Jump to content
Sign in to follow this  
profector

Quarantined Folder

Recommended Posts

hello , ran a quick scan last week and I was told I have a two problems.   I went ahead and clicked the fix\repair button and that was that.   Later I realized a folded it removed as something I needed so I restored it from the Quarantine and  everything seemed fine.  I haven't ran another scan since. Now today I went back to get something out of the folder and it's gone again.  This time it's not listed in the Quarantine.  Any ideas?   I've ran an undelete program and it didn't find it or even part of it.   I've searched the whole hard drive and not a trace of the file or it's contents. 

 

 

 

SUPERAntiSpyware Scan Log
https://www.superantispyware.com

Generated 07/09/2013 at 03:35 PM

Application Version : 5.6.1020

Core Rules Database Version : 10596
Trace Rules Database Version: 8408

Scan type       : Critical Point Scan
Total Scan Time : 00:02:23

Operating System Information
Windows 7 Professional 64-bit, Service Pack 1 (Build 6.01.7601)
UAC Off - Administrator

Memory items scanned      : 1008
Memory threats detected   : 0
Registry items scanned    : 64342
Registry threats detected : 1
File items scanned        : 7349
File threats detected     : 1

PUP.BabylonToolbar
 (x86) HKCR\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}

Trojan.Malware
 C:\Users\op1\Desktop\access

Share this post


Link to post
Share on other sites

In the registry I found HKLM >superantispyware.com > superantispyware > inusefolder > folder() > c:\users\op1\desktop\access\  . Since this is the folder that is missing I'm thinking SAS has done something with it.  

Share this post


Link to post
Share on other sites

So now I recreated the folder. When restarted the computer, the folder was gone. I'm assuming I need to delete the reg key to keep that from happening in the future.  Is the folder actually being deleted? At no point have I deleted the folder from the quarantine I've only restored the folder. I would like to get the data back if I can. I've looked in c:\users\op1\appdata\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\  and couldn't find anything

 

If these files were deleted would I be able to recover it with a undelete program?  

Share this post


Link to post
Share on other sites

If these files were deleted would I be able to recover it with a undelete program?

 

Possibly :?

 

As no data is actually removed from the HDD completely until shredded/nuked then you may be able to reconcile those files.

Or you may find going back to an earlier restore point (before you ran the scan) helps.

Or re-image if you have a recent one.

 

Certainly the expensive forensic programs would probably do the trick but, they are very expensive.

 

What were the files anyway ? surely if they have been picked up then there is a good chance that they are/were infected.

Share this post


Link to post
Share on other sites

I don't think the folder or files were infected. The folder had my Access databases with my kids' sports scores in it. I'm able to get them back from a backup so it's not a total loss. The backup is probably 3 weeks old though so I'll lose a little bit.

 

As long as SAS didn't "nuke" the files  I can get them back. I've recovered hhd's with bad partitions before so I can't imagine finding a deleted file would be any harder.  At this point though I don't think the files have been deleted. As a test I created a new folder named "access" on my desktop and filled it a few megs of old excel files. Then I ran SAS again and it flagged it again.  Afterwards I looked in c:\users\op1\appdata\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\ for the files and there still wasn't anything there. Did I have the quarantine folder wrong? When I restored the folder it came right back again, so SAS is holding them somewhere, but I just don't know where.

Share this post


Link to post
Share on other sites

I don't think that is the correct folder.  I created an executable and loaded it with images so that the size of the file would make it stand out.  SAS picked it up and there still isn't anything in that folder.  I also did a different type of scan on the drive and found the files that SAS removed. So what gives? Why would SAS delete a folder that I've told it to restore and then continue to try to delete it on every reboot.  

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×