Failed to delete 007.2Search

[Guest]

Completed a full scan and found file 007.2Search with recommendation that it
should be removed. Attempted to do this with the following error "Failed,
0x80004005. Unspecified error". Each time the scan completes the same file
and error are reported. Any ideas?

Many thanks,

 

[Guest]

Hello Mick,

You can go to the System Event log:

Start, Run, eventvwr.msc <enter>

Click on the System event log

Go to View, choose Filter, and choose "windefend" in the source control.

Look for yellow triangle entries that give the precise path and location of
what was detected, and use the button provided to paste the content of the
detection back to a message here.
------
What error message do you get in trying to remove it? Have you tried doing
the scan and removal in Safe mode?
------
Report a possible spyware problem to Microsoft
http://www.microsoft.com/athome/security/spyware/software/support/reportspyware.mspx
AND
(e-mail address removed)
Full details on how to submit here:
http://www.microsoft.com/athome/security/spyware/software/support/reportspyware.mspx
--
Also, try on-line this:
You can run in safe mode with networking, fwiw.
http://www.ewido.net/en
http://safety.live.com/site/en-US/default.htm

D/L and install / update
http://www.lavasoftusa.com
http://www.safer-networking.org/

I hope this post is helpful.
Let us know how it works ºut.
Еиçеl
---

 

[Guest]

Here's the copy of the log

Event Type: Warning
Event Source: WinDefend
Event Category: None
Event ID: 1006
Date: 12/04/2006
Time: 02:26:29
User: N/A
Computer: COMPUTER1
Description:
Windows Defender scan has detected potential malware.
For more information please see the following:
http://www.microsoft.com
Scan ID: {D27520ED-DC7D-44A6-871E-F6DD85D55257}
Scan Type: AntiSpyware
Scan Parameters: Full Scan
User: NT AUTHORITY\NETWORK SERVICE
Threat Name: 007.2Search
Threat Id: 16269
Threat Severity: 4
Threat Category: 2
Path Found: file:C:\System Volume
Information\_restore{FFCF2C5D-F614-4532-B50B-22A79D1DEE3B}\RP114\A0003290.exe->(RARSfx)->1.exe
Detection Type: Signatures


For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

Not tried in Safe mode, will give it a go.

 

[Guest]

Hi Mick,

The detections is in an archive file (Restore type compressed file) which
Defender doesn't remove, since such files could contain other wanted/needed
information, or they are in a restore folder which also isn't touched by
Defender, or they are in a quarantine fºlder.

You have the option to delete all but the latest restore point from your
machine or delete all the restore points on your machine. To do this:

• To delete all but the latest restore point on your machine by using the
disk cleanup utility: Go to 'Start > All Programs > Accessories > System
Tools > Disk Cleanup'. Click on the more options tab and then click 'Clean
up' in the System Restore box.

Engel

 

[Guest]

Engel,

Completed the clean up in the System Restore section. Ran a full system scan
and all now ok. Your help has been invaluble, many thanks and best regards.

Mick

 

[Guest]

Hi Mick,

Thanks for letting us know.
(¯`·._.·Eиçel·._.·´¯)