Quarantined files problems

Hello List:

My apologies for not thanking you sooner for your last msg in Windows, Brett, as I have been extremely busy and wasn't able to visit this valuable site since last May. Could I impose on you (and/or others in the list), with these 3 problems?

1) The quarantined corrupted files matter (wanting to delete them but afraid they may be system files) is not only still on - but it multiplied! I now have not 22 anymore, but 30 corrupted files in quarantine automatically placed by Norton AV.

2) At the end of my disk scanning (once a week or so), it tells me I have 2 corrupted files with: "Backdoor.autoupder ", which it said it couldn't repair nor quarantine and recommended to delete them...but the delete option wasn't working or I didn't see it in that window. I'm also afraid, as above, that these corrupted files may be system files.

3) Also, at one point of my PC scanning that I do weekly (don't recall which) it urges to use a "Rescue Disk" and I don't know for what purpose and what kind of disk is a "rescue disk "and how to do it.

Anyone who might've had any of these experiences maybe could help?

I anticipate my most sincere thanks! Adela

 

Oh! Oh! Adela, Adela, Adela, Adela

I Just sent you a long response to your cleanup problem!

On my way to work now!

BUT!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Get rid of the Quarintines! What are you going to do with them any way???

See if you can search/find this backdoor auto thing and delete it!

Go back to my message to roy66 and find the message that Daizy and Brett left and do the trojan/worm program!

Mike!

I will help more tonight!

 

1) Delete them (use Find Files or Folders to track 'em down if you can't do it via Norton). I am, however, puzzled as to why the number of infected files is increasing if Norton's quaranting was successful. Strange. It might be worth running a scan from DOS with F-Prot for DOS (as no files are in use by Windows, this type of scan may be slightly more thorough). Download from the link above, unzip to C:\FSI then boot to DOS and at the C:\ prompt, type:

CD:\ (return)
CD FSI (return)
F-PROT (return)

You'll get a screen which shows the available functions. You can use the arrow keys to move around the screen, and press the Enter key when you want to select an action.

Select Scan and hit Enter twice to commence scanning (it's fine to stay with the default options).

2) Backdoor.Autoupder is not in itself harmful. It does, however, act as a "gateway" for other malware to access a machine. From Symantec:-

You can read more here. The DOS scan should clean any infected files but, if not, follow Symantec's instructions.

3) A Rescue Disk is something which you're prompted to create when you first install Norton and is something which is intended to help you get your machine up and running following an unpleasant event (such as a virus infection!). It wouldn't not, however, be a good idea to attempt to create a Rescue Disk until you know for sure that your system is "clean ".

 

I just got through following Mike's instructions to delete all applications that I recognized as NOT being system files (confusing, and took me several hours as I had to open each file to see what it was before deleting...). So now I was going to follow the next steps which are in his msg to Roy66 and which I'll attempt now, so I'll report the result in my next msg.

Since I have the Norton software, could I use it to scan instead of downloading the F-Prot for DOS or the Adaware???

As to the Backdoor.Autoupder which infected the bvt.exe & ABsr.exe files, had a little msg (which I forgot to tell Mike before): "You should delete these infected files and replace them with clean, uninfected files." And I don’t know how to do it, but hope that Mike, you, or someone will be able to direct me?

As to the "rescue disk ", it's written all in red as to urge me to do it, and this red msg is right on th Norton window by "Norton Anti-Virus" window. But if you think I won't need it, it's a real relief for me.

It is strange, itsn't it, that Norton stored in quarantine 30 corrupted files, and now it says it cannot repair or quarantine the new ones. Could it be that there's no more room in quarantine???

Okay, thanks again, and I'll go now to my next steps, will report it and then I'll follow your instructions. Adela

 

Adela

When I sent you the cleanup mesage i did not at that time know about the other message about the virus details.

If you will remember I told you "I hope these are past virus problems "!

In any case they are the priority! Follow Bretts instructions but I think since you seem a little uncomfortable with the dos thing Brett would agree to a updated Norton Full scan. I recomend the Fprot also if you can do it!

But the Adaware is a totally different thing and Norton is not a relacement for this! You need the Adware! It is simple and easy to install and run!

The cleanups I started you on before I knew about the virus problem were more intended to improve things generally. And after you get everything done you should notice a definate improvement in both stability and performance!

From your description you did a more thorugh search for junk than I had intended but I hope and think in the end you will agree it was worth it.

But remember you are doing 2 different things here! The cleanups I started you on and the virus which should be first priority!

Thanks for keeping us posted!

