Hi, After quarantining the MFC7OU.DLL file after running a scan, I now get an error message when my computer starts up: SPMgr.exe - Unable to locate components. This application has failed to star because MFC7OU.DLL was not found. Re-installing this application may fix the problem.
I didn't delete any files, just put them in quarantine, but now when I try to restore them nothing happens, it just keeps returning to 'do nothing', I'm at a loss, can anyone help please?
Full Version: I cannot restore files that are in quarantine
Lavasoft Support Forums > Archived Topics > Archives: Resolved/Inactive Topics > Resolved/Inactive False Postive Issues
Refer to this thread:
QUOTE(LS CalamityJane @ Jul 18 2009, 10:09 AM) 
Hi and thanks for posting.
This is a false detection that came out in the last update. it was reported here:
http://www.lavasoftsupport.com/index.php?showtopic=26375
This will likely be fixed in our next update, but in the meantime, if you could post the ad-aware scan log as per the instructions here:
http://www.lavasoftsupport.com/index.php?showtopic=18033
Then I'll be glad to review and advise but I do think that is the one being falsely detected.
This is a false detection that came out in the last update. it was reported here:
http://www.lavasoftsupport.com/index.php?showtopic=26375
This will likely be fixed in our next update, but in the meantime, if you could post the ad-aware scan log as per the instructions here:
http://www.lavasoftsupport.com/index.php?showtopic=18033
Then I'll be glad to review and advise but I do think that is the one being falsely detected.
Hi rjwm,
Give me just a few minutes here and I'm going to put up some step by step instructions with screenshots on how to restore from quarantine and I'll ask you to try that first.
I just tested it on this file and it should work! It did here.
I'll be right back
Give me just a few minutes here and I'm going to put up some step by step instructions with screenshots on how to restore from quarantine and I'll ask you to try that first.
I just tested it on this file and it should work! It did here.
I'll be right back
Ok, have put up step by step instructions here:
How to Restore an Item from Quarantine
In case you deleted a file that was a false detection
http://www.lavasoftsupport.com/index.php?showtopic=26395
And don't forget the last step which is to press the *Perform action now* after choosing to restore the item.
It should just disappear from the list which means it has been put back in place.
How to Restore an Item from Quarantine
In case you deleted a file that was a false detection
http://www.lavasoftsupport.com/index.php?showtopic=26395
And don't forget the last step which is to press the *Perform action now* after choosing to restore the item.
It should just disappear from the list which means it has been put back in place.
Hi,
thank you for your reply and instructions, but I have tried to do this repeatedly and they do not disappear from the list. The files in question have 'process' written by them and are:
c:\program files\sony\.\ management\mfc70udll
c:\windows\system32\mfc70udll
I'm guessing the 'process' bit is the problem?
thank you for your reply and instructions, but I have tried to do this repeatedly and they do not disappear from the list. The files in question have 'process' written by them and are:
c:\program files\sony\.\ management\mfc70udll
c:\windows\system32\mfc70udll
I'm guessing the 'process' bit is the problem?
QUOTE(LS CalamityJane @ Jul 18 2009, 07:58 PM)
Follow these steps to restore the file from Quarantine:
1. Open Ad-Aware and choose *Scan System* (Big green button in the middle)
2. Select the *Quarantine* tab at the top
Click to view attachment
3. In the list of quarantined items, find the family name of the false detection (in this case it was W32Tr\.\perDelf you see in the list)
4. On that item, click on the black down arrow next to the words "do nothing"
Click to view attachment
5. From that drop down select *Restore* (#1 in the screenshot below)
6. Then press the *Perform Action Now* (big green button at the bottom) (#2 in the screenshot below)
Click to view attachment
At that point you should the item disappear from the list and it should be now restored to it's original location.
1. Open Ad-Aware and choose *Scan System* (Big green button in the middle)
2. Select the *Quarantine* tab at the top
Click to view attachment
3. In the list of quarantined items, find the family name of the false detection (in this case it was W32Tr\.\perDelf you see in the list)
4. On that item, click on the black down arrow next to the words "do nothing"
Click to view attachment
5. From that drop down select *Restore* (#1 in the screenshot below)
6. Then press the *Perform Action Now* (big green button at the bottom) (#2 in the screenshot below)
Click to view attachment
At that point you should the item disappear from the list and it should be now restored to it's original location.
Hmmm, ok. I'm not seeing that and don't know for sure. I think I may need to get our Support team in here to assist.
Also, I meant to lock this topic as a sticky "how to" so I'm going to move your last post and my reply here over to your existing thread so it is all together.
Did you happen to reboot the PC after you deleted the file during cleaning as the screen would have indicated? I'm talking about the first time you "cleaned" it (not restore from quarantine that you did later)
Also, I meant to lock this topic as a sticky "how to" so I'm going to move your last post and my reply here over to your existing thread so it is all together.
