Long time lurker, first time writer.
I've run into a situation today that I found rather unusual. I ran a current version of combofix on an XP SP3/IE7 home box to remove a drive-by rogue AV install (garden variety antispy2009- iehelper.dll., proquota.exe, etc.). The machine is otherwise clean.
Oddly, combofix tagged an entire installation of ACT (older version) as infected. The results are what you would expect with a 'virut' type infection. I have not yet confirmed that these files are truly infected (I'll upload to Virustotal tomorrow). I strongly suspect (based on 9 years of IT experience and plenty of combofix runs) that this is a false positive and I'm wondering if there is an appropriate way to communicate the issue to sUBs.
Alternately, if this issue has already been discussed, please direct me to the details.
Thanks for your time. And much love to the folks that hold down this fort.
(mods- feel free to place this post somewhere more appropriate if necessary)
Edited by boopme, 09 July 2009 - 08:00 PM.
Moved from HJT (no Logs) to Am I Infected~~boopme