2. Since you have run Combofix, please post the contents of the
C:\Combofix.txt log.
3. It's not going to be unusual for your AV to find infections in System Restore folders for the next few days now that the active infection has been removed.
And they pose no threat unless System Restore is invoked for the particular date they are associated with. And eventually Windows will delete the older Sytem restore folders for newer ones. You can speed up the detection process by Booting into Safe Mode and running a full system scan.
First, thanks for the reply, I appreciate your help.
My last scan (kaspersky) found the same worm.win32.generic but not in the restore files (which I deleted in gmer), but in my HP Printer driver folder. I can't find that file in the folder with windows explorer or gmer.
That being said, I went to get a fresh combofix log and my AV went nuts. I'm not sure if that is the way combofix works, or if I have a dirty copy of it, since I really don't remeber where I got it. Either way, when combofix started, it deleted the old file and since it didn't finish, I have no new file. I can post the gmer scan if you think that would help.
Some AV's tag parts of Combofix as an infection. But to be safe, Dlete the copy of Combofix you have and lets get a fresh copy.
Please download
Combofix and save to your desktop:
Note: It is important that it is saved directly to your desktop Close any open browsers. Double click on combofix.exe and follow the prompts. When it's finished it will produce a log. Post the contents of the C:\ComboFix.txt into your next reply. Note: Do not mouseclick combofix's window whilst it's running. That may cause the program to freeze/hang.
bamajim
10.4K Posts
1
December 4th, 2008 06:00
First off; Make sure System Restore is turned ON.
2. Since you have run Combofix, please post the contents of the C:\Combofix.txt log.
3. It's not going to be unusual for your AV to find infections in System Restore folders for the next few days now that the active infection has been removed.
And they pose no threat unless System Restore is invoked for the particular date they are associated with. And eventually Windows will delete the older Sytem restore folders for newer ones. You can speed up the detection process by Booting into Safe Mode and running a full system scan.
that_other_guy
2 Posts
0
December 5th, 2008 06:00
First, thanks for the reply, I appreciate your help.
My last scan (kaspersky) found the same worm.win32.generic but not in the restore files (which I deleted in gmer), but in my HP Printer driver folder. I can't find that file in the folder with windows explorer or gmer.
That being said, I went to get a fresh combofix log and my AV went nuts. I'm not sure if that is the way combofix works, or if I have a dirty copy of it, since I really don't remeber where I got it. Either way, when combofix started, it deleted the old file and since it didn't finish, I have no new file. I can post the gmer scan if you think that would help.
Thanks again for the help.
bamajim
10.4K Posts
0
December 8th, 2008 05:00
Some AV's tag parts of Combofix as an infection. But to be safe, Dlete the copy of Combofix you have and lets get a fresh copy.
Please download Combofix and save to your desktop:
Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the contents of the C:\ComboFix.txt into your next reply.
Note: Do not mouseclick combofix's window whilst it's running.
That may cause the program to freeze/hang.