Mike

 

Hi Mike:

I understand, no harm done. God knows I needed the cleaning more than my daily bread!!! And when I've gotten rid of these blessed corrupted files, I'll try to get rid of more as I now feel a little more confident! And I agree wtih you that the virus situation is most important.

Ever since I had been attacked twice by these viruses, I became extremely conscious of doing a weekly routine, thus: empty trash; delete temp files; clear history; scan Norton LiveUpdate for new definitions; scan Utilities; scan Anti-Virus including full scan; and in "safe mode" difragment; scan disk; and anything else as I find them out...But didn't seem to take care of the quarantined items nor fix other problems, hence I'm indebted to you for this great help!

I'll now try downloading the F prot for dos, because I'm very eager to fix properly this mess of mine. ;o

So, is the F prot for dos for the viruses, and Adaware for cleaning? Please forgive if I got it wrong?

Thanks so much to both. I'll go to download the F pro for dos and follow Brett's instructions, and I'll report it then.

But before that, Brett, per your suggestion: <<Delete them (use Find Files or Folders to track 'em down if you can't do it via Norton). >> shall I first go to Start, Find and delete as many of the quarantined files as I can? And what file names should I type on the address box? And should be it in the C drive? Adela

 

Adela

Let Norton do the work!

Go into norton then into the quarintine and empty/delet the files!

Then run norton again and see if it finds anymore files! My understanding was that the virus was in a compressed file (a zip)?

If so norton is not fixing it because in doing so it would corupt the zip file! This is good since it is compressed, you might say it is caged! We don't want it out of it's cage so delete the whole compressed/zip file and therefore the virus/backdoor etc!

Do this and empty the quarintine untill norton comes thru clean!

Time for bed!

Look for good news tomorrow!

Mike

Brett!!!! Breaks over, 3rd shift bell take over!!!

 

Hi Mike and Brett:

I'm sorry that I too went to bed last night after my last msg. And this morning my email wouldn't work, so AGAIN, I called the server to fix it.

Mike, I'm not sure whether you say for me to delete the corrupted files already in quarantine? Or only the 2 corrupted files in the compressed files? But I don't know whether the 30 files in quarantine are in the compressed files too.

So my question:

Should I delete ONLY the 2 corrupted files in the compressed files?

Or, ALL of them, the 2 above plus the 30 files now in quarantine?

And, should I first delete as many as I can "by hand ", and afterward by running Norton Full Scan?

So sorry about my confusion and thanks so much! Adela

 

Delete empty the Quarintine (all )!

Then run Norton and see what it finds now!

If it puts a few more in quarintine the clear them again untill norton comes up clean. DO NOT OPEN THE COMPRESS FILE!
If it puts all the same ones back then we have more severe problem!

So Clear and delete the Quarintine! Rerun Norton! Empty again if nessesary!

Mike

 

Hi Mike:

Well, I just got through deleting by hand ALL my 30 corrupted files in quarantine. Then I closed all windows and ran the Norton Anti-Virus Memory and Boot scan (full scan, I think).

The result of this scan was the same that I had when I I still had the 30 corrupted files: that it showed ONLY the 2 corrupted files in the compressed files. But it's probably because it doesn't count files in quarantine, as corrupted?

I tried to find these 2 files in "Find" in order to delete them too, but couldn't find them. Is there another way to find files?

The Norton window where it showed the 30 quarantined files, it now shows "Quarantine File is Empty ".

A question, Mike, if there were system files among the 30 items I deleted, how can we know which ones they were, and how to replace them?

Thanks so much again!!!!! Adela

 

Adela - one thing for when your active infection is over and done with:

You absolutely should create the rescue disk Norton recommends.

However, DO NOT do it while you still have viral problems. Before they started would have been ideal. After they are over for this round is the best bet now.

The rescue disk is for use if you get hit really hard at some point and cannot even get your PC to start up.

Since lots of this issue has evidently been going on via email and we are missing specifics here, I'm curious about the compressed files (zip files?) that have infected contents. Any reason for not just deleting the whole compressed file(s)?

 

Strange indeed. Try the DOS scan with F-Prot.

 

Hello Newt:

Thanks very much for your advice which I will have in mind as soon as my computer is cleared of all viruses. But another volunteer, sorry can't recall the name, said it's not necessary to create a rescue disk...But you can respond to me later at your convenience since I haven't yet eliminated ALL the viruses despite all my cleanings and Norton AV full scans, etc. Also, even if unnecessary, I'm sure it won't hurt creating this rescue disk?

