Jump to content
Sign in to follow this  
pinkbull

How to restore a removed item

Recommended Posts

The following threat was detected in my last complete scan:

Trojan.Agent/Gen-Koobface[bonkers]

c:\Program files\Internet Offers\FSCommand\Launcher.exe

I checked the property of this file and saw that the file was created in 2006, and had a modified/accessed timestamp in 2007. It's probably something that came with my PC. I suspected that it's a FP but wanted to quarantine it so I left the item checked, and clicked next on SuperAntiSpyware. Then it asked me to reboot my PC to completely remove the item. I didn't want to remove it so I clicked cancel. I checked the location and saw that the file was not there anymore, so I selected restore on SAS to have it restored, but I probably clicked the wrong selections and instead got the entry listed under "manage quarantined" removed. I can't find the item in its original location.

1) I would like to make sure that it's not a FP, is there any way to restore the item?

2) If, the item was indeed a threat, have I safely gotten rid of it by doing what I did above? I didn't restart my system when prompted by SAS, and I made a couple of attempts to restore the item, which, I can't tell whether it was successful or not.

Many thanks for your help.

Information:

SAS application version: 4.33.1000

SAS Core rules database version: 4790

SAS Trace rules database version: 2602

System: Vista SP2

Share this post


Link to post
Share on other sites

Once you removed it from the Quarantine folder of SAS, it is gone. The only way to get it back would be to use a special file recovery program to locate it and recover it.

From what I can tell, you really did not loose anything. It appears to be a tracking program and not desireable.

http://www.auditmypc.com/process/launcher.asp

Also, your version of SAS is significantly out of date. The latest version of SAS is 4.35.1002. You really need to update to this latest version. Then perform a Complete Scan of your system again. BE SURE that your definitions are kept up to date.

Share this post


Link to post
Share on other sites

Once you removed it from the Quarantine folder of SAS, it is gone. The only way to get it back would be to use a special file recovery program to locate it and recover it.

From what I can tell, you really did not loose anything. It appears to be a tracking program and not desireable.

http://www.auditmypc.com/process/launcher.asp

Also, your version of SAS is significantly out of date. The latest version of SAS is 4.35.1002. You really need to update to this latest version. Then perform a Complete Scan of your system again. BE SURE that your definitions are kept up to date.

Thanks a lot siliconman01.

Any idea why the program hadn't been detected by SAS before? From the timestamp it looks like the program has been here for years.

SAS used to update the program version when I do a check for update. Looks like it's not doing that now. I will go install the latest then.

Thank you.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×
×
  • Create New...