Sode no Shirayuki

Question about a-squared free

Recommended Posts

Hi, I just ran a scan today and A-Squared found 3 items. I successfully quarantined all 3 of those items. However, after restarting the software the 'Quarantine' section only specified 2 of the items (Before restarting the software all 3 items were listed appropriately) while the 'Log' section still lists all 3 items. I tried following the path to the item that is "missing" and it seems it doesn't exist, so I assume it's still being quarantined. I also opened the folder in which quarantined items are stored. There are 3 items. However, while 2 of the items in the folder are very similar in nature (A2Q file and has a random name) the third file is called 'submit.dat'. This anomaly has me confused and I would be much appreciative if someone could shed some light on this subject. Thanks.

Edit: This leads me to the question, if I ever had to manually restore this item, how would I?

Share this post


Link to post
Share on other sites

Hi Sode no Shirayuki, welcome to the forum

Without additional info it is not easy to "see" what is going on.

1st, always save the report

Then you can use “Save quarantine list” link

You can attach reports to your post

The Software is able to rescan Quarantined items automatically after updates, see respective options in Configuration

Please look into Log file (you can post the image) and see what is in the Event column

There could be “Move to Quarantine” ; "Restore Quarantine” signs.

Do you have the latter against the item in question.?

Files with A2Q extensions contain quarantined items in encrypted format (internal by Emsisoft)

Finally, re: you last question – Highlight quarantined item(s) and use <<Restore>> button

P.S. When posting requests, please provide more detailed information about your System Environment as in Forum Posting Rules #2)

Share this post


Link to post
Share on other sites

Hi, sorry, it's my first time using this forum.

Lynx,

1) "Finally, re: you last question – Highlight quarantined item(s) and use <<Restore>> button"

- I'm aware of this, but the problem lies in the fact that the item is not in the 'Quarantine list'. However, it is stated in the 'Quarantine log' that the item was successfully MOVED TO QUARANTINE.

- 5/1/2010 4:38:39 PM | c:\program files\global star software | Move To Quarantine | Trace.Friday Night 3D Darts!A2 - This is the file in question. It actually seems to be a folder containing several files.

2) "The Software is able to rescan Quarantined items automatically after updates"

- I'm also aware of this and have the option enabled. I have not run any updates after scanning. The file should have been returned to its' source anyways, which it has not.

3) "Please look into Log file (you can post the image) and see what is in the Event column

There could be “Move to Quarantine” ; "Restore Quarantine” signs."

- It states 'Move To Quarantine'.

4) "When posting requests, please provide more detailed information about your System Environment"

- System: Microsoft Windows XP

Media Center Edition

Version 2002

Service Pack 3

It's probably x64 (I can't remember). If you can remind me how to check this I can get back on this.

p.s. I looked in the "Logs' folder and found one file. I've only run one scan since I have downloaded and installed the software, so I imagine it is it. The log is attached. Additionally, if you need anymore information please specify. I'll see what I can do. Thanks!

Edit: For what it's worth, when I ran a scan with Argente Registry Cleaner it found several application paths leading back to 'c:\program files\global star software'.

Edit: Er, I forgot to mention my software. I use Norton 360 Premier Edition, and Malwarebytes' Anti-Malware, Super Anti-Spyware, and A-Squared free ON-DEMAND scanners only.

Share this post


Link to post
Share on other sites

Hi Sode no Shirayuki

No need to apologize

Here are one of the links you can use inn order to check whether the system is x64 based

As for the System Environment info – you are saying that you are not using any additional AV in conjunction with Emsisoft – Free edition and ad we may assume that you are using just MS Windows native Firewall.

Am I right ?

If so, both points are really bad regarding security

... The log is attached...

There are no attachments to your previous post

3) "Please look into Log file (you can post the image) and see what is in the Event column

There could be “Move to Quarantine” ; "Restore Quarantine” signs."

- It states 'Move To Quarantine'

Have you at least tried to save & attach existing Quarantine list as suggested?

If you have any difficulties posting Log file image like below please ask

qarLog_old.jpg

My regards

Share this post


Link to post
Share on other sites

I have a 32-bit operating system. Hm, I attempted to attach a log file that was present in C:\Program Files\a-squared Free\Logs. I guess it didn't work, interesting... I'm unsure how to post a log image file as you suggested. The software I'm using currently is A-Squared Free, Super Anti-Spyware, Malwarebytes' Anti-Malware, and Norton 360 Premier Edition. From what I understand, Norton 360 Premier Edition is an all-in-one security program consisting of Anti-Virus, Anti-Spyware, Root-Kit Protection, Firewall etc. The official link to Norton 360 Premier Edition is http://www.symantec.com/norton/360-premier-edition Mine's a slightly earlier version. Microsoft Windows Firewall is turned off. Now that I think about it, I'm unsure whether or not it's okay to run A-Squared free with Norton 360 Premier Edition and/or Malwarebytes' Anti-Malware.

