MSE claims not enough disk space to remove exploits

[Gadgety]

Microsoft Security Essentials has identified two exploits, Win32/Pdfsjc and Win32/Winwebsec. It recommends removal, which I tried. However, instead of removal, MSE claims error 0x80070070, not enough disk space, and also claims quarantine was used instead. Running MSE again, shows that these exploits are still active, not in quarantine. Running Malwarebytes free software, no threat is identified.



I've seen someone who claims there is an error in the way MSE reports the issue, and that they uninstalled MSE, then reinstalled, and no more exploit reported. Is that a good idea?

 

[mrjimphelps]

Microsoft Security Essentials has identified two exploits, Win32/Pdfsjc and Win32/Winwebsec. It recommends removal, which I tried. However, instead of removal, MSE claims error 0x80070070, not enough disk space, and also claims quarantine was used instead. Running MSE again, shows that these exploits are still active, not in quarantine. Running Malwarebytes free software, no threat is identified.

I suggest that you run several different full scans, using different products for each of the several scans. Most a/v companies offer a free manual scanner, either downloadable or run online.

Another thing you should do - run one or more pre-Windows scanners. Microsoft offers a product called Windows Defender Offline (WDO):
Access Denied

(I don't know why it says "Access Denied.")

Using a known clean computer, go to that website, scroll to the bottom of the page, and click the link to download either the 32-bit or the 64-bit version of the program. This will allow you to create a CD. You will then boot the problematic computer to the CD you just created. Do a full scan -- be patient, it will take a while. Windows will never load, so WDO can scan every part of Windows. I have successfully cleaned computers with WDO when nothing else would work.

Trend Micro has a pre-Windows scanner. You need to be a registered user of Trend Micro in order to be able to download it. You can install the trial version of Trend Micro in order to become a registered user, and this will allow you to then download their pre-Windows scanner.

I've seen someone who claims there is an error in the way MSE reports the issue, and that they uninstalled MSE, then reinstalled, and no more exploit reported. Is that a good idea?

The only problem I have with this is that you will be reinstalling MSE on a potentially infected computer. In other words, MSE itself might get infected or corrupted. Your computer needs to be scanned from a source that cannot itself get infected, such as a Windows Defender Offline CD (the CD is read-only, so the computer won't be able to infect it).

Chances are this won't happen, but it is possible.

 

[mrjimphelps]

Also, you could free up some space on your hard drive.

Here are some tips for doing that from Microsoft:
Access Denied

(It seems like every Microsoft web site displays "Access Denied".)

 

[Gadgety]

Thank you mrjimphelps for the work around!



Impatiently, before you replied, I uinstalled and reinstalled MSE, and ran it again. It took 36 hours to run through my 20TB of data. It reported it had succeeded in removing the viruses, but still claimed lack of space. My C drive has 57GB free space, so it's odd.


I always thought Windows Defender was an inferior version of MSE, created before MSE was developed. Had no idea it could be used to create a boot disk from.

I do have another PC so I could use that to download the file and create the optical boot disk. Assuming that that PC is not infected, of course.



I think I made an optical system disk when installing Windows which is some 6 years ago. I guess an alternative would be to be use that disk to boot from as well? Only have to find it.



Whichever disk I use, I guess also have to enter bios and reset what the PC should boot from?


Thank you for your assistance!!

 

[mrjimphelps]

Whichever disk I use, I guess also have to enter bios and reset what the PC should boot from?

You can hit F12 (F10?) as the computer boots, and choose the CD at that point. Or you can go into the computer's BIOS and (1) tell it to treat the CD drive as a bootable drive and (2) put the CD drive ahead of the internal hard drive in the boot order. If you make the change in the BIOS, it will prompt you during boot up to hit any key to boot from the CD.

 

[Snick]

Free up disk space!
Disk Cleanup : Extended - Windows 7 Help Forums

One of the BEST malware scanners
Run Malwarebytes Free
If it won't run, run Malwarebytes Chameleon

Nic

 

[file3456]

MSE is just a baseline scanner. It's to be used along side a real anti-virus product. I've used Bitdefender Free in the past and it was pretty good, but definition-based anti-virus will take you so far.

Have a look at Herdprotect which uses 68 anti-virus engines. Run it twice and research what it finds.

Scan all downloads at Virus Total.

Check out Sandboxie to help combat polymorphic malware like ransomware.

Links:

https://www.howtogeek.com/173291/go...w-recommends-you-use-a-third-party-antivirus/

Download Portable herdProtect 1.0.3.9 Beta

Free Antivirus Software - Download Bitdefender Antivirus Free

Full disclosure: I just made a similar post about this very thing.

 

[Gadgety]

mrjimphelps, thank you for the suggestion on the boot sequence.



Snick, thank you, you too. I checked and the virus origin and location, the containerfile, according to MSE prior to reinstallation, is the back up file on the external disk, J:drive. This disk is packed. Since I have 57 GB free on the C: SSD Drive might MSE indicate the external drive? I always run Malwarebytes and it never indicated a problem. I also took a look on one of the offending files called owdsmss8, it's highlighted as a zip file related to my S8 phone and Firefox.


F22 Simpilot, thank you for the suggestions. I always got the impression that MSE is more than a baseline scanner, and it's worked really well together with Malwarebytes as a duo for almost 7 years now. This time it highlighted the viruses but can't seem to remove them. I'll take a look on Sandboxie if nothing else works.

 

[Snick]

By default, Malwarebytes scans C: drive, to scan additional drives you have to choose > scan > custom > check box on the drives you wish to scan. You also have a scan for rootkit options which I would also check.
Nic