Jump to content

Remove Selected - What happens?


Recommended Posts

After 2 days, considering if it was a false positive, I finally decided to click on "Remove Selected". I do not know if a copy went to quarantine or not but "Adware.MyWebSearch" was immediately removed. I ran malwarebytes again, no spyware was found.

Thanks

Serge

A copy is made to the quarantine and then it is either immediately removed or removed on reboot.

:D

Link to post
Share on other sites

Serge,

Open MBAM, click on the quarantine tab. Do you see the file you had MBAM remove there?

You will see options Delete, delete all, restore, restore all. As Rubber Ducky said , copy's of files MBAM removes/deletes are sent to quarantine. Whilst in quarantine it (the copy of the original file) can do no harm to your pc. If at a later date you find MBAM has removed/deleted a legitimate file (a false positive), it can be restored from quarantine back to your pc, by clicking the restore button. If however, you know for certain that it is a malicious file then choosing delete, deletes it for good, and cannot then be restored.

Hope this helps. :D

Link to post
Share on other sites

I did follow your instructions from your previous message. I submitted the 3 logs as requested on 17 Aug 08. I did start a new topic. Did I place the logs in the wrong forum? I do not know.

Should I re-submit them if so where?

Serge

Open the program and you will see several tabs. Quarantine is one. You might want to have someone have a look at your logs too, after you follow the instructions here http://www.malwarebytes.org/forums/index.p...;st=0#entry9894 and start your own topic.
Link to post
Share on other sites

I did follow your instructions from your previous message. I submitted the 3 logs as requested on 17 Aug 08. I did start a new topic. Did I place the logs in the wrong forum? I do not know.

Should I re-submit them if so where?

Serge

I see your thread, you need to update MBAM, it's at version 1.25 now and post a new log from it for Tigger to see, and a new HJT log. Also as melboy has asked, are you referring to your email inbox as well as your quarantine folder?

Link to post
Share on other sites

Even better, the copies in the quarantine are renamed, encrypted and password protected. Even if somebody attempted to run a file it would error.

The problem is that for an OPs notebook computer I have been working with, Quarantining this file renders the keyboard unusable (it acts as if the Special Function key was being held down). It would have helped if the files were not encrypted and password protected; or if a "back door" in the form of a Command Line alternative for restoring a file from Quarantine was provided. Then one could programmatically restore rather than depend only on a now inaccessible GUI.

I understand the concern -- I too have seen things run from anti-malware Quarantine folders even if renamed. (This issue underlies, for example, the Deckard Scan issue with TDSSSERV and the file advapi32.dll). But a "backdoor" for a Restore would be an idea worth consideration.

Best regards to all for a wonderful tool and a simply great job by all at Malwarebytes,

Bill Castner

Link to post
Share on other sites

  • 4 months later...
Serge,

Open MBAM, click on the quarantine tab. Do you see the file you had MBAM remove there?

You will see options Delete, delete all, restore, restore all. As Rubber Ducky said , copy's of files MBAM removes/deletes are sent to quarantine. Whilst in quarantine it (the copy of the original file) can do no harm to your pc. If at a later date you find MBAM has removed/deleted a legitimate file (a false positive), it can be restored from quarantine back to your pc, by clicking the restore button. If however, you know for certain that it is a malicious file then choosing delete, deletes it for good, and cannot then be restored.

Hope this helps. :D

Even better, the copies in the quarantine are renamed, encrypted and password protected. Even if somebody attempted to run a file it would error.

Wow this makes me feel safe.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.