Share this post


Link to post
Share on other sites

Thanks for reply, Sode no Shirayuki

1st, the log file reports will be easier to post after v5 will be released as a stable, since there is an "Export" functionality

Currently in most areas.

In any case, if you want to attach / post an image please have look into our Offtopic section Posting Image, here are other helpful posts & discussions as well

As for Emsisoft Free edition - it is compatible with most if not any of the existing security that have their own real-time residents.

(see "Compatibility" threads in or old forum)

I am not a fan of any Synamtec products & would never suggest using any of their products, but that is my own personal opinion

At the same time without knowing the version precisely it is hard to tell whether at least their firewall(FW) is sufficient enough, because as you stated the native MS FW is disabled which is right thing to do in any case (having 3rd party FW in place)

All recent test are about best FW protection speaking about Comodo FW (v3.24 - important - not v4) ; Online Armor (not x64 support yet, just beta, but must be very strong) and Outpost

As for AV I would suggest using Emsisoft - it has the best detection rating on the market consistently for many years

You can use MBAM and or others as on-demand only scanners(having some experience in maintaining such setups) , but keep in mind that MBAB does not have anti-virus protection & in addition it is a lot of troubles reported with its IP filtering feature

My regards

Share this post


Link to post
Share on other sites

I can't seem to take a screen shot. I followed the directions, but alt+print screen isn't working. I even tried finding additional commands to take a screen shot Wikipedia and none of them worked either. After using the commands I opened up the Clipboard (Start - Run - clipbrd.exe) and no images appeared there. I'm personally not a fan of Symantec myself, but I was waiting for the license to expire before replacing it with a new software. The version of my Norton 360 Premier Edition is 3.8.0.41.

Edit: Could the fact that the item disappeared from Quarantine and still not exist in its' original source location have anything to do with it being a folder consisting of many files and not a file itself? Could it be a glitch in the software? Is it possible for me to restore the folder and all of its' contents via system restore?

Share this post


Link to post
Share on other sites

System Restore is out of the question. System Restore won't allow me to restore the computer to the date the item was quarantined.

Edit: Before the item disappeared from Quarantine I uploaded it to A-Squared's malware team for research. Is there anything they could do?

Share this post


Link to post
Share on other sites

Good morning Sode no Shirayuki

Could the fact that the item disappeared from Quarantine and still not exist in its' original source location have anything to do with it being a folder consisting of many files and not a file itself?

The “disappearance” which we cannot figure out is as separate to the question about a folder being quarantined. Yes, the whole folder containing many files can be quarantined (Trace.Directory types of detection), but we should not be guessing now.

As a matter of fact in the reply #3 you mentioned c:\program files\global star... “Trace.” and the message is cut after the “dot” you did not adjust the column width

Edit: Before the item disappeared from Quarantine I uploaded it to A-Squared's malware team for research. Is there anything they could do?

If the item is not in quarantine it could be restored after re-scanning as discussed above

or you are saying - that specific folder doesn't exist anymore?

If you cannot find the whole folder and/or the functionality of the particular program is broken I am afraid in this situation you have to reinstall the Software.

Next time always save report, investigate 1st if you are not sure. Read this Sticky

Finally, re: “disappeared” item

Are you using localized version of Windows with languages like Korean or Chinese?

My regards

p.s. I am not sure why taking the screen snapshot didn't work

(some keyboards have special “Function” button that is triggering/changing behaviour of the upper-row function keys... could be that) but you don't need to invoke clipbrd.exe.

The procedure and some additional Utilities described in Posting Image

Share this post


Link to post
Share on other sites

The item is listed in the Quarantine List as "5/1/2010 4:38:39 PM | c:\program files\global star software | Move To Quarantine | Trace.Directory. Friday Night 3D Darts!A2". It's exactly like that. The separators are to distinguish the categories. I guess I did type that wrong. Though, I did intend to type it like this.

The folder isn't anywhere in my c: hard drive nor does it seem to be encrypted in C:\Program Files\a-squared Free\Quarantine.

There doesn't seem to be a 'function' key on my keyboard. If I use alt+print screen, where would this image file be located 'cause I can't seem to find its' location to open it via paint?

