Jump to content


Photo

Remove Selected - What happens?


  • Please log in to reply
16 replies to this topic

#1 sergelepine

sergelepine

    New Member

  • Members
  • Pip
  • 21 posts

Posted 15 August 2008 - 09:36 PM

Once the Scan is completed, what happens to the infected file is "Remove Selected" is chosen? Will the infected file be deleted or quarantine?

Serge

#2 RubbeR DuckY

RubbeR DuckY

    Marcin

  • Root Admin
  • PipPipPipPipPipPip
  • 4,149 posts
  • Gender:Male

Posted 16 August 2008 - 12:39 AM

A copy is made to the quarantine and then it is either immediately removed or removed on reboot.

:D
Marcin Kleczynski
Chief Executive Officer



Follow us: Twitter, Become a fan: Facebook

#3 sergelepine

sergelepine

    New Member

  • Members
  • Pip
  • 21 posts

Posted 16 August 2008 - 03:03 AM

After 2 days, considering if it was a false positive, I finally decided to click on "Remove Selected". I do not know if a copy went to quarantine or not but "Adware.MyWebSearch" was immediately removed. I ran malwarebytes again, no spyware was found.

Thanks

Serge

A copy is made to the quarantine and then it is either immediately removed or removed on reboot.

:D



#4 melboy

melboy

    True Member

  • Experts
  • PipPipPipPip
  • 333 posts

Posted 16 August 2008 - 06:37 AM

Serge,

Open MBAM, click on the quarantine tab. Do you see the file you had MBAM remove there?

You will see options Delete, delete all, restore, restore all. As Rubber Ducky said , copy's of files MBAM removes/deletes are sent to quarantine. Whilst in quarantine it (the copy of the original file) can do no harm to your pc. If at a later date you find MBAM has removed/deleted a legitimate file (a false positive), it can be restored from quarantine back to your pc, by clicking the restore button. If however, you know for certain that it is a malicious file then choosing delete, deletes it for good, and cannot then be restored.

Hope this helps. :D

#5 RubbeR DuckY

RubbeR DuckY

    Marcin

  • Root Admin
  • PipPipPipPipPipPip
  • 4,149 posts
  • Gender:Male

Posted 16 August 2008 - 04:24 PM

Even better, the copies in the quarantine are renamed, encrypted and password protected. Even if somebody attempted to run a file it would error.
Marcin Kleczynski
Chief Executive Officer



Follow us: Twitter, Become a fan: Facebook

#6 sergelepine

sergelepine

    New Member

  • Members
  • Pip
  • 21 posts

Posted 17 August 2008 - 03:17 AM

Even better, the copies in the quarantine are renamed, encrypted and password protected. Even if somebody attempted to run a file it would error.



Thanks for the info.

Now how do I delete all these messages in my in box?

Serge

#7 RubbeR DuckY

RubbeR DuckY

    Marcin

  • Root Admin
  • PipPipPipPipPipPip
  • 4,149 posts
  • Gender:Male

Posted 17 August 2008 - 02:04 PM

Click the quarantine tab and click delete all.
Marcin Kleczynski
Chief Executive Officer



Follow us: Twitter, Become a fan: Facebook

#8 sergelepine

sergelepine

    New Member

  • Members
  • Pip
  • 21 posts

Posted 19 August 2008 - 03:04 PM

My question was: "Now, how do I delete all these messages in my in box?" The reply does not seem to match my question.
This board has a hard learning curve.

Serge


Thanks for your Help!


Click the quarantine tab and click delete all.



#9 JeanInMontana

JeanInMontana

    Delete this account!!

  • Honorary Members
  • PipPipPipPipPipPip
  • 3,867 posts
  • Interests:would love to see some honesty around this site.

Posted 19 August 2008 - 03:28 PM

Open the program and you will see several tabs. Quarantine is one. You might want to have someone have a look at your logs too, after you follow the instructions here http://www.malwareby...;st=0#entry9894 and start your own topic.

#10 sergelepine

sergelepine

    New Member

  • Members
  • Pip
  • 21 posts

Posted 20 August 2008 - 04:09 AM

I did follow your instructions from your previous message. I submitted the 3 logs as requested on 17 Aug 08. I did start a new topic. Did I place the logs in the wrong forum? I do not know.

