Scan results that are confusing...

Discussion in 'Prevx Releases' started by Tarnak, Jan 30, 2014.

Thread Status:
Not open for further replies.
  1. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    3,893
    I have been having issues with my system after running firstly, an EAM custom scan - see here

    Secondly, HMP scans - see here and here

    Following, these scans, I started to notice that my system started having excessive CPU for SYSTEM 'interrupts'.

    I decided to restore to a date before I did the EAM scan, using ERUNT.

    That, fixed up the CPU% 'interrupt' problem.

    Tonight, a scheduled WSA scan has made 9 detections, but only 8 are quarantined.

    ScreenShot_WSA_scan results_misc_01.gif

    I somehow think that, those earlier EAM and HMP scans that I did has led to this current result, that is now found with WSA.

    Do I just delete those 8 detections in quarantine, or leave them there?

    Also, those new blocked files have appeared, too, which seem to be related to the quarantined items.

    ScreenShot_WSA_scan results_misc_02.gif

    I think it interesting. Perhaps, someone will say 'what do you expect', if using a combination of EAM, HMP and WSA.

    However, EAM and HMP are both on demand, and WSA is running live.
     
  2. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    That sounds like either one file no longer existed (another AV found it while WSA was scanning it) or files were duplicated. They were in your recycle bin to start and look like they're just leaktests so you can clear them out if wanted.
     
  3. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    3,893
    I knew they were leaktests, and I thought I had dispensed with them after testing.

    But, they keep turning up like a bad penny. :(

    So, I will delete, once again and hopefully that is it, finally.

    P.S. And, just to think, it all started because I ran this blasted 'SpyCar tests' after reading about it in December in the MBAM 2.00 Beta Released thread. See here

    P.P.S Motto is, I will not run this kind of test ever again. ;)
     
    Last edited: Jan 30, 2014
  4. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    3,893
    Just some screenshots...

    ScreenShot_WSA_scan results_misc_04.gif

    ScreenShot_WSA_scan results_misc_05.gif

    Scan starts automatically, after deleting the entries...

    ScreenShot_WSA_scan results_misc_06.gif
     
  5. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    3,893
    It then finds more threats...

    ScreenShot_WSA_scan results_misc_07.gif

    ScreenShot_WSA_scan results_misc_08.gif

    ScreenShot_WSA_scan results_misc_09.gif

    ScreenShot_WSA_scan results_misc_10.gif

    Scan starts automatically, again...

    ScreenShot_WSA_scan results_misc_11.gif
     
  6. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    3,893
    Finally, the all clear...:)

    ScreenShot_WSA_scan results_misc_12.gif
     
  7. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    3,893
    Lo and behold, I go and look in quarantine expecting to find nothing there, but...o_O

    I didn't expect to see these.... look at the date, 2011

    ScreenShot_WSA_scan results_misc_13.gif
     
  8. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,014
    Location:
    Ontario, Canada
    I guess you finely cleared your System Restore Points? I don't even use System Restore I find no need for it myself.

    TH ;)
     
  9. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    3,893
    Hi Dan,

    Thanks for chipping in. I still use them, because I have been saved on occasion, when needed.

    If that fails, I then fall back on ERUNT. :)
     
  10. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,014
    Location:
    Ontario, Canada
    But in this case they were in (ISR SnapShot) System Restore that's why you had difficulty getting rid of them next time just turn off System Restore to remove all Restore Points and turn it back on as they were kept in one of the System Restore points.

    HTH,

    Daniel ;)
     
Thread Status:
Not open for further replies.