Jump to content

Arrow5

Members
  • Content Count

    165
  • Joined

  • Last visited

Everything posted by Arrow5

  1. antikythera -- " No, quarantine the file first. Then restore the settings I said to change in windows explorer." I've already changed the settings back. How do I quarantine the file? Lab said it was a false detection and it would be corrected on next update. So I need to quarantine the file? How?
  2. Thank you antikythera, I've sent the correct file to the lab -- Thank you again for helping me figure out that the file was hidden from my view. I knew I was following directions as stated to me, but just couldn't find that blasted file! While I was in the process of sending the Lab form for the correct one since found - the initial response from the lab came back on the previous incorrect file I sent, with no detections on that one. After submitting the correct one, with an explanation that I had sent an incorrect one previoiusly, a response came back on that about 2 minutes after I sent it to them -- saying that there was no malicious code in that file. So now - is it ok to try and run my MS Works ? Will it still trigger an Alert from KIS about a trojan? Will a full scan or Rootkitscan bring this back up again? How does this happen anyway. Just curious how it got triggered in the first place. Thank you again!
  3. Ok - I've found the file now!!! Thank you! So it was hidden huh? But .... Someone before said that when I restored in order to that, that there should've been a place to save the file - but I told them that there wasn't. All I got - when I right-clicked on the file name in Disinfected files it that it just dissapeared from the detected tabs list of disinfected files. So is it residing where it needs to be ? Just was hidden from view from me due to the the view that you've had me change to uncover ? If so - can I now send it to Lab - but I've already sent to the lab was what I initially thought was the file, and it was MSworks.exe. - not the correct one. Now that I've found the correct one - If I send this now now (Wkswp.exe - will that cause more confusion?) And once I send it, I'll be able to change the folder options in View that I've unchecked just now ? correct? One more thing. Do I need to put the Settings/Protections/select action automatically - ticked off again in order to send it to the lab - or that was just for restore process? At the moment, I've got the protections back to select automatically ticked. Thank you again. Thank you again for your patience.
  4. This is all making me uneasy - just to send this blasted thing to the lab! - thank you though for your patience with me. --- Once I unticked "hide protected operating system files I got a windows warning pop up screenshot below: Do I continue on even with that warning?
  5. Thank you, I started another thread, and I know that's not good, because I was having a separate issue, and wasn't getting anything on the old thread. I do apologize for that I knew better. No, there was nothing that came up that said where to save it. Or that I saw. So I will try searching C: drive. But am I understanding that correctly - that's the file I needed to find and send. Now that it's probably residing in a different place - do I need to put it back into program files? And how?
  6. After doing instructions - in order to send to lab - I've restored it from disinfected, but when I try to find the file name from my list of programs the file to send is not there. I'm looking in the original destination I thought C:program files/Microsoft Works/ and looking for wkswp.exe - but not there.
  7. Getting ready to do this today. Once I right click on this to restore, in order to send to lab as a possible false positive - I noticed there is a "send" option in the right click menu - that I assume will be viable once I click restore. Is this correct? Thanks!
  8. antikythera -- Thank you for that. just needed a clarification, and that helped tremendously, thank you.
  9. So do I restore the other 2 or just the wkswp.exe one restore & send to lab? And if I restore, isn't it going to keep coming up as trojan alert?
  10. Additional question on doing this sorry. In order to send to lab, do I have to restore it? Can this be done without the restore? I notice another person with the same problem trojan, and you've mentioned to them to send it to the lab, but didn't mention restore, so I'm trying to figure all of this out. -- At the moment I don't need MS Works to do things,for a few days anyway -- so does it need to be restored, in order to send it to the lab? -- Also what about that other ones besides WksWP.exe that were in the detected tab & show deleted. (I've listed those below with the wkswp.exe one: 3/26/2010 2:06:52 PM Deleted Trojan program Trojan.Win32.Agent.dqbn C:\Program Files\microsoft works\WksWP.exe High 3/26/2010 2:28:56 PM Deleted Trojan program Trojan.Win32.Agent.dqbn C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP621\A0065398.exe High 3/26/2010 4:36:31 PM Deleted Trojan program Trojan.Win32.Agent.dqbn D:\I386\Apps\APP11984\src\MSWORKS\PFILES\MSWORKS\WKSWP.EXE High Thank you!
  11. Ok. I'll do as instructed. How based on your statement above, do you know that the detection "appears" to be false, though. If KIS detected it and treated it like a trojan. It also is listed in system restore - if you look at the detected threats tab - deleted log I posted. Just curious. Thank you again, as always for the fast support in this forum.
  12. I don't even know what a false positive is, let alone how to tell if this was one - ? KIS detected The trojan win32.Agent.dqbn which appeared on the scan today, and I did the recommened delete. By my sending it to the lab am I creating a help ticket that they will get back to me on? Can I still use my computer, go online etc... while this file is restored? Thanks & sorry for being thick-headed, but all of this unerves me!
