As part of its routine ComboFix creates a folder named Qoobox in C:\QooBox\Quarantine\ to keep files that have been removed by ComboFix. These files are copied and renamed by adding .vir
at the end so they are are no longer a threat
. The path to the removed file(s) in the C:\QooBox\Quarantine folder shows the location where it was removed from. In some case, ComboFix may remove a legitimate file for various reasons. To restore a file, just remove the .vir and copy it back to its original location.
Afterwards, please do NOT run ComboFix again unless asked to do so by a member of the Malware Removal Team. Why?
This is because people should not be using ComboFix without proper supervision and guidance (see here
Keep in mind that if you restore a file which appears legitimate but is in fact malicious, you will be restoring malware on your computer. If you do not feel comfortable restoring the files on your own or you were dealing with a serious infection, then you can ask for further assistance with disinfection and restoration of your removed files. However, we cannot do that in this forum.
Since you already ran ComboFix, please follow the instructions in the Preparation Guide For Requesting Help
starting at Step 6. When you have done that, start a new topic and post the required logs to include your ComboFix log
in the Virus, Trojan, Spyware, and Malware Removal Logs
forum, NOT here
, for assistance by the Malware Response Team Experts.