Unquarantine Files And Restore Registry

Quarantined Jim

Win XP Pro SP3 - After reading some favorable reviews, I installed the free version of Bitdefender for evaluation purposes. MS [KB890830] Malicious Software Removal Tool was unable to completely eradicate a dose of SIREFEF, so I thought I would give Bitdefender a crack at it. After about a 24 hour soak BD came up with nothing, Sirefef is still there as some popup ads still appear in firefox browser. That is not the problem as I can take care of the malware-clap manually by myself.

The problem... - I inserted a flash drive containing an archived .exe file that I need to run. BD promptly quarantined the file so I am unable to access it. I understand that a free evaluation version of any package will be striped down, but I could not find anyway to revert the file to a non-quarantined status utilizing any functionality provided by the user interface. I promptly removed the flash drive hoping that BD would not maul the file like a starving wolf going after a sausage.

I uninstalled BD, rebooted and tried the .exe again. I am still unable to access it. Apparently upon suspect detection BD alters the computers registry rather than creating a list of pointers to suspect files or changing file attributes awaiting some kind of administrative direction on how to proceed other than whack it, or be orphaned and vanquished to an existence in Valhalla with its Old Norse 5 1/4" floppy brethren. (Very poor algorithm design) From DOS there are no hidden pointing files, attrib shows only an archive attribute, the file it's self is physically unmolested.

The solution I'm looking for... - How to restore/REMOVE the registry entries/alterations that BD made to my machine.

After reading few similar posts on this forum looking for a cheep fix I have noticed a lot of responses given are "send us the file you can't access". What is that??? Anyway as I stated BD does not alter the original file in anyway that I have detected so far, and because it was on a flash drive I can physically mount and run it on any of the other machines. The problem is that the .exe is a proprietary in-house written component that the effected machine has been running since 2009, and I really don't want to waste a day porting and setting up another machine environment. I have not tried renaming the file/recompiling, then identifying, editing, and recompiling all the other programs that would be effected just to try and work around a BD buggered registry. Also a system restore to a previous time is really not an option (my fault - should have known better and created one just prior installing BD).

If someone has any thoughts/suggestions it would be appreciated! Also has anyone tried a registry clean such as ccleaner to remove quarantined status entries to files that were not deleted before uninstalling BD? At least I did not go nuts and install BD on any of the uppity try-and-fix-this win 8 machines.

Quarantined Jim

Win XP Pro SP3 - After reading some favorable reviews, I installed the free version of Bitdefender for evaluation purposes. MS [KB890830] Malicious Software Removal Tool was unable to completely eradicate a dose of SIREFEF, so I thought I would give Bitdefender a crack at it. After about a 24 hour soak BD came up with nothing, Sirefef is still there as some popup ads still appear in firefox browser. That is not the problem as I can take care of the malware-clap manually by myself.

The problem... - I inserted a flash drive containing an archived .exe file that I need to run. BD promptly quarantined the file so I am unable to access it. I understand that a free evaluation version of any package will be striped down, but I could not find anyway to revert the file to a non-quarantined status utilizing any functionality provided by the user interface. I promptly removed the flash drive hoping that BD would not maul the file like a starving wolf going after a sausage.

I uninstalled BD, rebooted and tried the .exe again. I am still unable to access it. Apparently upon suspect detection BD alters the computers registry rather than creating a list of pointers to suspect files or changing file attributes awaiting some kind of administrative direction on how to proceed other than whack it, or be orphaned and vanquished to an existence in Valhalla with its Old Norse 5 1/4" floppy brethren. (Very poor algorithm design) From DOS there are no hidden pointing files, attrib shows only an archive attribute, the file it's self is physically unmolested.

The solution I'm looking for... - How to restore/REMOVE the registry entries/alterations that BD made to my machine.

After reading few similar posts on this forum looking for a cheep fix I have noticed a lot of responses given are "send us the file you can't access". What is that??? Anyway as I stated BD does not alter the original file in anyway that I have detected so far, and because it was on a flash drive I can physically mount and run it on any of the other machines. The problem is that the .exe is a proprietary in-house written component that the effected machine has been running since 2009, and I really don't want to waste a day porting and setting up another machine environment. I have not tried renaming the file/recompiling, then identifying, editing, and recompiling all the other programs that would be effected just to try and work around a BD buggered registry. Also a system restore to a previous time is really not an option (my fault - should have known better and created one just prior installing BD).

If someone has any thoughts/suggestions it would be appreciated! Also has anyone tried a registry clean such as ccleaner to remove quarantined status entries to files that were not deleted before uninstalling BD? At least I did not go nuts and install BD on any of the uppity try-and-fix-this win 8 machines.

RESOLVED:... I ran the Bitdefender Antivirus Free Edition uninstall tool which can be found on this forum at: http://www.bitdefender.com/files/Knowledge...installtool.exe

Even after uninstalling BD manually through control panel, their uninstall program picked up a few loose ends and cleared up the registry releasing the un-deleted quarantined file.

BD guys - you clearly have most of the logic already coded and tested... just add some functionally to the UI allowing the user to untag files from the to-be-deleted list and change their status from quarantined to already-checked, maybe even another button that releases already-checked back to fair-game status just by completely releasing them back into the wild.

Hope this messy little work-around is useful to someone else. Now back to that syphilis infested box of bones. I think I'll go back to the old tried and true ways .... VOODOO and monophonic Gregorian chants.

No_longer_quarantined_Jim.