8 Replies Latest reply on Nov 9, 2009 12:12 PM by Nadege

    I need help in understanding the function quarantine?

      Yesterday, I had a virus or Trojan (I don't really know the difference) and I did a scan with McAfee security center.  It yield 1 threat that it quarantine.  I still had the same problem I had prior to the scan and quarantine.  The problem was that I could not search or enter a requested browser because the browser was being redirected to unknown browsers.  Could someone explain to me what it means to quarantine a threat? Does the McAfee security center remove the threat or not?

       

      I did remove the treat using one of the removal link supplied by "Ex_Brit" when he was answering another member's question.   Ex_Brit thanks for the help.

       

      I used the www.superantispyware.com/superantispywarefreevspro.html  This yielded 246 threats (compare to the 1 threat yield by McAfee) which were quarantine and then removed by superantispyware.

       

      Also, it is better for me to purchase the superantispyware as a companion to McAfee security center, since McAfee does not remove the threat but just quarantine it.

       

      Thanks for the help

       

      Nadege

        • 1. Re: I need help in understanding the function quarantine?

          Hello,

           

          Items that are quarantined are backup copies of items detected by VirusScan. In the rare case an incorrect detection occurs, this allows the recovery of the file. The quarantine is also used as a vault to store viruses that may need to be cleaned from other files at a later date when a cleaner is available. Items that are quarantined are locked away and not able to affect your system.

           

          As for SuperAntiSpyware and similar products, they are a nice addition to your security. No single security product will detect all threats. Be sure not to compare "Apples with Oranges". AntiSpyware programs will often detect registry entries and cookies and report them each as an infected object while McAfee may only detect the bad file containing the virus code. The real security threat is the virus code (The single detection the antivirus gets) while AntiSpyware utilities are good at removing the left over settings and system modifications made by a malware infection.

          1 of 1 people found this helpful
          • 2. Re: I need help in understanding the function quarantine?

            Thanks for the reply.

             

            When the item are quarantine is the cleaner supplied by my McAfee updates or do I have to purchase or use a free viral removal?

             

            How do I recognized the virus code (the single detection the antivirus gets)? By antivirus do you mean McAfee?

             

            Also when McAfee scan quarantine the "trojan", I still had problem accessing the internet (searches were being redirected to unknown sites)? I don't at this moment because I used an antispyware to remove the "trojan".

             

            Are  "trojan" and virus similar?

             

            Sorry for all the questions.  I am not familiar with antivirus or antispyware and I am trying to understand all the terminologies involve.

             

            Thanks again for the help

             

            Also if possible can you direct me to places where I can learn more about the ins and outs of antivirus and antispyware?  Thanks

             

             

            Message was edited by: Nadege on 11/9/09 10:02 AM

             

             

            Message was edited by: Nadege on 11/9/09 10:03 AM
            • 3. Re: I need help in understanding the function quarantine?

              When an item is quarantined, most of the time it is safe to ignore it. It is there as a backup in case a misdetection happens or if the file needs to be sent to McAfee AVERT or if the file is a legitimate file that has been infected and modified by a virus. Updates to the cleaning abilities of McAfee come with the DAT updates daily.

               

              When I said, "Virus Code", I mean the virus program itself. Most people detect viruses by using an AntiVirus such as McAfee VirusScan.

               

              While McAfee quarantined a trojan, it seems there were other infections on your system that McAfee did not yet detect. It also could be that McAfee did not undo some system change that was blocking your internet while SuperAntiSpyware was able to undo these changes. It is also possible that SuperAntiSpyware detected something that McAfee is not yet aware of. McAfee will detect these threats when users capture samples of bad files and send them to McAfee. However, viruses have become much more advanced in hiding and protecting themselves that usually only advanced techs are able to find and capture viruses for submission manually.

               

              Below are some definitions that may help you clear up the difference between viruses and trojans.

               

              Virus

              A virus is a computer program file capable of attaching to disks or other files and replicating itself repeatedly, typically without user knowledge or permission. Some viruses attach to files so when the infected file executes, the virus also executes. Other viruses sit in a computer's memory and infect files as the computer opens, modifies, or creates the files. Some viruses display symptoms, and others damage files and computer systems, but neither is essential in the definition of a virus; a non-damaging virus is still a virus.

              Trojan horse

              A Trojan horse is a malicious program that pretends to be a benign application. It purposefully does something the user does not expect. Trojans are not viruses since they do not replicate, but they can be just as destructive.

               

               

              Message was edited by: secured2k (typos and clarifications) on 11/9/09 10:20 AM
              • 4. Re: I need help in understanding the function quarantine?

                If you want more information about Viruses and Spyware, check out McAfee's Virus Information site.

                 

                http://home.mcafee.com/VirusInfo/

                 

                The best place to start is the Advice Center and/or Glossary to understand the terms used.

                 

                I hope this helps.

                1 of 1 people found this helpful
                • 5. Re: I need help in understanding the function quarantine?

                  Is that mean I should have shut down my computer and waited to see if McAfee updates could have clear the matter?  I was using the computer for about 1 hours when the problem started "it would not allow me to go to sites--I would be direct to a site called th[xxxxxxx]ter.com which would direct to sites I have never heard of".

                   

                  are bad files manually captured by users or is it automatically captured and forwarded to McAfee?

                   

                  Thanks for the help.

                   

                   

                  Message was edited by: secured2k on 11/9/09 10:37 AM
                  • 6. Re: I need help in understanding the function quarantine?

                    Thank you for all the help.  I am one step closer to understanding this stuff!

                    • 7. Re: I need help in understanding the function quarantine?

                      I have removed this site listed in your previous as it will link to malicious virus code.

                       

                      While you could shut your computer down and wait for McAfee to have updates to detect and remove the threat (once you turn on the computer and download the updated DATs automatically) this usually is not an option as people want to continue using their computers now. Also the wait for updated DATs may takes a few days or even weeks! The time to get the updated DAT would be greatly reduced if users were able to capture these bad files and send them to McAfee but most of them are difficult and nearly impossible for normal computer users to capture.

                       

                      There in lies a problem with using MalwareBytes or SuperAntiSpyware programs... These programs may detect and delete the bad files without ever getting them to the AntiVirus researchers at McAfee (or even other security companies). The AntiVirus companies will eventually get a copy of the bad files to detect and remove but it does take a little more time.

                       

                      McAfee does have heuristics that can flag some suspicious files ("New"* and "Artemis" detections) which can be submittedto McAfee through the McAfee VirusScan program. These submissions would most likely be automatically quarantined as well as a precaution.

                       

                       

                       

                      Message was edited by: secured2k (typos, Added capture information) on 11/9/09 10:40 AM
                      • 8. Re: I need help in understanding the function quarantine?

                        Thank you.

                        Oops sorry about that website I added in my previous, I thought it would be helpful disclosing it.  I will prevent doing that in the future.

                         

                        I wish I knew how to capture the bad files but I will eventually figure it out (if you know some tutorials on that subject, please post).  I have reinstalled the McAfee antivirus and I have allowed it to alert McAfee of problems (I don't believe I did this in the past) it may encounter when scanning my computer.

                         

                        Thank you very much for all the help.  I am going to make this my new hobby!

                         

                        Merci!