sergelepine

Remove Selected - What happens?

17 posts in this topic

Once the Scan is completed, what happens to the infected file is "Remove Selected" is chosen? Will the infected file be deleted or quarantine?

Serge

Share this post


Link to post
Share on other sites

A copy is made to the quarantine and then it is either immediately removed or removed on reboot.

:D

Share this post


Link to post
Share on other sites

After 2 days, considering if it was a false positive, I finally decided to click on "Remove Selected". I do not know if a copy went to quarantine or not but "Adware.MyWebSearch" was immediately removed. I ran malwarebytes again, no spyware was found.

Thanks

Serge

A copy is made to the quarantine and then it is either immediately removed or removed on reboot.

:D

Share this post


Link to post
Share on other sites

Serge,

Open MBAM, click on the quarantine tab. Do you see the file you had MBAM remove there?

You will see options Delete, delete all, restore, restore all. As Rubber Ducky said , copy's of files MBAM removes/deletes are sent to quarantine. Whilst in quarantine it (the copy of the original file) can do no harm to your pc. If at a later date you find MBAM has removed/deleted a legitimate file (a false positive), it can be restored from quarantine back to your pc, by clicking the restore button. If however, you know for certain that it is a malicious file then choosing delete, deletes it for good, and cannot then be restored.

Hope this helps. :D

Share this post


Link to post
Share on other sites

Even better, the copies in the quarantine are renamed, encrypted and password protected. Even if somebody attempted to run a file it would error.

Share this post


Link to post
Share on other sites
Even better, the copies in the quarantine are renamed, encrypted and password protected. Even if somebody attempted to run a file it would error.

Thanks for the info.

Now how do I delete all these messages in my in box?

Serge

Share this post


Link to post
Share on other sites

My question was: "Now, how do I delete all these messages in my in box?" The reply does not seem to match my question.

This board has a hard learning curve.

Serge

Thanks for your Help!

Click the quarantine tab and click delete all.

Share this post


Link to post
Share on other sites

I did follow your instructions from your previous message. I submitted the 3 logs as requested on 17 Aug 08. I did start a new topic. Did I place the logs in the wrong forum? I do not know.

Should I re-submit them if so where?

Serge

Open the program and you will see several tabs. Quarantine is one. You might want to have someone have a look at your logs too, after you follow the instructions here http://www.malwarebytes.org/forums/index.p...;st=0#entry9894 and start your own topic.

Share this post


Link to post
Share on other sites
My question was: "Now, how do I delete all these messages in my in box?" The reply does not seem to match my question.

Serge,

Was this question specifically about MBAM, or your E-mail inbox ?

Share this post


Link to post
Share on other sites
I did follow your instructions from your previous message. I submitted the 3 logs as requested on 17 Aug 08. I did start a new topic. Did I place the logs in the wrong forum? I do not know.

Should I re-submit them if so where?

Serge

I see your thread, you need to update MBAM, it's at version 1.25 now and post a new log from it for Tigger to see, and a new HJT log. Also as melboy has asked, are you referring to your email inbox as well as your quarantine folder?

Share this post


Link to post
Share on other sites

The answer required is for the E-mail in box.

My mistake the first question had been answered. I should have started a new topic.

Thanks

Serge

Serge,

Was this question specifically about MBAM, or your E-mail inbox ?

Share this post


Link to post
Share on other sites

OK what type of email do you use? Web Mail, OutLook? Every email will have a delete option on it.

Share this post


Link to post
Share on other sites

Forget the question. It was in In Box on this board. It is ok there nothing in it.

Serge

OK what type of email do you use? Web Mail, OutLook? Every email will have a delete option on it.

Share this post


Link to post
Share on other sites
Even better, the copies in the quarantine are renamed, encrypted and password protected. Even if somebody attempted to run a file it would error.

The problem is that for an OPs notebook computer I have been working with, Quarantining this file renders the keyboard unusable (it acts as if the Special Function key was being held down). It would have helped if the files were not encrypted and password protected; or if a "back door" in the form of a Command Line alternative for restoring a file from Quarantine was provided. Then one could programmatically restore rather than depend only on a now inaccessible GUI.

I understand the concern -- I too have seen things run from anti-malware Quarantine folders even if renamed. (This issue underlies, for example, the Deckard Scan issue with TDSSSERV and the file advapi32.dll). But a "backdoor" for a Restore would be an idea worth consideration.

Best regards to all for a wonderful tool and a simply great job by all at Malwarebytes,

Bill Castner

Share this post


Link to post
Share on other sites
Serge,

Open MBAM, click on the quarantine tab. Do you see the file you had MBAM remove there?

You will see options Delete, delete all, restore, restore all. As Rubber Ducky said , copy's of files MBAM removes/deletes are sent to quarantine. Whilst in quarantine it (the copy of the original file) can do no harm to your pc. If at a later date you find MBAM has removed/deleted a legitimate file (a false positive), it can be restored from quarantine back to your pc, by clicking the restore button. If however, you know for certain that it is a malicious file then choosing delete, deletes it for good, and cannot then be restored.

Hope this helps. :D

Even better, the copies in the quarantine are renamed, encrypted and password protected. Even if somebody attempted to run a file it would error.

Wow this makes me feel safe.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.