  13. Ok - I'm a bit slow on understanding this, so please hang in there... If I restore this disinfected file for this - won't my computer be compromised with this trojan? And by unchecking the select action automatically in settings/protection - isn't "automatically" my default ? What happens with any virus/trojans that may come up, if that's no longer set to automatically. When you say send this to the lab -- (and I'm kind of slow here on getting these instructions there's a couple of different ways to send it it seems from what I'm reading), -- what am I sending to the lab? - -- what do I do in the meantime with my computer? Can I still use it while this is going on? Ackkkk!!! I'm so confused!
  14. So question is -- in order to use my MS Works - what do I do. It's more than just the shortcut I think - When I try to open it - it's like it's not there.
  15. Hello yet again. Using KIS 2010 Win XP Serv Pack 3 Home Computer I posted about a week or less ago, that Full scan found a trojan, KIS took care of it. All Green all is well. Today upon routine Root Scan that goes automatically all fine this morning, but afternoon rootscan found a trojan - took care of it. But - the file that came up was something to do with My MS works. Screen shots below. Computer rebooted, I ran full scan, a couple more pop ups came up with red detections, did recommended action of delete, - full scan finished -- all green. When I try to use my MS Works - it cannot find the shortcut I guess. Says moved or something....Tries to look for it, but I stopped the search for it (with the flashlight icon that comes up when it tries to search), so I could post my question. Is there anything I need to do? Here's the line item I pasted on the detected action. (also a screnshot below) The active threats is empty - (screenshot below) 3/26/2010 2:06:52 PM Deleted Trojan program Trojan.Win32.Agent.dqbn C:\Program Files\microsoft works\WksWP.exe High
  16. Hi thanks for quick reply, Screen looks blank on Active threats pull down menu - if that's where you were asking me to go. Shreenshot below. Yes, thank you that was the thread on that detected http site from January, if that looks ok and my active threats is empty from the trojan detection from yesterday - then all ok, I guess ? As far as the action I've taken in regard to yesterday's trojan it found on scan, I know that KIS creates a back up of what has been deleted, what I'm unclear about is if these files are vital. Did I just delete something that the computer needed as far as those files? The files do not look familiar to me like system volume information restore or something like that. Thank you for your patience and time.
  17. Hi! Thank you! Here's my screen print of what I have. However, back in Jan 13 or 14th of this year, I wrote to this discussion board and asked about this event that happened that still shows. A website http file & name showed up on event log and - I Was told by Lucien? that yes - KIS showed the website was infected, but KIS showed in my event it was infected, and blocked. Here's the screen shot. I just searched the archive under my posts and the discussion - Jan 13 or 14. Search won't let me go back in to find the exact date. I thought I was ok with that though, based on my understanding of the response given to me back then. Here's the screen shot of what I still show detected is at top - blue i next to it
  18. Hello once again. I come here with little knowledge, and usually when something is wrong! -- But willing to learn, it'll just take me a while. Bear with me, and sorry it's wordy. I wanted to make sure I got this out while I remember. Using:. KIS 2010 working great, since upgrading from KIS 7 -- like it alot. Home PC - Windows XP Home Ed Serv Pack 3 Build 2600 Last night, decided to run Full scan - it had been about 3 weeks since last full scan, which should've been sooner, but didn't get a chance. KIS database updates current though, still should've ran a full scan sooner. Quck scans multiple times a week, never turned up anything. Got lazy on Full Scan. KIS detected Trojan-Spy.win32.agent.bdzz & Trojan-Spywin32.agent.beaf Pop up came up with disinfect grey out, not able to do it or something like that. Gave me the choice to delete with recommend next to it. I clicked on delete. Several of these happened throughout the scan. At some point I paused the scan to take care of this. Then resumed scan. Again, more kept coming up with same prompt & I'd click delete as recommended option. At the tail end of scan it detected Adware-not-a-virus -- took care of that as well. I re-ran the full scan again late last night (early morning hours actually), and a few more came up and same action. Screen went back to green. All looks fine. Rebooted today, ran full scan again, all clean it seems. My question: I'm attaching screen shots of detected tab events and report - The files that seem infected appear to be files that were residing in what I "believe" was a desktop data back up folder, created by the Geek Squad, pre-Kaspersky days, when we had a problem (virus or something at the time), with the computer and they took care of cleaining it, and saved our data to a folder. And pointed us to KIS as one of the best protections we could get. And we then installed KIS.. We were never told what to do with the back up folder, (or better half didn't ask). I've accessed it for a few saved pictures, word processing docs, etc...at times & gotten rid of files I knew I didn't need. But there it still sits. And not even sure I'm reading the KIS report correctly in assuming these infect files are from that folder, but looks like it points to that. Are the files that were affected, things I need? The file names do not look familiar and seem possibly to do with the backup recovery or something? Since I clicked on the recommended delete action, I'm wondering if I need these files? They look like system files to me, but I know nothing. Do I need to piece these files back together again? Or just not worry with anything - all is green. Thanks! Attempting to attach png files here
  19. Ok, thanks -- will do - Appreciate the fast responses here as always.
×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.