Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can I Delete Any Of These Files?


  • Please log in to reply
3 replies to this topic

#1 mohmama3

mohmama3

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:04:08 AM

Posted 24 December 2007 - 05:35 AM

My security caught the viruses and attempted to clean it. It quarantined these files. Can any of these files be deleted from quarantine or should I leave them alone?


FILE NAME: in[1].mov VIRUS NAME: Bloodhound.Exploit.109 ORIGINAL LOCATION: C:\Documents and Settings\Pat\Local Settings\Temporary Internet Files\Content.IE5\OSEBQZ3I\

FILE NAME: index[1].gif VIRUS NAME: Downloader ORIGINAL LOCATION: C:\Documents and Settings\Pat\Local Settings\Temporary Internet Files\Content.IE5\3QWBKYU5\

FILE NAME: A0112144.DLL VIRUS NAME: Trojan Horse ORIGINAL LOCATION: C:\SYSTEM VOLUME INFORMATION\RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP514\

FILE NAME: 6.TMP VIRUS NAME: Downloader ORIGINAL LOCATION: C:\DOCUME~1\Pat\LOCALS~1\Temp\_avast4_\unp214083506.tmp\

FILE NAME: 6.TMP VIRUS NAME: Downloader ORIGINAL LOCATION: C:\DOCUME~1\Pat\LOCALS~1\Temp\_avast4_\unp220791189.tmp\

FILE NAME: index[1].gif VIRUS NAME: Downloader ORIGINAL LOCATION: C:\Documents and Settings\Pat\Local Settings\Temporary Internet Files\Content.IE5\WLMVKTAF\

FILE NAME: 1CC.tmp VIRUS NAME: Win32:Trojan-gen {Other} ORIGINAL LOCATION: C:\

FILE NAME: AOO60848.exe VIRUS NAME: Win 32:PurityScan-V {Trj} ORIGINAL LOCATION: C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP429\

FILE NAME: mshtml2.exe VIRUS NAME: Win 32:PurityScan-V {Trj} ORIGINAL LOCATION: C:\DOCUME~1\Pat\LOCALS~1\Temp\

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,492 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:08 AM

Posted 24 December 2007 - 09:29 AM

When an anti-virus quarantines a file by moving it into a virus vault (chest), that file is essentially disabled and prevented from causing any harm to your system. The quarantined file is safely held there and no longer a threat until you take action to delete it. One reason for doing this is to prevent deletion of a crucial file that may have been flagged as a "False Positive". If that is the case, then you can restore the file. Doing this also allows you to view and investigate the files while keeping them from harming your computer. Quarantine is just an added safety measure. When the file in the vault is known to be bad, you can delete it at any time.

After deleting your quarantined files, please download ATF Cleaner by Atribune & save it to your desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

Next you should Create a New Restore Point to enable your computer to "roll-back" to a clean working state. Then use Disk Cleanup to remove all but the most recently created Restore Point.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 mohmama3

mohmama3
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:04:08 AM

Posted 25 December 2007 - 05:49 AM

Thank you for your response. My only problem is determining if the files are a false positive and should be restored or if it is a bad file and could be deleted. How can I tell which it is?

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,492 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:08 AM

Posted 25 December 2007 - 09:58 AM

You can delete those files above which you have indicated were moved into quarantine. Most of your infected files were in your Internet Temp files and in the System Volume Information Folder (SVI) which is a part of System Restore. This is the feature that allows you to set points in time to roll back your computer to a clean working state. System Restore will back up the good as well as the bad files so when malware is present on the system it gets included in any restore points.

If you don't know what a process is or you come across a suspicious file, search the name using Google or the following links:
BC's File Database
BC's Startup Programs Database
File Research Center
ThreatExpert Malware Search
If no search results are found, you are given the option to "Submit a New Sample".

Determining whether a file is malware or a legitimate process sometimes depends on the location (path) it is running from. One of the ways that malware tries to hide is to give itself the same name as a critical system file. However, it then places itself in a different location on your computer. A file's properties may give a clue to identifying it. Right-click on the file, Properties and examine the General and Version tabs.

You can download and use Process Explorer or Glarysoft Process Manager to investigate all running processes and gather additional information to identify and resolve problems. These tools will show the process CPU usage, a description and its path location. If you right-click on the file in question and select properties, you will see more details about the file.

Anytime you come across a suspicious file which you cannot find any information, the file has a legitimate name but is not located where it is supposed to be, or you want a second opinion, submit it to jotti's virusscan or virustotal.com. In the "File to upload & scan" box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis.
Post back with the results of the file analysis.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users