MSE just detected Worm... classed Severe.

  mooly 11:27 07 Sep 2010
Locked

Bit of a puzzler this one.

Today PC in use from 7AM to just after 8.30AM. No problems, MSE scanned right on the wire at 8.30 as normal... no issues.

PC shut down OK.

11AM... rebooted and desktop appears when suddenly MSE pops warning up about this,
click here

Strange as all was OK at the last shutdown.

Haven't panicked, didn't select clean etc but had a look at the file path,
C:\programdata\Microsoft\Search\Data\Applications\windows\tmp.edb

access denied... no surprise there anyway, so tried just right clicking folder and scanning with MSE.

Scan begins but MSE already warning of possible threat already detected previously. So that's noi use.
Next deleted browsing history, then ran disc cleanup followed by a reboot.

MSE happy now, scanned that folder again and it comes back clean.
As always you are left wondering what actually happened... was the threat real ? a false positive ? and why only detected on a clean reboot, and why did it get past MSE in the first place ?

I know I'll only be happy rolling back the system a day or two, which with daily Acronis backups is no hassle.

  birdface 11:33 07 Sep 2010

Nothing on Google for it.
But it shows you it does work now and then.

  birdface 11:39 07 Sep 2010

Tried the quick scan and nothing updated and ran quick scan again and nothing again.
Not got time to run a full scan as I am going out.
Hope you get it sorted as I know you will.

  mooly 11:44 07 Sep 2010

It's just interesting to know what actually happened and whether it's a real threat or a false positive.

The disk clean and a reboot was all that was needed to make MSE happy again, and I have just opened MSE to look at the history and nothing showing there... is that odd ?

I suspect a false positive maybe.

  mooly 18:57 07 Sep 2010

Took this as an oportunity to install my "Vista recovery" image from 12 months ago. This was fully updated at the time, just Vista together with all the service packs and all updates as of August last year, Acronis and MS Works, nothing else, never even been online with it and found 140 odd updates (137mb) to install. Took 30 minutes or so, and now I have a "new" updated recovery image if I ever need it. Made a backup of that to replace the original one and then reinstalled yesterdays incremental... all OK.

Let's hear it for Acronis :)

  sunnystaines 19:26 07 Sep 2010

try an online AV scan to be sure for peace of mind

  birdface 19:34 07 Sep 2010

Maybe one to keep for emergencies.

Eset on line scanner.

click here

If you download it from any Browser except I/E it will stay on your computer and you can use it if in trouble by going to.

C:\Program Files\ESET\ESET Online Scanner\OnlineScannerApp.exe

If you download it on I/E i believe you can only use it once.

  birdface 19:42 07 Sep 2010

Hi Mooly You are still about the only one I know that MSE actually finds anything on your computer.
I have had it downloaded for about six months off and on and still waiting for it to find any problems.
I never ever liked Vista but got on Ok with XP and W/7
W/8 supposed to come out next year so will need to get my order in for that.

  onthelimit 19:45 07 Sep 2010

....who run ANY sort of anti- virus/malware have had a problem. Few, I suspect!

  birdface 19:53 07 Sep 2010

You must just have been lucky I have had quite a few myself but not recently.
Sometimes the Virus or whatever will not let you download any security programs or let you use the ones you have.
So handy having a back up just in case.

  mooly 08:00 08 Sep 2010

Hi buteman... well I have great faith in MSE, it really seems to work well for me and Vista ;) but just to digress afor a mo, you know my philosophy of keeping the system simple, and as much as I would like to tweak and so on (I used too), I resist all temptation now and leave Windows to it's own devices, and use only Windows tools to fix any issues and for general maintenance. Still boots up fully in around 1 min 20 secs ;-)

So "online scanners" which I have never used tbh (and thanks for the link), well if it installs something on the PC then I wouldn't really want that as a permanent thing for something I might use very rarely. Might sound silly but if it installs itself, alters registry keys etc, all legitimately, and then a few months down the line you run it, and find it's been replaced by a "new" version that need installing... and then the problems start.

I'm sure the system is clean, and to be doubly sure of course I reverted back 36 hours or so with Acronis.
You remember the thread a couple of weeks back where I uninstalled MSE as a test on a disk image, and then installed Emsisoft and did a deep scan.

If I could go back again to yesterday then I would do it differently... MSE reported an issue, so knowing that I would use Acronis anyway to do a restore I would have uninstalled MSE, then installed something else and done both a scan of the specific file path and also a deep scan to see if it were real or not.

This is the real beauty of daily disk images... when are going to restore you can do and try anything, it doesn't even matter if you wreck the OS... even to the point of not being able to get to Windows as the Acronis disc is bootable and and loads itself into RAM, so it can all be recovered from there...

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

OnePlus 5 review

Alice Saey's mesmerising animation for Dutch singer Mark Lotterman

iPad Pro 10.5in (2017) review

Comment faire une capture d’écran sur un Mac ?