Should I re-submit them if so where?

Serge




Open the program and you will see several tabs. Quarantine is one. You might want to have someone have a look at your logs too, after you follow the instructions here http://www.malwareby...;st=0#entry9894 and start your own topic.



#11 melboy

melboy

    True Member

  • Experts
  • PipPipPipPip
  • 333 posts

Posted 20 August 2008 - 06:58 AM

My question was: "Now, how do I delete all these messages in my in box?" The reply does not seem to match my question.



Serge,

Was this question specifically about MBAM, or your E-mail inbox ?

#12 JeanInMontana

JeanInMontana

    Delete this account!!

  • Honorary Members
  • PipPipPipPipPipPip
  • 3,867 posts
  • Interests:would love to see some honesty around this site.

Posted 20 August 2008 - 12:57 PM

I did follow your instructions from your previous message. I submitted the 3 logs as requested on 17 Aug 08. I did start a new topic. Did I place the logs in the wrong forum? I do not know.

Should I re-submit them if so where?

Serge


I see your thread, you need to update MBAM, it's at version 1.25 now and post a new log from it for Tigger to see, and a new HJT log. Also as melboy has asked, are you referring to your email inbox as well as your quarantine folder?

#13 sergelepine

sergelepine

    New Member

  • Members
  • Pip
  • 21 posts

Posted 20 August 2008 - 02:51 PM

The answer required is for the E-mail in box.

My mistake the first question had been answered. I should have started a new topic.

Thanks

Serge


Serge,

Was this question specifically about MBAM, or your E-mail inbox ?



#14 JeanInMontana

JeanInMontana

    Delete this account!!

  • Honorary Members
  • PipPipPipPipPipPip
  • 3,867 posts
  • Interests:would love to see some honesty around this site.

Posted 20 August 2008 - 04:35 PM

OK what type of email do you use? Web Mail, OutLook? Every email will have a delete option on it.

#15 sergelepine

sergelepine

    New Member

  • Members
  • Pip
  • 21 posts

Posted 20 August 2008 - 08:08 PM

Forget the question. It was in In Box on this board. It is ok there nothing in it.

Serge


OK what type of email do you use? Web Mail, OutLook? Every email will have a delete option on it.



#16 Bill Castner

Bill Castner

    New Member

  • Members
  • Pip
  • 1 posts

Posted 25 August 2008 - 07:30 AM

Even better, the copies in the quarantine are renamed, encrypted and password protected. Even if somebody attempted to run a file it would error.


The problem is that for an OPs notebook computer I have been working with, Quarantining this file renders the keyboard unusable (it acts as if the Special Function key was being held down). It would have helped if the files were not encrypted and password protected; or if a "back door" in the form of a Command Line alternative for restoring a file from Quarantine was provided. Then one could programmatically restore rather than depend only on a now inaccessible GUI.

I understand the concern -- I too have seen things run from anti-malware Quarantine folders even if renamed. (This issue underlies, for example, the Deckard Scan issue with TDSSSERV and the file advapi32.dll). But a "backdoor" for a Restore would be an idea worth consideration.

Best regards to all for a wonderful tool and a simply great job by all at Malwarebytes,
Bill Castner

#17 Jarro

Jarro

    New Member

  • Members
  • Pip
  • 13 posts

Posted 06 January 2009 - 02:46 AM

Serge,

Open MBAM, click on the quarantine tab. Do you see the file you had MBAM remove there?

You will see options Delete, delete all, restore, restore all. As Rubber Ducky said , copy's of files MBAM removes/deletes are sent to quarantine. Whilst in quarantine it (the copy of the original file) can do no harm to your pc. If at a later date you find MBAM has removed/deleted a legitimate file (a false positive), it can be restored from quarantine back to your pc, by clicking the restore button. If however, you know for certain that it is a malicious file then choosing delete, deletes it for good, and cannot then be restored.

Hope this helps. :D



Even better, the copies in the quarantine are renamed, encrypted and password protected. Even if somebody attempted to run a file it would error.


Wow this makes me feel safe.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users