my PERSONAL C:\TEMP folder where I stick everything until I clear it for further use.
    the cintiq thing seems to be fallout or shrapnel. I have no idea how or why 1care alerted on that file ALSO.

    The time of the detections, I was in the C:\temp folder. I wasn't doing anything other than responding to 1care to delete with every popup that came up.

    1care did a full scan. found nothing. 2B safe I also did a minor and full scan with malwarebytes and hijackthis. MW found nothing, and I found nothing new or strange in HJT.

    I just figured 1care had been bitten and was falling apart. I picked up something awhile back by accident, a window popped in front of me with some sort of warning to download and run some virus thing, [I thought it was part of Mcaffee] When it fired up, the lack of controls told me I'd been had, and hit task manager, and put a stop to it.
    About 15 seconds running totalled Mcaffee.

    Yeah automatic actions. Like I said b4, I want to let the machine do it's own thinking.. NOT!. That's why I also got bit by that update. Automatic updates.

    I'm just hoping this is still the best detection software available.
    Friday, April 3, 2009 11:54 PM