For several days I have worked on trying to remove multiple viruses from my wife's computer, running XP. She was using AVG, but as I have now learned, that and AdAware is nowhere near sufficent. So she might have already had some viruses, but I first noticed it when she was hit by the Windows Security Center virus. AVG failed to remove it. MalwareBytes removed it, but it kept finding a way to reinfect, so I would continue to use MalwareBytes to remove it. I think it was HitmanPro that finally stopped the reinfection, but then I discovered she had the Google redirect virus for Internet Explorer. I tried several suggestions in various forums I read, including Trojan Remover, UnhackMe, the GoRedFix.exe specially for it, but nothing worked, although there were other problems these tools fixed. I finally read about ComboFix. I read the directions and warnings, and since I'm a professional programmed, felt confident to try it after making sure files were backed up. It solved the Google redirect virus, and the computer also seemed to run faster. The main culprit seemed to be an infected cdrom.sys file. I thought I was finally homefree, but I am still experiencing problems. I created a system restore point after ComboFix finished, and now AVG ResidentShield will periodically report a virus for:
C:\System Volume Information\_restore<guid>.sys Virus identified Win32/Patched.DO
Each time ResidentShield pops up, there are additional occurrences of the same location, with the same guid each time.
The other problem my wife is noticing is that when she uses IE, it will close on her intermittently, usually when she's clicking on a link in her favorites.
Any suggestions? I can post the ComboFix log made 2 days ago if you would like. A couple things I have noticed when viewing Task Manager
1) There is a file called 4h206.com that sometimes run. It exists in the Windows\Fonts and \Prefetch directories.
2) There is a file called 1hL86Prm.exe that sometimes runs.
EDIT: Moved from XP forum to Am I Infected ~ Hamluis.
Edited by hamluis, 25 April 2010 - 07:53 PM.