<<I'm curious about the compressed files (zip files?) that have infected contents. Any reason for not just deleting the whole compressed file(s)?>>

Do these "zip files" are called so because they are in a zip diskette with huge room for storing huge documents? (mine is Iomega). If so, I routinely run a scan on this diskette and also on the floppy that I use from time to time...and both always come out clean (???).

Mike said not to open the compressed files, but you know what? Even if I wanted I wouldn't know how!!! ;o)

Also, it seems all the cleaning I do and did, including the full scan, hasn't caught that naughty Backdoor.Autoupder virus! But I'll follow Mike's and Brett's advice on downloading and using the Fpro for dos and Adaware at some point and I hope it will do it.

I'm trying to find these 2 corrupted files in order to delete them and I wasn't able to find them...

Thanks again, Newt! Adela

 

Adela

You are Trooper for sure! I admire your efforts!

When we get this thing fixed we will show you how to stay behind it better!

No the zip is a compressed file! Has nothing to do with a ZIP DISK!

Lots of files are downloaded in compressed (zip) format they are opened and like a compressed sponge blow up and expand into many files much much larger than the compressed file itself!

Understand this! While they are still compressed they are inactive and cannot do harm!

If you are searching for the names of the infected files themselves you most likely will not find them!

When it reports to you that it found these files in a compressed file it means they are a file inclosed in another file!

What you need to search for is the name it gives for the compressed file! I don't remember exactly how it reads but it will say something like

"auto.updar" (or whatever) found in compressd file mswordx.zip "

look for something that looks like this! The name above is only a made up name for example!

As for your concerns as to if they are system files! After we get rid of the bad guys there are ways to fix missing and corupt windows system files.

There is one tool called the "System file checker "!

It is also possible to do an overlay windows reinstall! When done correctly it will install but keep all of you devices and settings etc!

If we had a critical system file that we have already removed you would not be able to keep going at all! But apearently windows is still running well enough for you to function! And in fact may be beginning allready to run better?

And yes when we get everything corrected you do need to make the rescue disk as Brett and Newt advised!

Adela relax I can tell you are uptight even in these messages!

You made me smile when you apologized for going to bed! I was just kidding with you and Brett when I said "OK Brett breaks over "!

Don't feel stress because you think we are waiting to help you! We sleep too you know! Well I don't think Brett and Newt do! LOL! But I do!

We are here for you so relax and I think you will be pleased when it is over and you will have learned a lot!

If you still can not find the name of the compressed files then send us the exact phrase that addresses what norton finds! Maybe it will help if we can see it!

In closing do I understand that you ran norton and it did not put any more files in quarrintine? That you only have 2 infected compressed files?! If so, when it does find, what option does it give on these files. It should say it cannot repair or delete, or that it can, or offer to quarintine!

What does it say?

Mike

 

Before I answer your most simpático msg, I went to F prot for dos to run a scan, but I couldn't open it from my desktop where I downloaded it. I'll try it again and will report to you.

Oh Mike, I think it is YOU who's a trooper, as well as some of the other friends here, for devoting time and patience to cope with a dummy like me! You'll never know how grateful I am for this.

<<...it will say something like "auto.updar" (or whatever) found in compressd file mswordx.zip ">>

The only place where I saw this particular (capricious) virus name is at the end of Norton full scan, and it simply says only something like:

"2 files are infected with Backdoor.Autoupder: ABsr.exe and bvt.exe" Then it gives me the options, as you said, to repair or quarantine them. I clicked on each but said it couldn't be done. Then it URGES the option of deleting: "You should delete these infected files and replace them with clean, uninfected files.â€...but the delete button is greyed out and doesn't function.

If I remember well, it doesn't say in what file these 2 corrupted files are. I'd have to do another full scan to get to the end to watch more closely whether it did say it and I missed it (unless there's a way to SKIP to the end??? .

<<overlay windows reinstall! When done correctly it will install but keep all of your devices and settings etc!>>

This sounds like a great way of re-installing - not altering or LOSING any files or documents! Is it REALLY that good??? Is it called "System file checker ", or is this a separate device or software?

<<If we had a critical system file that we have already removed you would not be able to keep going at all!>>

You're so right! Hehehe!

Yes, following your good advice, right after I hand-deleted all 30 items (in a fraction of a second!), I ran a Norton full scan and as explained, the result was the same as when I used to do the scan WITH the quarantined items: it only used to say before and still says: just one virus and 2 infected files. I think it doesn't consider the quarantined items, infected?

I didn't realize I was uptight. I do smile a lot when I read your msgs because you and Brett and Newt and others in the list interlace some cute humor among the seriousness of the computer mysteries!

Ok, I'll now go to try the F prot for dos again. My thanks again: TTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTT )

 

Adela

I sent you a direct email!

