Sign in to follow this  
Tom555

Can't Restore My TT Media Player From Quarantine

Recommended Posts

Hi everyone,

I'm new here and need a little advice if anyone has time. My TT media player was detected as a threat and I selected quarantine without checking the details. Now I'm not able to use the media player and I would like it back with all of the original settings and files if possible.

First I select all the quarantined files and they turn blue, then I click on 'Restore'. The 'Restore' button goes a solid blue colour (losed the pale blue horizontal line at the top) then goes back to how it was originally and nothing happens to the selected files.

Thank you in advance.

:)

Share this post


Link to post
Share on other sites

Hi Tom555, welcome to the forum

This is "Malware Removal help " section

Your question seems to be about using the Software.

We can move the thread into appropriate section after your reply.

When replying please state the edition of a2 you are using (Anti-Malware or Free)

Read Forum Posting Rules and provide information about your System as in #2)

Use "Save Quarantine list" and attach the report, so we can see what was quarantined.

If your system is misbehaving and you want to investigate the matter, then below are the standard rules for this section:

=======

Read the following instructions

START HERE, if you don't we are just going to send you back to this thread <--click

Prepare and post (attach) the required log files into Malware Removal section of the forum

(create new thread there)

Wait for reply from ShadowPuterDude, Katana, or JeanInMontana

for assistance and further instructions.

=======

Translation Links for Forum Instructions

My regards

Share this post


Link to post
Share on other sites

Hi Lynx,

Thank you for your help and sorry I posted this in the wrong section. I’m using the free version of A2. I attached the ‘save quarantine list’ report but there doesn’t seem to be much on the file.

Windows XP Professional (2002) service pack 3

McAfee Antivirus software which includes a firewall

Malwarebytes (free version)

SuperAntiSpyware (free version)

HijackThis

Share this post


Link to post
Share on other sites

Hi Tom555,

Thanks for reply. The thread was moved here.

Well that's definitely not good looking quarantine list.

The only similar incidents with empty quarantine or blank entries were reported in the past for the localized systems (e.g. Korean, Simplified Chinese)

I do believe you checked the location of the player so you are sure that none of the files are in place after that "restoration" procedure.

Can you recall whether files were flagged or just Registry entries?

Not much I can suggest except:

- You can reinstall the player;

- Update a2;

- Rescan;

- If there are flagging please (always) save the report.

note: Disable real-time resident of the Antivirus prior to the scan especially is the type is Deep / Smart / Custom of the substantial size with many folders

That is recommended action in order to avoid conflicts and reduce the time of scanning

As a matter of fact was McAfee's Guard active during that scan when the player was flagged?

Were there any warnings from McAfee during the scanning with a2?

Do you have auto-quarantine/delete/healing options set in McAFee?

If so, irrespectively disable that.

See this Sticky

If there are flaggings of the Player attach saves scan report.

If you wish to test (nobody can insist though) you can quarantine again, but please save the list straight after quarantining and attach that too.

Please submit flagged items for analysis to EMSI developers from the detection list or from quarantine

My regards

Share this post


Link to post
Share on other sites

Hi Lynx,

I think Simplified Chinese could be the culprit here. My operating system is the English language version but for non-unicode characters I had it set to simplified Chinese because I’m learning Chinese. The TT media player was a Chinese language version too but another item in quarantine was not a Chinese language version and that won’t restore either.

I changed the non-unicode setting back to English and then tried to restore the quarantined files but it didn’t work. None of the files were back in position after selecting restore but I did a system restore and got some of them back.

I actually saved the report on this and I’ve attached it. The real time antivirus software is on all of the time and was on during the A-squared scan so, I’ll temporarily disconnect from the internet and switch that off during scans in future. There were no warnings from Mcafee during the A2 scan.

The flagged items are still in the quarantine file and I’ve sent them to the EMSI developers. Might it be worth making a copy of the quarantine file and then adding this to quarantine manually and then trying to restore it from the copy?

Thanks for your help.

Share this post


Link to post
Share on other sites

Hi Tom555,

Thank you for reply and confirming localization/use of simplified Chinese character set, which was suspected as possible cause of the problem

The best way would be sending whole quarantine file from \Quarantine\ folder that should look like 0D771500952A583E57B8C78A1061B4B186DE0775.A2Q

I will contact the developers and find whether the email address used previously for similar requests is the same and let you know.

Now, when we can see file names few thing to comment:

1) Irrespectively submit files from the detection list

using “Send as false alert” (Right-Click on the item);

2) The TPFNF5.DLL file from C:\SWTOOLS\...\OSD\... could be False Positive

Many laptops are coming with “On Screen Display message generator”. (OSD) The file in question is in different “languages related” folders;

3) As for the TTplayer since that is possible now to narrow down the search knowing file names – the player and files actually looking suspicious from point of view of other security as well and so its components are flagged or reported as “under investigation”

My regards

Share this post


Link to post
Share on other sites

Hi Lynx,

Thanks. I’ve submitted the files as ‘false alerts’ as you suggested. This time and the last two times I did this, I got messages saying ‘server error’ and ‘not all files could be sent’ so I’m not sure if they received them all (or any).

I’ve added another file (which had no Chinese characters in it) to quarantine and restored it and it worked fine and the date displayed was correct. I mentioned the date because I’ve noticed another strange thing. The files I’m having trouble with are dated 1/1/1970 in quarantine.

I think that TTPlayer does tend to have spyware or adware attached sometimes as some Chinese download sites add it but there are sites where you can download it spyware and adware free. It does connect to the internet to download and display song lyrics but I haven’t noticed any pop up ads on this version. Its understandable that its under investigation as suspect though.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.