Did you happen to reboot the PC after you deleted the file during cleaning as the screen would have indicated? I'm talking about the first time you "cleaned" it (not restore from quarantine that you did later)
Ok, I split off your reply in the other thread back to this one, along with my most recent reply (posts 5 & 6 now in this original topic).
edit: Make that post #s 5 & 6
edit: Make that post #s 5 & 6
Hi, yes I did reboot my computer but I after I had moved the files to quarantine. I didn't delete any files.
QUOTE(LS CalamityJane @ Jul 18 2009, 08:48 PM)
Hmmm, ok. I'm not seeing that and don't know for sure. I think I may need to get our Support team in here to assist.
Also, I meant to lock this topic as a sticky "how to" so I'm going to move your last post and my reply here over to your existing thread so it is all together.
Did you happen to reboot the PC after you deleted the file during cleaning as the screen would have indicated? I'm talking about the first time you "cleaned" it (not restore from quarantine that you did later)
Also, I meant to lock this topic as a sticky "how to" so I'm going to move your last post and my reply here over to your existing thread so it is all together.
Did you happen to reboot the PC after you deleted the file during cleaning as the screen would have indicated? I'm talking about the first time you "cleaned" it (not restore from quarantine that you did later)
QUOTE(rjwm @ Jul 18 2009, 09:05 PM)
Hi, yes I did reboot my computer but I after I had moved the files to quarantine. I didn't delete any files.
Just to add to my previous answer, are you are saying that as I rebooted my computer the files would have been deleted anyway, but why are they showing up now as being in quarantine? It is a mystery!
Hi there,
The Win32.Trojandropper.Delf detection was a false positive and has been fixed in update 0149.0008 - please update Ad-Aware to get the latest definition file.
Regards,
Andy
Lavasoft Malware Labs
The Win32.Trojandropper.Delf detection was a false positive and has been fixed in update 0149.0008 - please update Ad-Aware to get the latest definition file.
Regards,
Andy
Lavasoft Malware Labs
QUOTE(rjwm @ Jul 18 2009, 04:41 PM)
Just to add to my previous answer, are you are saying that as I rebooted my computer the files would have been deleted anyway, but why are they showing up now as being in quarantine? It is a mystery!
No, I ran into a small problem when I was testing the restore feature on some test files just now. If folks didn't reboot their computer after cleaning and then try to restore from quarantine this particular detection (which is high rated), then it will restore the file but on the next reboot the call to delete the files at reboot will remove them again (and no quarantine). In your case, that is not what is going on here because you do have them in quarantine.
I'm going to have to call up the folks at the main office as to why these say "process" next to them and why they aren't restoring, but meanwhile I can provide the file you need and you can put back manually.
Is this an XP system? And could you also post the entire Ad-Aware scan log so I can see exactly what paths this file was located?
QUOTE(LS Calamity Jane @ Jul 18 2009, 10:10 PM)
No, I ran into a small problem when I was testing the restore feature on some test files just now. If folks didn't reboot their computer after cleaning and then try to restore from quarantine this particular detection (which is high rated), then it will restore the file but on the next reboot the call to delete the files at reboot will remove them again (and no quarantine). In your case, that is not what is going on here because you do have them in quarantine.
I'm going to have to call up the folks at the main office as to why these say "process" next to them and why they aren't restoring, but meanwhile I can provide the file you need and you can put back manually.
Is this an XP system? And could you also post the entire Ad-Aware scan log so I can see exactly what paths this file was located?
I'm going to have to call up the folks at the main office as to why these say "process" next to them and why they aren't restoring, but meanwhile I can provide the file you need and you can put back manually.
Is this an XP system? And could you also post the entire Ad-Aware scan log so I can see exactly what paths this file was located?
Hi, yes it is XP and I also did successfully restore files that didn't have process written by them. I shall try and upload the Ad-Aware scan log now. I have just updated it and ran another scan since. Still my problem remains! My apologies if I upload the wrong files and thank you for your help.
Excellent, and thanks for each of them - those were the correct logs 
The False Positive subforum here is restricted for downloading files by regular members, so I had to put the file into a thread outside this subforum (to General Support). Go here and follow my instructions:
http://www.lavasoftsupport.com/index.php?showtopic=26399
Don't forget to extract (unzip) the file first before copying it to the named folders. That's because I can't attach a file of that type in these posts and had to put it into a zip file so you can download it from there.
For anyone else looking on, this instruction is for THIS USER ONLY
If anyone else needs a replacement file post a new topic because each system and each user's situation may be different.
In fact, I'll be removing that attachment from the post once I know you have it and we get it resolved.
