Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Symantec Antivirus Quarantined Infected File


  • Please log in to reply
2 replies to this topic

#1 lunalily

lunalily

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:31 PM

Posted 21 June 2007 - 04:50 PM

Hi! Truthfully, I don't know much about antivirus programs so I might be concerned about something unnecessary, but I'll thank you for helping me.

I have Symantec Antivirus and it has recently detected a Trojan Horse in a file during an Auto-protect scan.
Then I took the chance to delete what seemingly was the quarantined Trojan infected file. I checked the Quarantine folder and there was nothing in it.

Then I checked Threat History, and the Trojan infected file was recorded there. It said that the status was infected, and that the current location is in quarantine and that it was successfully quarantined. This was the part where I got confused.

Even though I know this is only the history, why would it state that the infected file is quarantined and not deleted? Does it mean that I didn't delete it when I thought I did? The history tells nothing of the file being deleted but only that it was quarantined successfully. However, nothing was in the quarantine folder.

In the history, I already had an incident with a Downloader Trojan Horse in April but it stated that the file was deleted successfully. Wouldn't this also apply to the recent one? The recently infected file was in the original location of C:\SYSTEM~1\_RESTO~1\RP557\ and I thought that maybe it had something to do with system restore.

Am I worrying too much if I think the infected file is "on the loose" and still in my computer? Or maybe that the status of the infected file only applies to the infection as part of recorded history? I am sorry if I made this overly confusing but I'll appreciate any help and suggestions. =] Thank you.

BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,103 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:31 PM

Posted 21 June 2007 - 05:07 PM

You can remove that file from system restore by deleting all restore points. Then reset a new restore point. Info on how to do that is in the link below. That might also clear up Symantec reporting it in quarantine when it actually isn't.
http://www.bleepingcomputer.com/tutorials/windows-xp-system-restore-guide/
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 lunalily

lunalily
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:31 PM

Posted 25 June 2007 - 04:11 PM

Thank you for your help. =]

Just today I had another Trojan detected in the auto-protect scan and the same thing happened with the previous one. So I disabled/enabled system restore after I deleted the infected file from quarantine. The status in threat history of the two recent trojans still indicate the location in quarantine but I hope that the infected files were deleted after the disabling of system restore. Anyway, since nothing too serious is happening to the computer, I guess I was worrying too much about the threat history in Symantec.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users