quarantined files lost

[Ligius]

Hello,

I run MSAS on a daily basis and chose to 'always ignore'
some possible threats on my computer. The program was
scheduled to run every day at 2 a.m.
Yesterday, the program started by itself (?) at another
hour, scanned the harddrive and quarantined the ignored
items. Direct Connect was running and perhaps that caused
MSAS to crash (while moving to quarantine?).
I started MSAS again and went to recover quarantine, but
no items were shown - even though the history shows there
are. The Quarantine folder is empty. The cleaner.log
shows that there should be some folders inside the
quarantine folder.
Please advise on recovering some of the lost files.

 

[plun]

Hello,
Please advise on recovering some of the lost files.

This is from the help menu;
Restoring Quarantined Programs
If you have accidentally quarantined a program, you can
remove it from quarantine and restore it to its original
state.



How to restore a quarantined item

1. From the main screen, or any of the screens with the
toolbar, click Spyware Scan (this is the product icon).


2. On the top right of the screen under the Take me to...
section, select Spyware Quarantine.


3. A list of all items in your quarantine is displayed.
Select the item you would like to un-quarantine and when
the item appears in the right details window, select Un-
quarantine Threat. This restores the item to its original
state before it was quarantined.


4. To un-quarantine multiple items in the quarantine,
select each item and click Un-quarantine All Checked
Threats at the bottom of the screen.


5. After you un-quarantine an item you should restart your
computer to make sure the restored application runs.

--plun

 

[Guest]

No, actually I did that, the quarantine shows zero items,
even though history said 5 or 6 items were quarantined. I
do not remember cleaning the quarantine (if such option
exists).

 

[Bill Sanderson]

Can you see whether there are files physically present in the quarantine
folder? This is a subfolder of the installation folder for Microsoft
Antispyware.

 

[Ligius]

Nope, that is what I was saying. There are no
files/folders in the quarantined folder (not even hidden
or system), no files in the recycle bin, not a trace of
the files anywhere on the system.
I ran several undelete utilities and some of them showed
a folder (unrecoverable) inside 'quarantine', but no
trace of the original folders on the disk (Program Files
for example).
Seems like they are gone for sure. No recovery point was
created. Good thing I still have the filenames listed in
cleaner.log, they were non-critical files.
The reason why I've opened this thread is that there may
be a great usability issue here and this could turn much
worse for somebody else.

 

[Bill Sanderson]

I've seen some strange reports about quarantine. Several people reported
recovering files from quarantine only to find them gone (irretrievably) on a
subsequent restart.

Thanks for reporting this--I agree that any problem with quarantine not
working reliably is a substantial issue, and I'll try to reproduce it.

 

[Ligius]

Here is a section from errors.log:

438::ln 0:Object doesn't support this property or
method::gcasDtServ:modMain:ShutDown::3/4/2005 9:27:48
AM:1.0.501
438::ln 0:Object doesn't support this property or
method::gcasDtServ:modMain:ShutDown::3/4/2005 10:27:25
PM:1.0.501
7::ln 0:Out of memory::gcasServ:modMain:Main::3/5/2005
12:19:33 PM:1.0.501
438::ln 0:Object doesn't support this property or
method::gcasDtServ:modMain:ShutDown::3/5/2005 1:15:01
PM:1.0.501
438::ln 0:Object doesn't support this property or
method::gcasDtServ:modMain:ShutDown::3/6/2005 2:26:20
AM:1.0.501
13::ln 0:Type
mismatch::gcASThreatAudit:Threats:GetThreatByThreatID::3/6
/2005 2:31:36 AM:1.0.501
13::ln 0:Type
mismatch::gcASThreatAudit:Threats:GetThreatByThreatID::3/6
/2005 2:31:36 AM:1.0.501
13::ln 0:Type
mismatch::gcASThreatAudit:Threats:GetThreatByThreatID::3/6
/2005 2:31:36 AM:1.0.501
13::ln 0:Type
mismatch::gcASThreatAudit:Threats:GetThreatByThreatID::3/6
/2005 2:31:36 AM:1.0.501
91::ln 0:Object variable or With block variable not
set::GIANTAntiSpywareMain:ctlSpywareScan:StartScan::3/6/20
05 2:31:57 AM:XP:1.0.501
91::ln 0:Object variable or With block variable not
set::GIANTAntiSpywareMain:ctlSpywareScan:StartScan::3/6/20
05 2:31:58 AM:XP:1.0.501
13::ln 0:Type
mismatch::gcASThreatAudit:Threats:GetThreatByThreatID::3/6
/2005 2:33:28 AM:1.0.501
13::ln 0:Type
mismatch::gcASThreatAudit:Threats:GetThreatByThreatID::3/6
/2005 2:33:28 AM:1.0.501
438::ln 0:Object doesn't support this property or
method::gcasDtServ:modMain:ShutDown::3/6/2005 2:48:26
AM:1.0.501

I think the error ocurred at the time the out of memory
exception was thrown. I remember I saw two tray icons,
one of which dissapeared on mouseOver - this means the
application crashed, then restarted (itself).
If you need additional files please post a reply or send
a mail to ligius (at) dap dot ro.

 

[plun]

Ligius wrote:

Hi, Im sorry to say this, but step 5 removes all your files.

"5. After you un-quarantine an item you should restart your
computer to make sure the restored application runs."

I have tested this out and i cant find any traces of any files.
Tested with Kazaa.

One thing to try is to do a System restore. Other
user have reported that this maybe can save your files.

I really hope this will help you with this insane function
in MSAS.

http://support.microsoft.com/kb/306084

 

[Ligius]

Thanks, I suspected that might be the case. However, I'm
not using System Restore and besides, files were not
critical, they can be restored from somewhere else. I
just opened the post to help reproduce the problem and
create a fix before damage to other users' files might
occur.
Meanwhile I've deactivated scheduled scanning,
doublechecked disk space for virtual memory and hope that
a fix will come out.
Best regards

 

[Bill Sanderson]

Ligius wrote:

Hi, Im sorry to say this, but step 5 removes all your files.

"5. After you un-quarantine an item you should restart your
computer to make sure the restored application runs."

I have tested this out and i cant find any traces of any files.
Tested with Kazaa.

One thing to try is to do a System restore. Other
user have reported that this maybe can save your files.

I'll test this as well. I have seen others post this information (i.e.
recovery from quarantine went fine, but data disappeared on next
restart)--and thats why I tell people to get stuff out of there before a
restart.

 

[Bill Sanderson]

Thanks for making this effort. These issues have been high-profile enough
that I know Microsoft is actively checking them out. The default action for
Kazaa, for example, has changed in the course of this beta, based on
feedback.

I'm more interested at this point in the possible malfunction of the
quarantine facility--it's crucial that this facility be trustworthy if it's
going to be of any use at all.