Results 1 to 13 of 13
  1. #1
    3 Star Lounger
    Join Date
    Nov 2001
    Location
    Morganville, New Jersey, USA
    Posts
    240
    Thanks
    17
    Thanked 2 Times in 2 Posts

    Windows Defender Offline

    The latest Windows Secrets newsletter discusses Windows Defender Offline. Last night I downloaded the utility and ran it overnight on my main pc.

    The results were eight instances of a virus W97M/Story.AE and one Trojan JS/Kak.gen. All were in an archived Outlook file. However Defender was not able to remove them.

    Is there a real danger in this instance?

    Is there a way to remove them?

    If I just delete this file, will I now be safe?

    Many thanks.

  2. Subscribe to our Windows Secrets Newsletter - It's Free!

    Get our unique weekly Newsletter with tips and techniques, how to's and critical updates on Windows 7, Windows 8, Windows XP, Firefox, Internet Explorer, Google, etc. Join our 480,000 subscribers!

    Excel 2013: The Missing Manual

    + Get this BONUS — free!

    Get the most of Excel! Learn about new features, basics of creating a new spreadsheet and using the infamous Ribbon in the first chapter of Excel 2013: The Missing Manual - Subscribe and download Chapter 1 for free!

  3. #2
    Super Moderator RetiredGeek's Avatar
    Join Date
    Mar 2004
    Location
    Manning, South Carolina
    Posts
    6,058
    Thanks
    196
    Thanked 766 Times in 700 Posts
    Globalist,

    Deleting the files should be sufficient.
    As to being safe... In today's fast changing environment that's a relative concept.
    You're only as safe as the software you use, how often you keep it updated, how often you take images of your HD, and most of all your surfing and clicking habits. You'll at least be safe from installing the identified viruses/trojans from those files.
    May the Forces of good computing be with you!

    RG

    VBA Rules!

    My Systems: Desktop Specs
    Laptop Specs


  4. #3
    Administrator
    Join Date
    Mar 2001
    Location
    St Louis, Missouri, USA
    Posts
    20,423
    Thanks
    1
    Thanked 599 Times in 536 Posts
    I moved this thread to the BETA forum as WDO is beta software. As such, it is subject to change before official release and we do not want to muddy the waters once released with information only pertinent to the beta.

    Joe

  5. #4
    3 Star Lounger
    Join Date
    Nov 2001
    Location
    Morganville, New Jersey, USA
    Posts
    240
    Thanks
    17
    Thanked 2 Times in 2 Posts

    detail

    Thanks for your response.

    BTW: This infection seems to be associated with a message I received from a friend (a pc expert professionally) which I immediately recognized as fake (his e-mail was hijacked). I immediately deleted it and wrote him a separate message suggesting that this had happened. While I was the first to alert him, others did latter. He dropped that e-mail account totally a couple of days later.

    About the same time, I received similar phony message from other "geek" friends whose accounts had also been hijacked.

    And my virus protection, firewalls, e-mail suspicious mail detectors, etc. are always kept up to date.

    C'est la guerre. I now lose an entire section of e-mail history.

    BTW: While Windows Defender Offline is beta software, according to the recent Windows Secrets newsletter it has been around but unpublicized for a long time, and may never be released in 1.0 form. It is a shame that it cannot delete (or effectively quarantine) files that it detects. I just hope that in finding and trying to delete these instances, it hasn't re-activated them.

  6. #5
    Administrator
    Join Date
    Mar 2001
    Location
    St Louis, Missouri, USA
    Posts
    20,423
    Thanks
    1
    Thanked 599 Times in 536 Posts
    The length of time a piece of software is in BETA is not necessarily an indication of its soundness and utility.

    Because there may be issues in operation is why it is called BETA. Have you checked the Microsoft Connect site forums?

    Joe

  7. #6
    3 Star Lounger
    Join Date
    Nov 2001
    Location
    Morganville, New Jersey, USA
    Posts
    240
    Thanks
    17
    Thanked 2 Times in 2 Posts
    Updated history and questions:

    I removed the offending files from my main pc and reran Defender Offline -- it found nothing. I then ran it on the second of three Win 7 Home Premium pcs I bought in 2011; this pc did not have the offending archive file on it, and Defender gave it a clean bill of help.

    I then ran it on my Lenova laptop, stupidly without first checking for and removing the archive file. WDO found the same issues as it found with my first pc. However, this time there was more havoc when I tried to remove with WDO: the pc hung except for switching between the detailed and short version of its findings. The only way I could restart (the usual technique of forcing a restart is to hold down the power button, but that didn't work) was to remove the battery and replace. The pc refused to restart until I tried multiple times, opening the start-up screen, etc. It eventually restarted but did not work until I reset the system clock. When I removed the offending archive file, it goes to the recycle bin. When I empty the bin, it keeps refilling with a portion of the files, each with a long header as if they were in a back-up folder. Even after multiple removals, some (differing numbers) of files reappear. I finally just shut off the laptop.

    I then returned to the first pc to see if any files had reappeared in the recycle bin. They had. However, after removal again, they appeared to stay away through a couple of reboots and leaving the pc on overnight.

    I then wondered about my back-up drive. I have Win 7 on the main (original problem) pc set to do a weekly backup with an attached WD Mybook Essential (2 TB), so the offending file is somewhere on there. The instructions for the drive give a means of finding and transferring files to another memory location; I am not sure if that also allows the file to be deleted, and I am not sure if if deletion would totally remove it anyway.

