S
Sandy Wallace
Can someone explain to me why I would want to quarantine
threats found on my computer vs. just removing them?
threats found on my computer vs. just removing them?
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
J
JohnF.
Ask the Kazaa users, they will explain it in painful detail.
--
If you are under attack and MSAS does not seem to help:
*Submit suspected spyware report in the tools menu of MSAS*
PREP YOUR MACHINE FIRST!
- IF you are using Spybot S/D, UN-Immunize your computer
- IF you are using Adaware, turn off AD-Watch
- Disable all other active anti-spy applications
- Dump all temporary file locations and Internet files
1. Download:
lspfix.exe www.cexx.org/lspfix.htm
winsockxpfix.exe www.snapfiles.com/get/winsockxpfix.html
ccleaner.exe www.ccleaner.com
killbox.exe www.bleepingcomputer.com/files/killbox.php
2. Clean out all temp file locations with ccleaner.exe
3. Install and use killbox to delete stubborn files
4. Reboot into safe mode - http://tinyurl.com/pfca
5. Run MSAS at least twice in full/deep mode
6. Run a robust, updated antivirus software scan
7. Reboot into normal mode,see if problem has been corrected
8. If you think something is there but can't see it, download:
- Blacklight by F-Secure
www.europe.f-secure.com/exclude/blacklight/blbeta.exe
- RootKitRevealer by SysInternals
www.sysinternals.com/ntw2k/freeware/rootkitreveal.shtml
9. If your problem is Virus or Security patch related:
In the United States or Canada, call 1-866-PCSAFETY
MS will provide free support for those issues.
Battle Notes:
- If you have trojans (files that won't go away),
you may have to disable System Restore on XP:
http://tinyurl.com/movy
- If your Internet connectivity quits:
http://support.microsoft.com/kb/892350
http://support.microsoft.com/kb/811259
LSPFix - www.cexx.org/lspfix.htm
Winsockxpfix - www.snapfiles.com/get/winsockxpfix.html
- Install SpywareBlaster to block malware apps from
installing on your machine. Does not actively run
on your machine, you run it, it makes changes that
protect you.
http://www.javacoolsoftware.com/
- This program will not detect or remove viruses
http://www.microsoft.com/athome/security/viruses/default.mspx
*** For assistance in battling infestations***
- Get HijackThis.exe from:
http://tomcoyote.org/hjt/hjt199//HijackThis.exe
- Save it to C:\hjt (new folder)
- Open it and select "Scan and Save Log"
- Send it to Ron Kinner as an attachment
- Ron's email address is (e-mail address removed)
- Put Hijack in the subject so he knows it's not spam
Application Notes:
Registering a VB6 dll seems to fix missing agents:
1) Open up a command prompt (start -> run -> cmd)
2) Type in the following "regsvr32 msvbvm60.dll" (without the quotes).
3) Close and re-open Windows AntiSpyware
4) If that fails, install VB6 runtime files:
http://www.softwarepatch.com/windows/vbrun6download.htm
- To report false positives:
www.microsoft.com/athome/security/spyware/software/isv/fpform.aspx
- To submit disputes or requests:
www.microsoft.com/athome/security/spyware/software/isv/cdform.aspx
- To learn more about how MS analyzes suspected spyware:
www.microsoft.com/athome/security/spyware/software/isv/analysis.mspx
- To Run MSAS in passive mode:
http://support.microsoft.com/kb/892375
Alternative Anti-Spyware Applications:
- Spybot Search and Destroy
http://www.majorgeeks.com/download2471.html
- LavaSoft AdAware
http://www.majorgeeks.com/download506.html
- AdAware VX2 Cleaner Plugin
http://www.majorgeeks.com/download4283.html
- BHODemon
http://www.majorgeeks.com/download3550.html
- CWShredder (CoolWWWSearch)
http://www.majorgeeks.com/download3019.html
- PestPatrol
http://www.majorgeeks.com/download1187.html
- Webroot Spysweeper
http://www.majorgeeks.com/download3263.html
- Ewido Security Suite
http://www.ewido.net/en/
- CounterSpy (Same Giant Company Engine as MSAS)
- http://www.sunbelt-software.com
Recommended Software to help protect you:
- Windows XP Service Pack 2
http://www.microsoft.com/windowsxp/sp2/default.mspx
- SpywareBlaster
http://www.javacoolsoftware.com
- Outpost Firewall Pro
http://www.agnitum.com/products/outpost
---------------------------------------------
--
If you are under attack and MSAS does not seem to help:
*Submit suspected spyware report in the tools menu of MSAS*
PREP YOUR MACHINE FIRST!
