Virus

[dik]

I have a virus. The OS is Win 10 pro. I have the full Bit Defender and it missed it. Running MS Msert virus detector indicates I have 27 infections. The second and subsequent time(s) I run Msert it says I have no infections. I cannot determine the name(s) of the infection or quarantine the infected files. Is there a manner that I can do this? In addition, what is the best anti-virus program or virus removal program. Bit defender is great and I've used it for a year or two. I got it shortly after I had a ransomware infection.

Thanks, Dik

 

[Rick998]

Any clues in %SYSTEMROOT%\debug\msert.log?

 

[dik]

Thanks I didn't know about that file... No infections found... but, in scanning, it lists encountering several infections. What is the heartbeat report, and where is it located?
Wha

 

[Rick998]

A heartbeat report is a periodic report from a device. As MSERT is a standalone scanner it's obviously not reporting its own 'heartbeat'. It's most likely reporting whether the OS is regularly receiving AV signature updates. However, I guess this would only be looking for Defender signature updates, not Bitdefender or any other 3rd-party AV.

What MSERT is showing is "I found malware but the device now scans clean'. Unfortunately - as many others have moaned - there's no logging of what was actually found and removed, only the end result.

What confuses me is that there's no sign that a MAPS report has been sent. Read the whole of this thread - What is wrong with the Microsoft Safety Scanner status information and logging? - to learn more about MAPS.

At first I assumed that no MAPS report was sent because your device didn't have an internet connection at the time you ran MSERT... but then the Heartbeat Report should not have been reported as 'successfully submitted'. Hmm... I would run MSERT again whilst connected to the internet.

 

[dik]

What MSERT is showing is "I found malware but the device now scans clean'. Unfortunately - as many others have moaned - there's no logging of what was actually found and removed, only the end result.

Ir wasn't removed. The first reply noted that it couldn't be removed. After the first reply all replies stated that there were no viruses.

 

[dik]

What confuses me is that there's no sign that a MAPS report has been sent. Read the whole of this thread - What is wrong with the Microsoft Safety Scanner status information and logging? - to learn more about MAPS.

There was no MAPS file created that I'm aware of.

 

[technome]

To clear your machine, aside from wiping it, it is best to scan with multiple root kit revealers, AV scaners and multiple malware scanners. Download Malwarebytes, SuperAntiSpyware ,CCleaner, multiple AV scanners, multiple root kit revealers on another machine, transfer all to a empty memory stick. Run everything not connected to the Internet.

 

[dik]

Thanks...

 

[Rick998]

Ir wasn't removed. The first reply noted that it couldn't be removed. After the first reply all replies stated that there were no viruses.

The MSERT wording can be confusing and its log is of little use... as you have already discovered. That's because it's not designed as an analytical tool, just as a cleaner.

It sounds like your device is clean but if you still think you may have a virus then why not run a full scan with MSERT again but in detect-only mode, i.e. msert.exe /F /N? Note: Make sure the device is connected to the internet for the scan so a MAPS server can be accessed. (The link I provided explains why this is necessary.)

The /F switch means Full Scan. (Your screenshot shows MSERT completed its scan in ~30 mins. Was this a Quick scan or a Full scan on a very small drive?)
The /N switch means Notify-only.

Just be aware that the results may show malware that is actually inactive and harmless and/or false positives. (The link I provided explains why this can happen.) However, it may be useful to show what Bitdefender isn't picking up or dealing with. (I have no experience of Bitdefender so can't advise further.)

Hope this helps...

 

[dik]

Thanks... and thanks for the switches for Msert...
Do you know how to run a program in Windows using switches... I'm thinking msert /F:Y. It shows the switches when I try to run it in DOS.

 

[dik]

I'm running it again with the switch /F:Y, It doesn't seem to use multiple switches. Again thanks.

 

[dik]

Is it possible that Msert is infected?

 

[Rick998]

I just used Winkey+R together to pop up the Run dialog then entered the following:



This worked fine for me... and is still running MSERT 5 hours later on a 512GB M.2 SSD (and only 80% complete).

That's why I found your screenshot in post #3 - showing a scan completion time of ~30 mins - difficult to believe. It can't have been a Full scan; only a Quick scan... hence why I suggested the /F /N switches to carry out a Full; Detect-only scan.

The problem with running MSERT with the /F:Y switch is that you won't have any results to analyse on completion of the 'Full scan with automatic delete'.

 

[dik]

showing a scan completion time of ~30 mins

It may have been a partial or scan of a directory... full system is about 3 hours or more. My desktop has two M.2 drives and a 5TB HDD. When scanning directories, Msert does a quick scan of the OS and possibly the files needed for the programs.

I didn't know about the /F switch. The /F:Y doesn't remove the infected files.

 

[Rick998]

I didn't know about the /F switch. The /F:Y doesn't remove the infected files.

If you look back at your screenshot in post #10 it shows that the /F:Y switch is to force a full scan and 'automatically clean infected files and remove potentially unwanted software'.

So, if you're saying that the switch doesn't remove infected files then it sounds like you need an alternative tool to MSERT.

Also, you may wish to post in a dedicated anti-malware forum for better support. For example, BleepingComputer's Virus, Trojan, Spyware, and Malware Removal Help or Malwarebytes' Windows Malware Removal Help & Support.

Hope this helps...

 

[dik]

Thanks...

I'm going to try a couple of malware programs to see if they work. Also check for a root kit... If this fails, I'll take my computer into a shop and have it looked at professionally. I have a lot of files I want to retain, if I can. I have a recent backup (2 drives) of just before Christmas that I know are uninfected.

again, thanks.