Global Star Software seems to be associated with gaming, so it evidently isn't critical to the system or any software which is good. Though, I quarantined the item in case it was a legitimate threat to protect the computer while A-squared's malware team and I further investigate the item. While the files in the folder may not be harmful themselves, they could have become infected through another source. Isn't the point of Quarantine for critical files that are infected since quarantining a critical file won't cause any harm to the computer (It never has for me anyways...) and at the same time would be protecting the computer from the infection inside of the critical file or files that a person are unsure of whether or not are legitimately infected. Quarantining is suppose to be a safe process which is why it's always recommended to quarantine items rather than delete those items from the computer ('cause for instance, you may be deleting critical system files or other files that are necessary for the function of certain software). The problem here isn't that I quarantined the items. The problem is that what's suppose to be a safe alternative to deleting items was glitched (I can't think of any other possible explanation except that A-Squared is glitched) in the software which conducted the quarantining. Though, as I said, after researching Global Star Software it seems its' associated with gaming. The contents of the folder were probably games, so it's not a big deal, thankfully. They probably weren't used either. Anyways, I guess I'll be reporting this to A-Squared's development team as a possible bug.

Edit: I guess it would probably be a good idea to temporarily restore the other 2 quarantined items until this anomaly is sorted out, eh? Additionally, it's probably a good idea to temporarily uninstall A-Squared free.

Share this post


Link to post
Share on other sites

Thanks for confirming that it was “Trace.Directory” as I suspected.

Then - yes - if you quarantined such entry a whole directory content will go to Quarantine.

At the same time, it is not clear what was disappeared from the Quarantine.

Few possible legitimate causes were described.

Only if it not that – that could be considered a bug that you can report to developers.

You will be probably asked to send a-squared.db3 file

resided in C:\Program Files\a-squared Free\Logs directory

But if you can see the item as you posted now you can Restore it as it was suggested earlier.

Have you tried that?

As for the “critical”/ or “vital system files” that you read about in the Sticky – that is completely different.

Please do not mix quarantine process itself of such files with the “ordinary”/“less important” files … games / or programs that you installed / etc.

That was the main point of the Sticky. Even if the system (“critical”) file is infected / substituted by malware – the recovery of such file(s) usually is not a trivial procedure because removing those file(s) from their location by the quarantine could be damaging.

Other than that – Quarantine IS a safe way of temporarily jailing suspects indeed, as you said, compare to the Deletion procedure.

If I use alt+print screen, where would this image file be located 'cause I can't seem to find its' location to open it via paint?

Alt+PrtScr (active window) or PrtScr (whole screen) pressing should place the respective items (in brackets) into the system Clipboard

When you open MS Paint or any other Graphics Editing Software

Ctrl+V or use of Edit menu > Paste submenu should copy the item from the Clipboard into the Editing Software

Then you can use its features for editing or just "Save As..."

Choose jpg or png compressed format in order to reduce the size of the resulted file with minimal quality reduction

My regards

P.S. unfortunately you didn't answer the question about localization

Share this post


Link to post
Share on other sites

I'm not sure what you mean when you ask "Are you using localized version of Windows with languages like Korean or Chinese?"

Unfortunately, alt+print screen still is not working. Is there anyway I can check the clipboard to see if the image is successfully being temporarily stored there?

I wasn't trying to suggest that quarantining critical system and/ or software files was safe just, because quarantining non-critical files was a safe alternative to deleting them. It's just, from what I understand from following up on many malware removal videos and articles made/ written by professionals that quarantining critical system files and/ or software files was a safe alternative to deleting them. Basically, from what I understand, if you're critical system files are infected by malware you can safely quarantine those file protecting your computer from the malware without the risk of damaging your computer as opposed to deleting those files which would likely result in damaging your computer. Though, I never expected a glitch to occur in the Quarantine processing of a software before if that's what it really is in this case. Perhaps, I should take this into consideration when quarantining future files with any software. This could have been a disaster if it was a critical file I quarantined.

Anyways, that aside, I cannot restore the file, because it is NOT in the QUARANTINE LIST. The file is in the Quarantine Log though, which is how I was able to retrieve its' source for the purpose of this thread.

Could you perhaps describe what a quarantined directory might look like in the quarantine folder (This folder - C:\Program Files\a-squared Free\Quarantine) or would it look very similar to a quarantined file. I don't remember ever having to quarantine an entire directory before, only specific files.

Share this post


Link to post
Share on other sites

If you are using English/ US version and never changed that – that's fine. Other than that you can read what localization is about (say you can have whole system set for alternative language)

As for quarantining critical files just be careful.