    Any suggestions re:
    - preventing reappearance of files deleted from the recycle bin, and
    - the backup drive challenge?

    Thanks again.
    Last edited by globalist; 2012-01-07 at 07:12.

  8. #7
    3 Star Lounger
    Join Date
    Nov 2001
    Location
    Morganville, New Jersey, USA
    Posts
    240
    Thanks
    17
    Thanked 2 Times in 2 Posts
    The plot thickens, as they sometimes say in a mystery novel.

    Scans of my three pcs with the virus checkers (Windows Security Essentials on two deaktops; Symantec on the laptop) and with Windows Defender Offline find nothing at this time. Yet one file [LREPJRPBMJV5PEKL33ABPH4Q3E-Case 11-001 - Interview 1 - 09 27 11.docx keeps being removed and filling the recycle bin (in spurts, until there are thousands of copies). When I dosconnect the pc from the network, this does not happen. Therefore, I suspect that Windows Mesh may be involved.

    [As an aside: I started using Windows Mesh on my three Win 7 pcs in mid-2011, and it has performed beautifully -- at least, up to now.]

    Do I need to remove and reinstall Windows Mesh? Something else?

    Thanks.

  9. #8
    3 Star Lounger
    Join Date
    Nov 2001
    Location
    Morganville, New Jersey, USA
    Posts
    240
    Thanks
    17
    Thanked 2 Times in 2 Posts

    Is there a way out?

    Since I am always suspicious that something may be lurking deep in my pcs, I tried the Windows Defender Offline tool on my main desktop. It found threats embedded in an Outlook archive file, but would not remove them. I deleted the file (hopefully never needing something a few years old) and WDO found nothing. It also gave a clean bill of health to another of my pcs (all of the ones I am discussing were purchased new in 2011 with Windows 7 Home Premium), but found the same threats in the same archive file on my third new pc. This time just removing the file left me with a mess.

    Basically, whenever I turn on any two of these pcs, Windows Mesh (installed and enjoyed since an earlier Windows Secrets article) reinstalls some recent files with a header probably put there by Mesh. [The indictment of Windows Mesh is an assumption on my part.] It will install and remove the file thousands of time, filling my recycle bin. Emptying the bin lasts for about 10 second before the process starts over again. Using any of the pcs with the other two turned off works fine.

    Any advice?
    Last edited by Deadeye81; 2012-01-23 at 11:40. Reason: Post moved from 'Windows Defender Offline — old name, new use" because of cross posting

  10. #9
    3 Star Lounger
    Join Date
    Nov 2001
    Location
    Morganville, New Jersey, USA
    Posts
    240
    Thanks
    17
    Thanked 2 Times in 2 Posts
    I guess I broke some code. Since I have not received responses to this thread, I posted a query directly to the Windows Secrets Newsletter author of the original article, and I see that it has been moved to this thread, left to die.

    C'est la guerre.

  11. #10
    Administrator
    Join Date
    Mar 2001
    Location
    St Louis, Missouri, USA
    Posts
    20,423
    Thanks
    1
    Thanked 599 Times in 536 Posts
    Can you turn off Mesh synchronization, delete the file from all the PCs, and re-enable synchronization?

    Joe

  12. #11
    3 Star Lounger
    Join Date
    Nov 2001
    Location
    Morganville, New Jersey, USA
    Posts
    240
    Thanks
    17
    Thanked 2 Times in 2 Posts
    By the time I tried this, the recurrant regeneration spread to many of the files IN THE SAME FOLDER. However, when I removed the folder from one pc, MESH went to work and removed it from the other two pcs as soon as they were booted up. [I had been keeping just one on at a time to prevent the filling of the recycle bin.]

    Before I removed the folder and its files from the first pc, I copied the folder to a USB memory stick. Unlike the earlier archive file that I will probably not need again, this folder was an active one whose contents I refer to frequently. [The reduplication had spread to most of the Word and Excel files in this folder, but not the pdf files.]

    So my next challenge is cleaning and restoring this folder. I suppose I can check it while connected to a pc, remove any obvious files (such as any that may have a long prefix), and subject it to various virus etc checkers. Do you believe that this would be safe? ...and perhaps even effective?

    MANY THANKS for your suggestion above.
    Last edited by globalist; 2012-01-31 at 21:04. Reason: misspellings

  13. #12
    3 Star Lounger
    Join Date
    Nov 2001
    Location
    Morganville, New Jersey, USA
    Posts
    240
    Thanks
    17
    Thanked 2 Times in 2 Posts

    Success!

    First, I seem to be missing the section that allows me to thank you -- but THANKS anyway!

    I examined the folder with the oft-replicated files on an older Win XP laptop and ran a virus-checker and Malwarebytes; they found nothng. I then cautiously reloaded all of the files into a folder where the former folder had been, but with a different name (in case there were some hidden undesirable files in the folder, or something tied to the folder rather than the files). I moved the Word files in, with no problem. I then turned on a second pc to see if Mesh introduced a problem -- it did NOT. The Excel files were transferred next -- no problem. And finally the pdf files, also with no problem. Mesh transferred the reinstalled files almost instantly. And when I turned on the third pc, the new folder and its files transferred almost instantly.

    The process seems to have worked; thanks for giving me the courage to try these steps.

  14. #13
    Administrator
    Join Date
    Mar 2001
    Location
    St Louis, Missouri, USA
    Posts
    20,423
    Thanks
    1
    Thanked 599 Times in 536 Posts
    You're welcome. You did all the hard stuff. Glad you got it resolved. Thanks for posting back.

    Joe

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •