I have some issues with an old XP machine from my beloved mother.
It had some malware infections (a RAT / Adware / Zero.Access / And some other MBR-garbage), witch I got rid of nicely using -among others- some custom scripting with ComboFix, if I may say so myself
This was in March, earlier this year. The system is running fine again now / since, both Kaspersky and F-Secure rescue CD's are giving me the all clear. I also monitored all outgoing traffic, and nothing suspicious came up.
We got her a new e-mail account and so on as well. No weird things in the registry, everything seems to be clean, I am quite SURE the system is now clean as can be..
The only exception is the now-freshly-installed Comodo Internet Security, it keeps finding some remnants in the System_Volume_Information\Restore folder.
MBAM and all others I tried so far (Avira, MSE, Panda, AdAware, HitmanPro, you name it) miss this entry.
(No there not installed at the same time, only 1 active AV installed at any given time)
I already turned off system-recovery, rebooted, and checked if it was still de-activated on all drives, witch it is.
I also de-installed all software not needed to boot in the first place and that I can replace, including Office, Photoshop, Silverlight, you name it.
All custom back-up software (it's a Dell) has been removed, the discs do not contain any hidden partitions...
I'm a bit clueless now, I hope you guys can help out...
Is there an easy way to manually delete / script myself a way out of this without harming the system?
Could those Restore\*.* files be from a(n OLD???) driver installation? (The only things I kept on the system)
I cross referenced the name / CLSID and location against the registry, but I can't find anything???
Thanks in advance,