A Question About Msoft Security Essentials quarantined files

Linksys Befcmu10 ethernet cable modem
February 16, 2013 at 12:35:36
Specs: Windows XP, NA
So I was running another really good malware scanner, other than Microsoft Security Essentials (not Microsoft Security Client, correct?) , and it stated a few files located at: "C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans" were inaccessible. So I got a little curious and managed a way to access them. (Is this where the program puts quarantined files at? Since I don't remember quarantining so many files)

Yet there's this file: mpcache-77C9A77CDA3C035E0960855D9A9FEF6F73C9FCF9.bin.VF
and I opened it in Notepad and the beginning of this file differed than the rest of the inaccessible files (the rest of them began with "MPDC" or "PGM")

This one read like so:

\² ² ¦ C : \ D o c u m e n t s a n d S e t t i n g s \ J o h n D o e \ L o c a l S e t t i n g s \ T e m p o r a r y I n t e r n e t F i l e s \ \ _ _ e m p t y ( C : \ I N T E R N A L \ _ _ e m p t y l C : \ P r o g r a m F i l e s \ I n t e r n e t E x p l o r e r \ S I G N U P \ I N S T A L L . I N S C : \ T E M P \ _ _ e m p t y 2 C : \ W I N D O W S \ F O N T S \ _ _ e m p t y . C : \ W I N D O W S \ I n f \ _ _ e m p t y B C : \ W I N D O W S \ S Y S T E M 3 2 \ b o p o m o f o . u c e < C : \ W I N D O W S \ S Y S T E M 3 2 \ c _ 7 3 7 . n l s ` C : \ W I N D O W S \ S Y S T E M 3 2 \ d r i v e r s \ r o o t \ s y s t e m \ _ _ e m p t y

(this is only a short list of this first section, which is full of different addresses.
Yet this is what made me curious about this file even more:

LINKp²  DATA  [script]
; blablaDATA#  [chanfolder]
n0=#Blabla
n1=#End
DATA¡  [connect default]
Access=NoAccess
[sql default]
Sql=" "
[connect CustomerDatabase]
Access=ReadWrite
Connect="DSN=AdvWorks"
[sql CustomerById]
Sql="SELECT * FROM Customers WHERE CustomerID = ?"
[connect AuthorDatabase]
Access=ReadOnly
Connect="DSN=MyLibraryInfo;UID=MyUserID;PWD=MyPassword"
[userlist AuthorDatabase]
Administrator=ReadWrite
[sql AuthorById]
Sql="SELECT * FROM Authors WHERE au_id = ?"
DATA(  ; for 16-bit app support
----------------

I did a little research and noticed that there's some soft of 'remote desktop'ping, and look at those channel names, that's on IRC.
Anyways, a little help on this would be great.

Thank you so much


See More: A Question About Msoft Security Essentials quarantined files

Report •


#1
February 16, 2013 at 12:50:29
"I was running another really good malware scanner"

Is there some reason why you didn't mention the software by name?


Report •

#2
February 16, 2013 at 12:59:46
"Is this where the program puts quarantined files at?"
Yes.

"Since I don't remember quarantining so many files"
Go down to where MSE is by the clock, double click on the logo to open MSE.

Click on the History tab to see all the stored files that you can probably Delete.


Report •

#3
February 16, 2013 at 13:42:36
Above the Scans folder you mentioned I have a folder named Quarantine (although the actual folder might not appear until you quarantine something). Everything in its sub-folders has the dates when two objects were quarantined. I am not going to pretend I understand the structure but it is about certain that is where Quarantine stuff is placed. If you want to do anything with quarantined objects it would be proper to do it from the normal MSE interface in History (as already given in #2).

As for the mpcache files that is a different matter. I have 9 of them, all with today's date so they do not relate to the quarantined objects. I can only imagine they cache something to speed things up at a later time. It could be to do with updates because I have scanned nothing manually today. Makes me think there might be a new set tomorrow sometime - I'll let you know.

Whatever they are, I suggest you don't worry about them as they are doing no harm and presumably just the way the MSE mechanism works. It is not uncommon for AV's to block user access to their files (and intruders too).

Always pop back and let us know the outcome - thanks


Report •

Related Solutions

#4
February 17, 2013 at 04:36:54
Managed to confirm my thoughts in #3:

Files in "C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans" are for Updates. I did a manual update today and their dates and times then changed to match that in the GUI under Updates "Definition last updated".

Contents of "C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Quarantine" match with the dates and times for quarantined objects in the GUI under History.

Always pop back and let us know the outcome - thanks


Report •

#5
February 18, 2013 at 16:48:35
Ok, thanks for giving me your advice on what that is

Report •

#6
February 18, 2013 at 17:02:29
If you happen to pop back, select a Best Answer then this thread will get marked as Solved.

Always pop back and let us know the outcome - thanks


Report •


Ask Question