Avatar of Tony Simmons
Tony SimmonsFlag for United Kingdom of Great Britain and Northern Ireland asked on

Could Mcafee Quick Clean or an infection be deleting my document files?

I have a DELL XPS M1530 with Vista Ultimate on which I'm having trouble with files being deleted overnight. It seems to be limited to the Documents folder although the first time it also affected the Videos and Pictures folders.

Some of the folders are renamed e.g. 'My Settings' becomes MYSETT~1.SH! and files within it are deleted. It happens between 0100 and about 0400 GMT, coincidentally when McAfee Quick Clean was scheduled to run. This has happened 3 times now, restoring the files using Vista's Previous Versions process.

I have carried out a full virus scan using McAfee SecurityCenter and spyware scan using SpySweeper - both report back clean and both are up-to-date.

I have created a HijackThis log that doesn't appear to have anything odd in it but I'm not an expert. I have run ComboFIx.exe a few times because the log didn't generate and there was an error message that it couldn't find the file whitedir01 on one occasion. The log fom the last run doesn't appear suspicious to my untrained eye.

The only potential adware file I've found is CSAUIE1.OCX which I believe is a coupon printer kindly provided to me by Nescafe but that was after the original problem first happened and I don't think is linked to this.

I've searched, scanned, recovered files, deliberately avoided posting any logs but can't find anything that relates to this issue (not helped by having trouble getting a search of ".SH!" as a file extension to work as I want it to).

I'm getting pretty stuck now and have no idea whether I've had an infection, cured it or whether it will happen again overnight tonight when I restore the files.

Any help will be greatly appreciated. Thanks in advance

Tony



Anti-Virus Apps

Avatar of undefined
Last Comment
Tony Simmons

8/22/2022 - Mon
ASKER CERTIFIED SOLUTION
wulf01

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
See how we're fighting big data
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
SOLUTION
Mohamed Osama

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
See how we're fighting big data
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
ASKER
Tony Simmons

Thanks to you both for your suggestions.

I've run a scan in safe mode and checked the settings in McAfee. The scan found nothing (except ComboFix as expected). The actions in McAfee are set such that I am prompted for the action to take upon finding a virus and there are no files in the quarantine.

In the 'Previous Versions' folder view availablewithin Vista I found one with a QooBox folder containing a video file in the quarantine text file list (this relates to ComboFix). The video file appears to be from my ip webcam which is wirelessly installed but not accessible externally. The file is an old one. I'm a bit confused by this as I'm not sure why that file would get infected.

It's possible that one of the first 2 ComboFix runs may have found an infection and cured it but as the log file didn't generate it's hard to tell.

Other than that, I disabled the scheduled McAfee Quick Clean scheduled task but I think it less likely that Quick Clean is the cause and I don't think now that this is McAfee related.

Thanks to you both for giving me your thoughts and possible ways forward. Having worked through both suggestions I think I've got as far as I'm likely to.

I will see if the problem recurs over the next couple of days but, in the meantime, will close htis question and divide the points equally.

Thanks again





Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!
James Murphy