Hello I was playing league of legends when I recently got a message from norton asking me to restart my computer to remove threats. I did as it said and was really worried. When I went back on and saw what it removed. It said

Infected file: c\program files (x86)\malwarebytes' anti-malware\00029872.tmp Removed.  It was quaratined and removed but now I am curious I uninstalled malwarebytes. It did it's job before and removed and quaratined malware, but am I still okay? Do I worry about those quaratined items from malwarebytes coming back just because I uninstalled it? Also I found out the thing that tried to attack me was a Backdoor.Trojan and it came from malwarebytes. So what happened, and does uninstalling malwarebytes do anything bad to the quaratined items?

No the Malwarebytes I had was the free version nothing more. I only used it to scan for malware. What about the files qauratined with malwarebytes though. If I uninstall malwarebytes which I did. Will those files come back or are they gone forever? Also i did do a full scan with norton everything seemed fined. Also mind explaining how the qauratined items with norton work?

Hello I was playing league of legends when I recently got a message from norton asking me to restart my computer to remove threats. I did as it said and was really worried. When I went back on and saw what it removed. It said

Infected file: c\program files (x86)\malwarebytes' anti-malware\00029872.tmp Removed.  It was quaratined and removed but now I am curious I uninstalled malwarebytes. It did it's job before and removed and quaratined malware, but am I still okay? Do I worry about those quaratined items from malwarebytes coming back just because I uninstalled it? Also I found out the thing that tried to attack me was a Backdoor.Trojan and it came from malwarebytes. So what happened, and does uninstalling malwarebytes do anything bad to the quaratined items?

Hi, Exaiongamma; welcome to our community!

Based on your description, I'm guessing that at some point in the past, you scanned your system using Malwarebytes and it found and quarrantined this trojan. Then Norton scans your system, and it sees the signature for that malware (in the Malwarebytes quarrantine) and pops the alert. You followed its instructions, and Norton removed the (quarrantined) virus. So there wasn't really a threat to begin with, as Malwarebytes had quarrantined it--but now it is well and truly gone! LOL

If you've subsequently uninstalled Malwarebytes FREE...well, there's no real reason to--and personally, I would suggest you put it back ( http://downloads.malwarebytes.org/mbam-download.php ), as it makes a good secondary scanner and you can use it to remove annoying adware and unwanted toolbars you might install by mistake, which aren't technically malware and so may get let through by Norton. But if you want to leave it off, there's no harm done. When an antivirus program (including Norton) puts some malware in quarrantine, it's stored in a way that neutralizes it--so removing the antivirus software that quarrantined it will not set it free.

Here's the closest thing I can think of off the top of my head to an explanation of how quarrantine works, in your Norton product:

https://support.norton.com/sp/en/us/home/current/solutions/v6200305_NIS_Retail_2012_en_us

Does this answer your questions?

V/R,

--DistEd2

Okay so uninstall Malwerebytes won't cause the files to return then? Also The only thing malwerebytes found were PuP's, but I assume maybe something like that could of been hidden withing one could it?

Hi,Exaiongamma. As DistEd2 says, once the item is quarantined and/or off your computer, you don't have to worry about it reinfecting you.

MalwareBytes is a good secondary scanner for things like pups and puas, that Norton regards as more of a nuisance than a threat.

Hmmm...this new information changes things a bit. If malwarebytes just found PUPs, then I have to assume what Norton found and removed was the trojan. So now we have a situation where you have had, in short order, both PUPs and genuine malware on your machine...and are concerned about reinfections....

As we've explained, malware (and PUPs), once quarantined, cannot be "sprung from prison," even by the uninstallation of the program that apprehended them. However...the most severe malware infections, like rootkits, are known for "inviting their friends to the party" once they've compromised a system. So what you've told us now leaves me with some concern that what you've got is this level of "über-nasty,” which has subverted your operating system enough to hide from any antivirus software, and the stuff that's been caught is just part of its symptoms.

This is not necessarily the case: at this point, it's equally plausible that Norton successfully blocked the trojan (as it appeared to), but not the PUPs (which, because they don't actually harm your system or steal your stuff, are outside its focus)...and then malwarebytes took out the PUPs, leaving you clean. But we now have to be vigilant a while longer, just in case.

So what I would suggest is that you redownload the free version only of malwarebytes (the paid version, including its free trial, contains real-time scanners that conflict dangerously with your Norton, but MBAM Free does not), from the link I provided above. Run a full scan, and see if it gives you a clean bill of health. If so, wait a few days (no more than a week), then run it again. Do not let it remove anything it might find; just copy-and-paste the log file it produces into a message here so we can see what we're dealing with. If your system is indeed clean, it won't find anything. If, on the other hand, there is a deeper infection, you will see PUPs and/or malware returning--not because anything "escaped" from quarantine, but rather because that's what that type of nasty does. If that happens, we will need to refer you to a "removalist" forum, where an expert with special training and tools can work with you one-on-one in a locked forum, to pull the thing out by its root(kit) LOL

Keep us posted, and we'll make sure you are, in fact, safe and secure!

