combofix and sdfix flagged as trojans

long story short version

had my laptop slammed by vundo and by downloader/backdoor trojans a few weeks ago, Think i finally got laptop clean after a coupleof itierations of cleaning but i'm paranoid -- but that will be another thread as i'm not 100% sure it's clean.

what does concern me and purpose of this thread is that our home computer which i had been using as resource while cleaning my laptop hasn't been giving me any trouble. (I used it to download utilities to memory stick to use on the laptop -- so not sure if infections can travel that way)

low and behold this morning, when i wake the home computer i get a dreaded messenger box with german header but english telling me that my computer is loaded with viruses and i should clean it. i killed this bogus warning screen but now was afraid my home computer is infected. -- also upon reboot i get a message that flash needs to be updated which i also know to be bogus.

so updated symantec to internet security 2008 -- did a full scan and it found two viruses flagged as backdoor.trojan and trojanhorse -- said it found backdoor.trojan in the browser cache and 1 file -- combofix.exe in my download folder. it said it found trojanhorse (i believe aka smitfraud according to symantec) in one file "sdfix.exe". i had downloaded both from majorgeeks site and transferred them from home computer to laptop and used them to fix my laptop so assume they had to be clean versions.

anyway norton said it dealt with them and resolved them and i haven't gotten any popups in IE but seems weird that symantec would find those two files as trojans on my home computer.


is this flash update screen a new vector (did search on web and couldn't find mention of flash update screen as virus vector) but seems to be common theme symptom on both my laptop and desktop "infections".


is it possible that combofix and sdfix were targeted for infection?

thoughts?

next steps? how to check for more infections?

 

Hi jreyes,

This is Mike from the Norton Authorized Support Team responding to your posting. Neither combofix or sdfix are flagged as "infections" in Norton's definition files.

I agree what CP has said to you regarding a threat spreading to other files on your system and infecting them. The best way to stay on top of infections when you have Norton Internet Security 2008, is to make certain that the LiveUpdate feature is set to Automatic, so that it continually updates the definition files, as well as the program files. When LiveUpdate is set to "Automatic" , as long as your computer is logged in and connected to the internet, LiveUpdate will check for and install any updates multiple times per day.

In regards to "next steps," I would manually run LiveUpdate, possibly multiple times, to make sure that you have the latest definition and program files installed.

Secondly, you will also want to set the Full System Scan to happen more frequently to ensure that Norton Internet Security stops the infections before they spread. This can take a long time , so you may want to schedule it at times when you are not using your computer.

Please also make sure that your settings for LiveUpdate, Active Scanning, and Full System Scan are set correctly. After you verify your settings and manually run LiveUpdate, please perform a Full System Scan to see if you are still infected.

I hope that my response clarifies things for you.

Thank you,
Mike