Link to home
Start Free TrialLog in
Avatar of Tony Simmons
Tony SimmonsFlag for United Kingdom of Great Britain and Northern Ireland

asked on

Could Mcafee Quick Clean or an infection be deleting my document files?

I have a DELL XPS M1530 with Vista Ultimate on which I'm having trouble with files being deleted overnight. It seems to be limited to the Documents folder although the first time it also affected the Videos and Pictures folders.

Some of the folders are renamed e.g. 'My Settings' becomes MYSETT~1.SH! and files within it are deleted. It happens between 0100 and about 0400 GMT, coincidentally when McAfee Quick Clean was scheduled to run. This has happened 3 times now, restoring the files using Vista's Previous Versions process.

I have carried out a full virus scan using McAfee SecurityCenter and spyware scan using SpySweeper - both report back clean and both are up-to-date.

I have created a HijackThis log that doesn't appear to have anything odd in it but I'm not an expert. I have run ComboFIx.exe a few times because the log didn't generate and there was an error message that it couldn't find the file whitedir01 on one occasion. The log fom the last run doesn't appear suspicious to my untrained eye.

The only potential adware file I've found is CSAUIE1.OCX which I believe is a coupon printer kindly provided to me by Nescafe but that was after the original problem first happened and I don't think is linked to this.

I've searched, scanned, recovered files, deliberately avoided posting any logs but can't find anything that relates to this issue (not helped by having trouble getting a search of ".SH!" as a file extension to work as I want it to).

I'm getting pretty stuck now and have no idea whether I've had an infection, cured it or whether it will happen again overnight tonight when I restore the files.

Any help will be greatly appreciated. Thanks in advance

Tony



ASKER CERTIFIED SOLUTION
Avatar of wulf01
wulf01

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Avatar of Mohamed Osama
Mohamed Osama
Flag of Egypt image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Tony Simmons

ASKER

Thanks to you both for your suggestions.

I've run a scan in safe mode and checked the settings in McAfee. The scan found nothing (except ComboFix as expected). The actions in McAfee are set such that I am prompted for the action to take upon finding a virus and there are no files in the quarantine.

In the 'Previous Versions' folder view availablewithin Vista I found one with a QooBox folder containing a video file in the quarantine text file list (this relates to ComboFix). The video file appears to be from my ip webcam which is wirelessly installed but not accessible externally. The file is an old one. I'm a bit confused by this as I'm not sure why that file would get infected.

It's possible that one of the first 2 ComboFix runs may have found an infection and cured it but as the log file didn't generate it's hard to tell.

Other than that, I disabled the scheduled McAfee Quick Clean scheduled task but I think it less likely that Quick Clean is the cause and I don't think now that this is McAfee related.

Thanks to you both for giving me your thoughts and possible ways forward. Having worked through both suggestions I think I've got as far as I'm likely to.

I will see if the problem recurs over the next couple of days but, in the meantime, will close htis question and divide the points equally.

Thanks again