Mike

 

Hello Newt

Thought I would explain!

None of this went on outside the BBS at this stage it just looked like it!

I saw this message from Adela in a thead ROY66 and thought she meant form past Virus's. I put her on the way to an agressive shotgun cleanup!

Then before I logged off the board I looked at new messages and found this one! Hence the message "Oh,Oh, Adela Adela Alela! "

So then I advised swithing priority to the Virus!

But it did look like it was coming from private or offline but was not!

I did contact her directly last night! Fill all in on that later!

While I have you! I have a Network Server issue that the normal home user would not ever have! So I would like to run it by you and some of yhe Professionals that are on the board! What area should I open a thread! This issue is going to hit someone else soon if not already! If it has maybe you or they can help if not they can be ready!

Thanks,
Mike Flynn

 

Mike - the network section is good for that. Anybody not interested can just ignore the thread.

 

Hello everyone helping Adel

I am here to confess! YEAH! I did it! I cheated!

After seeing us getting nowhere fast with Adel’s problem, feeling her struggling with our instructions, admiring her determination to do every thing we told her to do!

I emailed her directly and arranged to connect by remote and fix her computer! Hence my message to Newt that nothing had gone on offline but that I had that day contacted her and would fill all in later!

I apologize for going outside the BBS! I think it would have been a long drawn out affair if we had continued by messages. So I will do the next best thing and cover everything done to fix her problem! So that some may learn!

It began after the email that I attached VNC client and walked her through installing it! Then we retrieved her WAN IP (she has Cable) and I connected and remotely made the repairs. We were also on the phone together so that as I did it she learned what had happened!

I knew from her last message that I would find F-Prot all over her desktop!

But it was worse than that. There were so many files of all types Virus update zips lost web links downloads etc. the icons went off the desktop! So after an hour of opening files and removing them when she recognized them as keepers or deleters and some she had no idea about that I advised her to delete we finally started to work on the virus!

She could not name the compressed file because there was both a tick to widen the space to see the rest of the name and a bottom slider to see it all! She had cleaned all the quarintined files but had 2 infected files in the windows temp folder! Proves my practice of cleanup of temps again! But they were open in a shared mode and would not delete even though there was no read only attribute!

So I walked her through a dos boot where we cleared the temp folder with deltree! Before booting to DOS I had already cleaned the TIFs! So while in dos we backed up the registry with scanreg then scanreg /fix then scanreg /opt.

On reboot to full mode windows we ran a full virus scan that came out clean!

We then related the programs in c:\programs\files and what was on the start menu and in add/remove! Cleaned up start menu of non-existent programs! Removed all that didn’t relate. Did more cleaning! Removed AOL, CompuServe prodigy online services in addition to Juno and several other free Internet services! Of course we also cleaned out other useless programs that were properly installed but not used or needed!

We downloaded and installed Adware and found 48 entries! She had them all, Cydoor, DSS agent Bonzi, Gator onflow! Killed them all!

Finally we downloaded RegCleaner and EasyCleaner and ran all the cleanup features plus the Registry cleans in both programs!

Norton was installed but the was not running in memory and would not do so until uninstalled and reinstalled. So now she is protected and knows how to use the tools I left!

She is a very intelligent and nice lady with a very nice accent!

Oh yes we did a full windows update and she now knows what not to get and how to do it! This included the IE6 Service pack! We also corrected the allow to open in outlook so she can open attachments!

I left her doing a full defrag! We probably removed hundreds of megs of files?

Her opinion! In her words "it seems so light and fast nowâ€!

I told her to wait until I did confession and begged forgiveness before she commented! So I am sure she will visit soon to thank all of you and a final update of how the system is.


sniff sniff sniff,
Mike

 

To all the wonderful "techis" on this forum who helped me with my totally upside down computer "“ a huge thank you! :-]

And especially huge thanks and hugs to Mike { }, who was so courageous as to tackle my messed up computer! I couldn’t begin to tell you how many things he performed and made me perform on it, with admirable knowledge…but I was so pleasantly surprised when my computer AND Internet felt much lighter and faster, to say nothing of the great new look and wonderful feeling one gets from knowing one’s "house" is at last neat and clean! And... "it ain' just virus" but a wide variety of errors and other wrong things were all terminated!

I told Mike I wanted to learn this so I could help others… but when I observed how much work, knowledge, and dexterity it took, I realized I could never learn it myself, let alone help others.

Again, my deep gratitude to all of you! =) And my special gratitude to Mike for his incredible generosity! Mike you’re an angel!!! 0 Adela