MSE worries

I had thought about splitting my ramblings off to a new thread...
...for fear of hijacking this one.


Nothing much new to report today. Nothing has changed on the status page for the file that I submitted several days ago.

I created a script a few days ago that downloads this infected file every few minutes. It has been running for 7 hours today and there have been 7 versions of the infected file. Sometimes 3 or 4 versions within one hour. I happened to be the first person to upload 3 of the files to virustotal.

I've stopped checking how MSE handles each version because it is always the same error shown in the video above or it is not detected at all.

I have Malwarebytes (free - not real time trial) installed in the virtual machine. Malwarebytes did not pickup 3 of the 7 files right away... but as of this post and the latest set of definitions, all 7 are detected.

andrew129260 said:

I appreciated the information. Thank you very much usernameissues. I would rep you if I was able to.

I just did it for you.

Don't worry about taking over this thread: my initial question has been long-since dealt-with. This is fascinating stuff, even though, as I said earlier, I only understand the essence of the procedures and not the mechanics.

Sunday's playing yielded more disappointments with MSE. For Sunday's experiments, the Virtual Machine had access to the host's 4 cores, was assigned 2GB of RAM and is working from an SSD. It was quite responsive.


The infected file that I'm playing with only copies itself to one location, but other infections that I've seen make lots of copies. I changed the script that downloads the infected file so that it downloaded the file as fast as it could. Then I halted the downloading, installed/updated MSE, right clicked on the folder that contained the infected files and selected a scan by MSE.

It took MSE a while to chew thru the 3000+ files and MSE declared them all clean. I let one of the files infect the Virtual Machine and MSE declared the file as bad (but could not find/stop it). I manually cleaned up the infection.

I then told MSE to check for updates again. Since there was an update, I scanned that folder again. This time, each file was being flagged as bad. I let MSE quarantine each file, but the cleaning progress bar was moving painfully slow and resource monitor showed very little IO activity for MSE. Eventually, MSE hung up about 70% thru the process.

[Sidebar: To make sure that this hang was not a one time thing, I attempted to repeat the process today - but alas, today's version of the infected file is not detected as bad. During the infection process with today's file, MSE flags it (but cannot find or stop it).]

After MSE hung up yesterday, I restarted the Virtual Machine. MSE made a green popup stating that the computer was being cleaned. These popups continued every minute or two. Again, resource monitor showed very little IO activity for MSE scanning engine. I gave up and dumped the VM... which I regret doing; because I then wondered if the files were slowly being removed from the folder. There is always one more thing to check :-(

I though that MS monitored the posts and threads on this forum.

urbanspaceman1 said:

I though that MS monitored the posts and threads on this forum.

They would learn a lot if they did.

derekimo said:

urbanspaceman1 said:

I though that MS monitored the posts and threads on this forum.

They would learn a lot if they did.

I doubt it.

urbanspaceman1 said:

I though that MS monitored the posts and threads on this forum.

That would be nice, but I'm not sure one way or the other.
Maybe someone that has been here longer than I can speak to that.

This is from the main page:

Windows 7 Forums is an independent web site and has not been authorized,
sponsored, or otherwise approved by Microsoft Corporation.
"Windows 7" and related materials are trademarks of Microsoft Corp.