MSS Hits

I ran a scan with the MS Safety Scanner, but made the mistake of setting it for a full scan. Nearly 10 hours later, after scanning ~ 8.6 Milllion files, it initially said that it had found 12 infected files. However, when I opened the window to view these files, only 3 were listed. I set the scanner to remove those, but then it displayed another window with the results of that, as shown in the screenshot, with a longer list of files, but only showed 1 as removed, while the others showed only partially removed. After the amount of time I invested in this scan, I rather expected a more complete fix than this.

Is there a good reason why it didn't totally remove these files? In any case, it still doesn't add up to 12 files.

Hi, seekermeister.

As I indicated in my tutorial, How to Use the New Microsoft Safety Scanner,

To provide "breathing space" on an infected computer, run a Quick Scan first and then follow with a Full scan. If you have a lot of files, the scan may take up to several hours to complete. Allow plenty of time for the scan to run to completion.

The additional findings were most likely variants of the actual findings. Did you click the name to view the additional steps for complete removal as instructed?

What other security software is installed on your computer?

Yes, I did click the names and read the webpages, but all that I found were basically descriptions of what they were, not how to manually remove them. I have Acronis OSS, MBAM, MS Malicious Software Removal Tool, Windows Defender and Spybot, but none of these raised any red flags about these files, except OSS did so some time back on WinCandy, but I'm not certain now what I chose to do about it. I may have just set it to block it.

Since I have already performed the full scan, is there any reason that I should now do the quick scan, or repeat the full scan?

No antivirus software?

I looked up a few of the items listed and each had been added to the definitions in 2009, although Trojan:Win32/Bumat!rts was just updated yesterday, Trojan:Win32/Bumat!rts: Encyclopedia entry: Trojan:Win32/Bumat!rts - Learn more about malware - Microsoft Malware Protection Center

Trojan:Win32/Bumat!rts is a name used for trojan detections that have been added to our signatures after advanced automated analysis.

The generic nature of this detection means that the malicious behaviors exhibited by files detected as Trojan:Win32/Bumat!rts are highly variable and may vary from once instance of this detection to the next.

From 2009: VirTool:WinNT/Rootkitdrv.LI = Generic PUP.z!e, Dr.Web Anti-virus - How To Remove Virus (Generic PUP.z!e) - [DRWEBHK.COM]

From 2009, updated n 2010: HackTool:WinNT/Tcpz.B detected by 26/43 at Virus Total: VirusTotal - Free Online Virus, Malware and URL Scanner

First suggestion, install an antivirus software and do a full system scan.
Second suggestion, run an updated scan with Malwarebytes Anti-Malware
Third suggestion, make sure the Windows 7 Firewall is on, even if you are behind a router.

The MS Malicious Software Removal Tool is only for targeted malicious software. (See Understanding Microsoft Anti-Malware Software)

For another opinion, try an online scan with F-Secure, here.

• Use IE (Internet Explorer), accept the license terms, and allow the Active-X controls to load.
• Click Full System Scan and allow the components to download and the scan to complete.
• If malware is found during the scan, check Submit samples to F-Secure and Automatic cleaning.
• When the scan has finished, click the Show Report button and copy and paste the entire report in your next reply.

Yes, Acronis OSS (OutPost Security Suite) includes AV. I appreciate the links, and will read them, but for the time being, I'm trying to figure out exactly what MSS has done? Do the results indicate that MSS functioned properly or not? I'm not particularly inclined to just try other scanners, because I haven't had all that much luck with them before. It would have been a lot easier to deal with if MSS had specified the exact path to each of these files, rather than just a simple list.

seekermeister said:

It would have been a lot easier to deal with if MSS had specified the exact path to each of these files, rather than just a simple list.

I agree, particularly since neither your onboard A/V nor Anti-malware software turned anything other than the mentioned WinCandy. No way to determine whether any of those findings are in Temp Files, System Restore or f/p's.

The main question, however, is whether you are having problems with your PC.

I had decided to run MSS again, but to speed it up, I selected the custom scan, so that I could eliminate other partitions besides C:, because the bulk of my files are archived elsewhere. For what ever reason, it did not abide by my setting, and continued to scan after completing C:, but fortunately it did not show any infected files at that point, so I cancelled the remainder of the scan...actually, I had to use the Task Manager for that, because it wouldn't respond to the UI buttons. Therefore, in the most important area it appears to now be uninfected.

Yes, this was one step that I thought might have related to some problems that I have been trying to solve (boot time and crashes), but there is no change after using this, so the hunt continues.

Definitely a program that I'll stay far, far away from.

To be fair, it did detect some problems that other programs of the same ilk did not. So despite it shortcomings, it is quite useful, but I shall not use it routinely.

seekermeister said:

the bulk of my files are archived elsewhere

Which likely explains where the original findings came from, particularly since the scan took so many hours.