- IF you are using Spybot S/D, UN-Immunize your computer
- IF you are using Adaware, turn off AD-Watch
- Disable all other active anti-spy applications
- Dump all temporary file locations and Internet files
1. Download:
lspfix.exe www.cexx.org/lspfix.htm
winsockxpfix.exe www.snapfiles.com/get/winsockxpfix.html
ccleaner.exe www.ccleaner.com
killbox.exe www.bleepingcomputer.com/files/killbox.php
2. Clean out all temp file locations with ccleaner.exe
3. Install and use killbox to delete stubborn files
4. Reboot into safe mode - http://tinyurl.com/pfca
5. Run MSAS at least twice in full/deep mode
6. Run a robust, updated antivirus software scan
7. Reboot into normal mode,see if problem has been corrected
8. If you think something is there but can't see it, download:
- Blacklight by F-Secure
www.europe.f-secure.com/exclude/blacklight/blbeta.exe
- RootKitRevealer by SysInternals
www.sysinternals.com/ntw2k/freeware/rootkitreveal.shtml
9. If your problem is Virus or Security patch related:
In the United States or Canada, call 1-866-PCSAFETY
MS will provide free support for those issues.
Battle Notes:
- If you have trojans (files that won't go away),
you may have to disable System Restore on XP:
http://tinyurl.com/movy
- If your Internet connectivity quits:
http://support.microsoft.com/kb/892350
http://support.microsoft.com/kb/811259
LSPFix - www.cexx.org/lspfix.htm
Winsockxpfix - www.snapfiles.com/get/winsockxpfix.html
- Install SpywareBlaster to block malware apps from
installing on your machine. Does not actively run
on your machine, you run it, it makes changes that
protect you.
http://www.javacoolsoftware.com/
- This program will not detect or remove viruses
http://www.microsoft.com/athome/security/viruses/default.mspx
*** For assistance in battling infestations***
- Get HijackThis.exe from:
http://tomcoyote.org/hjt/hjt199//HijackThis.exe
- Save it to C:\hjt (new folder)
- Open it and select "Scan and Save Log"
- Send it to Ron Kinner as an attachment
- Ron's email address is (e-mail address removed)
- Put Hijack in the subject so he knows it's not spam
Application Notes:
Registering a VB6 dll seems to fix missing agents:
1) Open up a command prompt (start -> run -> cmd)
2) Type in the following "regsvr32 msvbvm60.dll" (without the quotes).
3) Close and re-open Windows AntiSpyware
4) If that fails, install VB6 runtime files:
http://www.softwarepatch.com/windows/vbrun6download.htm
- To report false positives:
www.microsoft.com/athome/security/spyware/software/isv/fpform.aspx
- To submit disputes or requests:
www.microsoft.com/athome/security/spyware/software/isv/cdform.aspx
- To learn more about how MS analyzes suspected spyware:
www.microsoft.com/athome/security/spyware/software/isv/analysis.mspx
- To Run MSAS in passive mode:
http://support.microsoft.com/kb/892375
Alternative Anti-Spyware Applications:
- Spybot Search and Destroy
http://www.majorgeeks.com/download2471.html
- LavaSoft AdAware
http://www.majorgeeks.com/download506.html
- AdAware VX2 Cleaner Plugin
http://www.majorgeeks.com/download4283.html
- BHODemon
http://www.majorgeeks.com/download3550.html
- CWShredder (CoolWWWSearch)
http://www.majorgeeks.com/download3019.html
- PestPatrol
http://www.majorgeeks.com/download1187.html
- Webroot Spysweeper
http://www.majorgeeks.com/download3263.html
- Ewido Security Suite
http://www.ewido.net/en/
- CounterSpy (Same Giant Company Engine as MSAS)
- http://www.sunbelt-software.com
Recommended Software to help protect you:
- Windows XP Service Pack 2
http://www.microsoft.com/windowsxp/sp2/default.mspx
- SpywareBlaster
http://www.javacoolsoftware.com
- Outpost Firewall Pro
http://www.agnitum.com/products/outpost
---------------------------------------------
A
Andre Da Costa
Selecting this action removes this threat from your computer and stores it
in a Spyware Quarantine file. Any threats in your Spyware Quarantine file do
not run on your computer but you can restore these items back to their
original state at any time. (Note, some spyware threats cannot be
quarantined, only deleted.)
in a Spyware Quarantine file. Any threats in your Spyware Quarantine file do
not run on your computer but you can restore these items back to their
original state at any time. (Note, some spyware threats cannot be
quarantined, only deleted.)
B
Bill Sanderson
In the case of a virus which infects files on your machine, the quarantine
action allows you to preserve those infected files (which may be important
to you--either data files or executables) in the hopes that the antivirus
company will achieve the ability to clean the files properly, and you can
get back your data or executables.
I've got to admit that I haven't seen this kind of virus issue in a good
while, but it does still exist. Most viruses that I see today involve files
which are the virus and nothing else--the only use of quarantining them is
to submit them to the antivirus company and maybe improve some stats or
something.
In the case of spyware there's more to this. One significant risk with
spyware scanners is false positives. A number of innocent commercial
products have been fingered at one time or another during this beta as
spyware.
I can give a first-hand example from another product: A competing
antispyware product recently had a definition update. The new definitions
state that my machine is infected with backweb lite, and recommend that I
remove it. It happens that this version of backweb is the update mechanism
that F-secure uses for its antivirus, which is what I am running on my
machine. If I'd removed that threat, my antivirus would be less effective
over time.
That antispyware product uses System Restore as its safety net--but a
quarantine function within the product allows it to provide that safety net
on Windows 2000, for example, which doesn't have SR.
So--if you aren't certain of the consequences of an action, using
quarantine, or block (as opposed to remove) for something allows you to
reverse the action later. This can be very helpful. The quarantine
functionality is careful to make certain that whatever is in there cannot
become active on its own, but it isn't always able to keep antivirus apps or
other vendors from identifying the threats in the quarantine, and raising
alarms about them.
action allows you to preserve those infected files (which may be important
to you--either data files or executables) in the hopes that the antivirus
company will achieve the ability to clean the files properly, and you can
get back your data or executables.
I've got to admit that I haven't seen this kind of virus issue in a good
while, but it does still exist. Most viruses that I see today involve files
which are the virus and nothing else--the only use of quarantining them is
to submit them to the antivirus company and maybe improve some stats or
something.
In the case of spyware there's more to this. One significant risk with
spyware scanners is false positives. A number of innocent commercial
products have been fingered at one time or another during this beta as
spyware.
I can give a first-hand example from another product: A competing
antispyware product recently had a definition update. The new definitions
state that my machine is infected with backweb lite, and recommend that I
remove it. It happens that this version of backweb is the update mechanism
that F-secure uses for its antivirus, which is what I am running on my
machine. If I'd removed that threat, my antivirus would be less effective
over time.
That antispyware product uses System Restore as its safety net--but a
quarantine function within the product allows it to provide that safety net
on Windows 2000, for example, which doesn't have SR.
So--if you aren't certain of the consequences of an action, using
quarantine, or block (as opposed to remove) for something allows you to
reverse the action later. This can be very helpful. The quarantine
functionality is careful to make certain that whatever is in there cannot
become active on its own, but it isn't always able to keep antivirus apps or
other vendors from identifying the threats in the quarantine, and raising
alarms about them.
Ask a Question
Want to reply to this thread or ask your own question?
You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.