New
#1
After MSE removed virus have unusual log messages
A few days ago I had trouble with backup, and it was due to an infected file which quick scans and real time protection had not picked up. I ran a full scan with MSE and removed it (Exploit:Java/CVE-2012-1723.AQQ).
I've noticed some unusual entries in the log and wonder if the virus
has not been removed. More details:
I notice now each time I boot up, the following appears
Log Name: System
Source: Microsoft Antimalware
Date: 7/10/2012 8:55:11 a.m.
Event ID: 3007
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: Bill-PC
Description:
Microsoft Antimalware Real-time Protection has restarted a feature. It is recommended that you run a full system scan to detect any items that may have been missed while this agent was down.
Feature: Network Inspection System
Reason: Real-time protection has recovered from an unknown failure. It is recommended that you run a quick scan.
Quick scan finds nothing.
Also after the last MSE update, I found this in the same log
Log Name: System
Source: Microsoft Antimalware
Date: 6/10/2012 11:35:58 p.m.
Event ID: 5007
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: Bill-PC
Description:
Microsoft Antimalware Configuration has changed. If this is an unexpected event you should review the settings as this may be the result of malware.
Old value: HKLM\SOFTWARE\Microsoft\Microsoft Antimalware\Exclusions\TemporaryPaths\\\?\C:\Users\Bill\AppData\LocalLow\Sun\Java\Deployment\cache\6 .0\55\60e9d0b7-3a1207a1 = 0x5A
New value:
This is refering to where it found the virus. Had the virus set up that exclusion, and now MSE 'realized' this and removed it?
Also my machine has regularly displayed this error in the adminsitrative log source: Kernel-EventTracing event ID 3
Session "Microsoft Security Client OOBE" stopped due to the following error: 0xC000000D
Thanks.