V/R,

--DistEd2

If as DistEd2 says, you believe that malware may still reside on your computer even after running a Full Scan, you should try the malware removal sites listed below.

As DistEd2 has mentioned, they will assist you with the malware removal. I'm listing the sites, in case you need them.

If all your scans come up clean you may be ok, but if in doubt, see below.

http://www.bleepingcomputer.com/

http://www.geekstogo.com/forum/
http://www.cybertechhelp.com/forums/
http://forums.whatthetech.com/

Okay I will follow your advice and do the malwarebytes scans. I remeber when I used to use it after the first ones it found nothing else everytime I scaned it, and I always did full system scans. So I will see if it finds anything now, so when a scan is done I just post the log here and not delete anything it finds?

My worry though is if norton 360 finds the same thing again, but I am assuming I shouldn't worry about that,? but yes I will follow your directions following Malwarebytes.

Oh wait one more thing how many times should I do it?

One Full Scan with both Norton and MalwareBytes, should pick anything up.

Okay I did the scan with Malwarebytes and I scaned earlier today with notron and everything was fine here. I will wait one more day and scan again with Malwarebytes I assume that should be good.

---

Exaiongamma wrote:

Okay I will follow your advice and do the malwarebytes scans. I remeber when I used to use it after the first ones it found nothing else everytime I scaned it, and I always did full system scans. So I will see if it finds anything now, so when a scan is done I just post the log here and not delete anything it finds?

---

That is correct. Just post the log back here. 

And once again, you have provided some more useful detail: if Malwarebytes deleted the PUPs and you never saw them again...and then Norton detected the trojan trying to worm its way into Malwarebytes--and said it got rid of it--then I think the chances that your system is clean just went up.

But we'll see what Malwarebytes has to say.

Don't let Norton remove anything this time either, if it finds anything. Under those circumstances, just go directly one one of the removalist forums that F4E recommended.

V/R,

--DistEd2

DistEd2 I would like to let you know malwerebytes found nothing, and my full scan found nothing either.

Hi, Exaiongamma. It looks as if your system is clean, if no malware was found.

If it starts to run slowly, or your browser gets redirected or you begin to get popups, then something might be amiss.

Otherwise, it seems everything is fine.

Okay then I will go another day doing a scan for each and alert you two if anything extra pop's in a scan.

Sounds good. Looks like everything did its job well!

I'd keep that Malwarebytes FREE on your system for the long haul; it's nice to be able to get a "second opinion" after Norton cleans something up, or if you start worrying that something might have snuck through, or if you find yourself with an annoying toolbar you didn't think you ever asked for--a.k.a., PUP! It's good to havee a layered defense.

Safe surfing!

V/R,

--DistEd2

---

DistEd2 wrote:

Based on your description, I'm guessing that at some point in the past, you scanned your system using Malwarebytes and it found and quarrantined this trojan. Then Norton scans your system, and it sees the signature for that malware (in the Malwarebytes quarrantine) and pops the alert. You followed its instructions, and Norton removed the (quarrantined) virus. So there wasn't really a threat to begin with, as Malwarebytes had quarrantined it--but now it is well and truly gone! 

---

Hi DistEd2:

The Ask Leo article What Happens When My Anti-Malware Tool Quarantines Something?  notes that there are four common steps that anti-virus / anti-malware software use when quarantining malware, with each step adding an additional layer of protection to ensure the malware is rendered harmless.

1. Move the file to a folder that is not referenced by Windows or other software
2. Rename the file, changing the file extension (e.g., .exe) to one that cannot be executed by Windows
3. Mark the file as "hidden"
4. Encode / encrypt the file

One of the added benefits of encoding / encrypyting the file is that it alters the signature (SHA256 / MD5 hash) of the file.  If the inert file was somehow accessed and scanned by another anti-virus program, it would not be recognized as malware because of the altered signature.

I use MBAM PRO v. 1.75, and malware quarantined by MBAM on my 32-Vista system is renamed with a .quar extension and relocated to a hidden folder at C:\Users\username\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine.  I assume the associated .data file shown below would contain the meta-data needed to decode and return the file to its original location if I ever needed to restore this file to my hard drive.

Based on the above information, I don't see how the original file c\program files (x86)\malwarebytes' anti-malware\00029872.tmp on Exaiongamma's computer could possibly be a trojan quarantined by MBAM that was subsequently re-detected during a N360 scan.

-----------
MS Windows 32-bit Vista Home Premium SP2 * Firefox 28.0 * IE 9.0 * NIS 2013 v. 20.4.0.40 * MBAM PRO 1.75.0.1300
HP Pavilion dv6835ca, Intel Core2Duo CPU T5550 @ 1.83 GHz, 3.0 GB RAM, NVIDIA GeForce 8400M GS