Sign in to follow this  
Daveg123

Quarantined..now what?!

Recommended Posts

Hello,

I ran A-Squared free some time ago and it found Trojan-Downloader.Win32.Small!IK in what I assumed was a FP - as it's an audio file in a game 'Grand Prix Legends'. I Quarantined it - because that's what it tells you to do! And don't play it any more anyway.

I ran A-2 free again yesterday and it found another occurrence of the same Trojan in C:\System Volume Information\_restore{....}\\A002981.EXE Which I quarantined for the same reason - A-2 free said to do so.

Unfortunately, I seem not to have saved the reports.

Googling brought me here and it now seems It's wrong to quarantine according to the post you refer everyone to. Running A-2 free again today, it's found another 2 occurrences of the same 'trojan' since yesterday this time in a gear shift plugin again for Grand prix legends game that was always there AFAIK. This time I haven't quarantined but saved the log for those.

What Should I do about the quarantined files with no logs? Should I unquarantine them and re-scan with A-2 free to generate logs and start posting all the logs?

And why does this programme tell you to quarantine by default? None of this makes sense; surely every occurrence detected can't be posted in logs to this forum?!

Oh, and A-2 free also freezes if I right-click its icon. Frankly, I'm considering either deleting the files or unquarantining everything found and uninstalling this software.

Share this post


Link to post
Share on other sites

Hi, daveg123, welcome to the forum

If you suspect that a false positive has been identified, you should submit it to EMSI.

Checkout the post by Lynx in this thread for info on submitting FP's

http://forum.emsisoft.com/Default.aspx?g=posts&m=23118

In the meantime, we cannot comment further on your particular case until we see the logs. If you are happy to do so, please do as you suggested and re-scan then save and post the scan report.

Thanks.

Share this post


Link to post
Share on other sites

Well, I restored the quarantined files and downloaded the other 3 programs. Ran CCleaner. But once again A-Squared free froze when I came to run it for another scan. I point out I'd no evidence of any problems until I met A-Squared free; this PC is actually rarely on the net, only for updates and iRacing.

Having also now scanned with Malwarebytes' anti-malware which found nothing and seeing evidence that A-Squared freezing causing me to restart via power button is doing more harm than good (CHKDSK ran and did a lot at startup), plus, google suggesting A-Squared free it's notorious for freezing and showing false positives, I've decided to abandoned it.

Share this post


Link to post
Share on other sites

Hi Daveg123,

That is your personal choice if you decided to abandon a2.

Nothing we can do without information about what was flagged.

There are not many cases about freezing, but previously they all were solved.

Again nothing can be said, since you did not provide info about your system as in Posting Rules.

Other that that you may search old forum for “freezing” and alike and you will find advices and solutions.

a-squared has the highest detection rate on the market, but anyway... we hope that you will find the Software that suits your needs regarding security

Good luck

P.S.

I Quarantined it - because that's what it tells you to do!
this Software does not tell you that.

It just shows you flagged suspects. After that it is user's decision.

There are certain rules re: "how to" investigate the matter and that applies to any security

Share this post


Link to post
Share on other sites
P.S. this Software does not tell you that.

It just shows you flagged suspects. After that it is users decision.

There are certain rules re: "how to" investigate the matter and that apply to any security

Yes it does! I lays a window on top of the results and specifically says something to the effect of: 'you have a high risk...blah blah - you should quarantine these files.'

If it had only produced results I would investigated before quarantining.

Share this post


Link to post
Share on other sites

As far as I know that is the new window introduced.

It will be shown when your 1st scan ended after the installation when there are high risk items flagged.

There is an option to suppress further appearances of that window.

In any case when you close that window you are left with the detection list.

If you are sure please quarantine; if not - submit for analysis to the developers; or whitelist ... and so on

There is no "... blah ... blah..." in that message anyway

Thanks

Share this post


Link to post
Share on other sites

Not much can be added at this stage without having details.

… but I will just a bit … most likely for other users who will read this thread,

or

in case you will reconsider in the future

Here are few links to read

1) [sticky]

2) In the reply from Thursday, 25 December under “submitting and or auto-rescanning” there are helpful references about different ways to do that.

I hope you will learn how to investigate, submit detected items, setting Re-Scan option, etc., e.g.:

How should I treat the malware I found?

3) As for detections in the System Restore Point (SRP) since it is mentioned in your initial post

(please never type use copy/paste or attach saved report)

The only method is to switch SRP “Off “(clean) and then turn it back “On”

Read the comment about System Restore detections by ShadowPuterDude here

Thanks

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.