The False Positive subforum here is restricted for downloading files by regular members, so I had to put the file into a thread outside this subforum (to General Support). Go here and follow my instructions:
http://www.lavasoftsupport.com/index.php?showtopic=26399
Don't forget to extract (unzip) the file first before copying it to the named folders. That's because I can't attach a file of that type in these posts and had to put it into a zip file so you can download it from there.
For anyone else looking on, this instruction is for THIS USER ONLY
If anyone else needs a replacement file post a new topic because each system and each user's situation may be different.
In fact, I'll be removing that attachment from the post once I know you have it and we get it resolved.
QUOTE(LS CalamityJane @ Jul 18 2009, 11:34 PM)
Excellent, and thanks for each of them - those were the correct logs
The False Positive subforum here is restricted for downloading files by regular members, so I had to put the file into a thread outside this subforum (to General Support). Go here and follow my instructions:
http://www.lavasoftsupport.com/index.php?showtopic=26399
Don't forget to extract (unzip) the file first before copying it to the named folders. That's because I can't attach a file of that type in these posts and had to put it into a zip file so you can download it from there.
For anyone else looking on, this instruction is for THIS USER ONLY
If anyone else needs a replacement file post a new topic because each system and each user's situation may be different.
In fact, I'll be removing that attachment from the post once I know you have it and we get it resolved.
The False Positive subforum here is restricted for downloading files by regular members, so I had to put the file into a thread outside this subforum (to General Support). Go here and follow my instructions:
http://www.lavasoftsupport.com/index.php?showtopic=26399
Don't forget to extract (unzip) the file first before copying it to the named folders. That's because I can't attach a file of that type in these posts and had to put it into a zip file so you can download it from there.
For anyone else looking on, this instruction is for THIS USER ONLY
If anyone else needs a replacement file post a new topic because each system and each user's situation may be different.
In fact, I'll be removing that attachment from the post once I know you have it and we get it resolved.
Hi, Success!! The error message has gone on start up, the only place the file seemed to be missing was the vaio power management. Thank you for your very precise instructions, I wouldn't have been able to do it without them.
Hi rjwm,
Glad to hear it!
Ok, the fact that not all were missing may explain the "process" beside the items you could not restore from quarantine, so the files were actually still in place.
Could you please reboot your computer and check to see if the files are still in their proper places?
Also don't forget to update your Ad-Aware to get the latest update which fixes the false detection on those files.
Let me know if everything still looks ok after a reboot.
Glad to hear it!
Ok, the fact that not all were missing may explain the "process" beside the items you could not restore from quarantine, so the files were actually still in place.
Could you please reboot your computer and check to see if the files are still in their proper places?
Also don't forget to update your Ad-Aware to get the latest update which fixes the false detection on those files.
Let me know if everything still looks ok after a reboot.
QUOTE(LS CalamityJane @ Jul 19 2009, 12:18 PM)
Hi rjwm,
Glad to hear it!
Ok, the fact that not all were missing may explain the "process" beside the items you could not restore from quarantine, so the files were actually still in place.
Could you please reboot your computer and check to see if the files are still in their proper places?
Also don't forget to update your Ad-Aware to get the latest update which fixes the false detection on those files.
Let me know if everything still looks ok after a reboot.
Glad to hear it!
Ok, the fact that not all were missing may explain the "process" beside the items you could not restore from quarantine, so the files were actually still in place.
Could you please reboot your computer and check to see if the files are still in their proper places?
Also don't forget to update your Ad-Aware to get the latest update which fixes the false detection on those files.
Let me know if everything still looks ok after a reboot.
Hi again,
everything appears to be working fine, I rebooted the computer as soon as I had placed back all the files, and it started without a hitch and has carried on doing so all day. As I said before only the vaio power management had the file missing but I still replaced the other files with the new copy of it, just in case, and they are all still where they should be. I have already updated the Ad-Aware, and fingers crossed I will have no more problems!
Great! That's good news. 
I expected all would be fine but just wanted to make sure. Our apologies for the trouble it caused.
Please remember in the future if you have a sudden detection on a previously clean machine (especially right after an update) you can always ask here if you are in doubt. Unfortunately, in today's environment False positives are more frequent than in days past and that is not just our software either. I would recommend the same for any of your security software and each of them usually nowdays has a place to post suspect false detections.
Again, thank you for posting!
I expected all would be fine but just wanted to make sure. Our apologies for the trouble it caused.Please remember in the future if you have a sudden detection on a previously clean machine (especially right after an update) you can always ask here if you are in doubt. Unfortunately, in today's environment False positives are more frequent than in days past and that is not just our software either. I would recommend the same for any of your security software and each of them usually nowdays has a place to post suspect false detections.
Again, thank you for posting!
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.