Suspected viruses in quarantine folder

[Guest]

[Chriscs]

Hi,

CIS has reported finding some viruses on my machine and has put them into quarantine. I wanted to access the folder to see what was in it but got an "Access Denied" message. Is this normal to be unable to access the quarantine folder?

I ask this because my computer has been behaving very strangely of late in that when I try a Windows Update I get a message to say that I can't use the Windows Update web site unless I am logged on as an Administrator. As it happened, I was logged on as an administrator when I got this message. I also get that message when I try to restore the system to an earlier point

[fazio93]

CIS has reported finding some viruses on my machine and has put them into quarantine. I wanted to access the folder to see what was in it but got an "Access Denied" message. Is this normal to be unable to access the quarantine folder?

Yes, CIS is designed to deny all access to the quarantine folder due to inexperienced/unsuspecting users that may explore it and accidentally execute/release malware stored in it that was detected by CIS.

Anyway, there is no need to access that folder. In CIS, click on Antivirus > Quarantined Items. There you can view all the potentially malicious files that were detected by CIS as well as delete, restore, or submit them to COMODO for analysis.

[Chriscs]

Many thanks for your reply.

I have submitted all the suspicious files for Comodo to have a look at but how will I know whether they are malware or not? All the files were originally in a folder called "C:\System Volume Information\_restore....." and had names that began with "A00*.* and were either .exe, .dll or.pif files. The only one that wasn't in that folder was "Application.win32.Nircmd.~[at]16774100" which was in C:\Windows

[fazio93]

Many thanks for your reply.

I have submitted all the suspicious files for Comodo to have a look at but how will I know whether they are malware or not? All the files were originally in a folder called "C:\System Volume Information\_restore....." and had names that began with "A00*.* and were either .exe, .dll or.pif files. The only one that wasn't in that folder was "Application.win32.Nircmd.~[at]16774100" which was in C:\Windows

"System Volume Information" refers to the area where Windows keeps its System Restore points. The best way to rid your restore points of malware is to simply delete them and have Windows make new ones.

Turning off System Restore in Windows deletes all restore points (which will delete any malware in it as well). Then you can turn system restore back on after.

How to Turn off or turn on System Restore in XP

Start > right-click My Computer > Properties > in the System Properties dialog box, click the 'System Restore' tab > click to select the 'Turn off System Restore' check box > Click 'OK'. > You should get this message:

      "You have chosen to turn off System Restore. If you continue, all existing restore points will be deleted, and you will not be able to track or undo changes to your computer." Click 'Yes' to confirm.

To turn it back on just clear the 'Turn off System Restore' check box.


To turn off SR in Vista, see here: http://www.howtogeek.com/howto/windows-vista/disable-system-restore-in-windows-vista/
 

[EricJH]

You can open the System Restore folders so the user and (anti malware) programs can access it. Read this Microsoft Knowledge Base article: http://support.microsoft.com/kb/309531/en-us .

[Chriscs]

Many thanks to both of you for your help and suggestions. I used  the method suggested by .FaZio93 in the end.

[Tags:]