Yes, in some circumstances the System will recover (usually after reboot) such intrusion. At the same time the cases of self-recovery are rather limited compare to what may happen – inoperable OS

You can read this thread about recent disasters and systems broken (beyond repair included) by some major players in the industry.

Regarding the inability of using Alt+PrtScr we may need more info.

What is the keyboard brand?

As I said, some cases I know are special keyboards with enhanced featured that allow additional functionality of the function keys (F1-F12/ etc.), where you have dedicated button in order to trigger/change the behaviour of pressing the said keys (usually the additional button called "F Lock" or alike)

Despite I noted that you do not need clipbrd.exe for posting the image - the result of making screen should immediately be available when you start the Program and you can save the result As <>.clp file,

so that's really can be used in order to “check the clipboard” content since you asked.

I hope that new ideas will come and other users will share their thought regarding the matter

{added} if you have wireless keyboard or PS/2-USB converter - please try Shift+PrtScr (should work in most cases)

My regards

Share this post


Link to post
Share on other sites

After using alt+print screen there was no image that appeared in clipbrd.exe. Additionally, I've tried other possible commands which I found on Wikipedia, but unfortunately to no avail.

I'm not exactly sure how to answer your question regarding the type of keyboard I'm using, because I'm using a laptop. However, if it helps the brand of laptop I'm using is a Compaq.

I created a support ticket regarding this issue. This is the response I got from one of Emsisoft's representatives -

"Hello,

there is a well known bug on chinese, japanese, korean windows versions. This will be patched in next major version 5.

If you use english windows i will try to reproduce this issue."

So, it seems they're aware that this problem exists in Asian Windows versions, but were unaware that it additionally exists in English Windows versions. Thankfully, they're looking in to this issue now.

I guess... I guess what I'll do for now is go ahead and temporarily restore the other 2 quarantined items and uninstall A-Squared free until this issue is fixed. I'm not distraught over the loss of the contents of the directory as they're merely games and nothing critical to the system or any installed software. They likely weren't used and should probably be removed to free up space anyways.

Share this post


Link to post
Share on other sites

Thanks for reply

I created a support ticket regarding this issue. This is the response I got from one of Emsisoft's representatives - … there is a well known bug on chinese, japanese, korean windows versions. This will be patched in next major version 5

Yes, that's what I meant asking about the localization (languages) /quarantine behaviour & known bug that has to be fixed in v5

...I'm not distraught over the loss of the contents of the directory as they're merely games and nothing critical to the system or any installed software.

Sure, as it was pointed above if that is just games and or any Software you installed plus non-system critical files you can reinstall the Software. Even if that was a bug in quarantine/restoring it would be the matter of rescanning after reinstall, keeping in mind that currently you have to set the system and Emsisoft to the default language.

I don't see the need of uninstalling Emsisoft, despite that is your choice.

The problem with the keyboard and inability to use PrtScr is a different issue though, that has to be addressed separately as I can see it.

In addition to what was suggested it could be even the specific problem with the brand of a Computer and its BIOS.

You could provide and/or search the precise computer model and its site.

In many cases that is the matter of upgrading the BIOS.

I have experience of changing 5 combinations (keyboards & mice) on one of the PCs with Intel motherboard until the subsequent firmware update fixed the problem accepting any given keyboard / mouse

In any case, have you tried suggested Shift+ combination and one of those Utilities for screen capturing?

Everything will be sorted out and work eventually :)

My regards

Share this post


Link to post
Share on other sites

Hi Sode no Shirayuki,

The date of the final release is not known yet, but it can happen soon, since public beta v5 testing shows pretty much stable functionality.

My regards

p.s. As for the screen capturing, if none of the Utilities and combination of buttons are working you can try to connect external keyboard. Since it's a laptop you may bring it to any local computer shop and check. After that having any result just apply to the manufacture and describe the problem. Sure you have to state the precise model of your Compaq and the BIOS version.

Share this post


Link to post
Share on other sites

I don't think I'll bother with a solution for screen capturing, just yet. Since this is a known bug I have no further use for the feature for this particular situation. I'll keep the suggestions in mind though for when I do need the feature in the future. Anyways, I guess thread is solved. Thanks, for the help.

Share this post


Link to post
Share on other sites

Inability to get Screen Snapshot using your keyboard has nothing to do with known bug in particular Software regarding quarantine; missing entries; localization, etc.

In my reply #2 I just asked to post an image as a supplementary information, when reports/log files or alike are not available

Everybody should be able to get RrtScr / Alt+PrtScr /Shift+ / or using suggested Utilities

It doesn't matter whether Emsisoft or any other Software is installed or uninstalled

It would be beneficial or even necessary to solve that issue irrespectively

My regards

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.