AVG Quarantined ComboFix, created recursive path to 'My Computer'

I was simply trying to 'be prepared' one day when I was searching for ways to protect my PC and prepare to repair the OS & software if they were corrupted. I found out about ComboFix and downloaded it. I have never run it, however.

Today, for some reason, my AVG antivirus (free version) flagged ComboFix files as an Identity Theft threat and quarantined them. I don't know if something corrupted ComboFix as a legitimate threat, but I doubt it. When AVG found the "threat", it first seemed to offer an option of quarantining or ignoring. I was unsure, so I began a web search on the potential threat. While I was doing that, AVG performed a time out and quarantined the ComboFix files without my approval. Mind you, the removal of ComboFix on its own is not a problem per se. However, this did create another problem.

My problem is that now my ComboFix folder (C:\ComboFix) has been transformed into some kind of link (soft or hard) to 'My Computer' (even with the My Computer icon). This has created a recursive or circular path. If you click on ComboFix, you get a sub-folder list of each disk (just like in My Computer). You can then expand the list for C: and see a ComboFix folder. Then you can expand ComboFix and get another lower-level set of disk icons that open to more folders, repeating the pattern ad infinitum.

Now I don't know how to remove this odd link. I don't like having it there, it leaves me wondering if a simple mistake could really harm my software. As for the quarantined files, I don't know how to either delete or recover them from the vault (I've never needed to that kind of thing). Assuming I can delete them, I doubt that would cause any problems. On the other hand, what about the ComboFix folder/link?

I know that soft links and even junctions should be OK to delete since the original target will still exist. However, the idea of deleting the contents of an apparent junction to 'My Computer' gives me one heckuva "pucker factor"! I was also thinking that maybe if I "unquarantine" the files (assuming AVG offers that option), that might restore the files and somehow undo the odd linking behavior. Or, it might create more problems.

My attempt to be prepared for problems now has me chasing down a solution to one. (Proving that the road to software hell is paved with good intentions?) Can anybody here offer useful commentary or well-informed suggestions?

Thanks!

FYI - My OS is Windows 7 64-bit Home Premium, SP 1.

 

I would try to restore the files from AVG. But, and this is a big but,, never download or run Combofix without supervision. Combofix can be dangerous when you are not experienced in using it. Try to restore the files from quarantine, and see if that works.

 

Hey bruzote, welcome to MG's.
As Nick T, mentioned- ComboFix needs to be run, supervised by a trained malware fighter.
I don't use AVG, but here's a link on how to restore from the vault.
http://www.avg.com/ww-en/faq.num-4503

Next navigate to and delete the executable as you have not even run it.

Is the above a folder or the executable?!
Just for info AVG has played a spoil sport with CF- and at times has had to be uninstalled before using CF. Also for convenience sake CF needs to be run from the desktop and not from C:\

I reiterate do no use CF unless a malware fighter is supervising you.

Cheers..

 

Thanks, guys. Actually, now I'm much more puzzled about what happened.

First, I can't find any such ComboFix folder in my backups! I checked by Microsoft backup files to find the same ComboFix folder (C:\ComboFix). I went to the latest .VHD file from Jan 8th. It has no C:\ComboFix folder (or file). I am quite confident I did not download or create any such folder since the 8th. Thus, I have no idea how it got there or what configuration (including memory) AVG was dealing with.

Second, AVG may have also found something in the memory related to ComboFix. Just now, I went to verify this and saw nothing in the logs - zero - that any part of the scan I've discussed ever took place. Not even the part that found the files.

Third, I looked in the vault. The only things there are tracking cookies from back on December 29th. I would expect that, except for the missing ComboFix things that were supposedly found. Maybe when the AVG window timed out, it deleted the files but I would hope AVG would at least leave a log file of the scan.

It feel like AVG and my PC are working together to make me look like I should be committed to an institution. The way things are, especially my cluelessness, I guess my best move would be to just clean up by removing the C:\ComboFix link to My Computer. Also, find out how AVG works with time outs, logs, and the vault. :-\

 

Sick Vick,

The C:\ComboFix location is a link right now. I'm not sure if it even existed prior to the day of the scan; I have no idea what happened. I don't even trust my memory at this point. However, I am sure that IF I realized the file I downloaded was not an installer but actually the program itself, I would not have run it. Maybe I did run ComboFix inadvertently, thinking it was an installer? I'm clueless. That's what I get for multitasking. Around that time I was checking out many free AV and Anti-malware programs. Now my memory is quite confused with a lot of gaps.

There's a lesson here for others, but not for me (since I've obviously not learned from the problem each time it happens). Unless you have a solid track record of remembering such details, take notes each time you reconfigure your system or add some software. I've clearly been too stubborn to do that. It means admitting my memory is not so great and I repeat the same mistakes. I'm hoping by typing this out for public consumption I'll induce myself to learn the lesson. I'm keeping my fingers crossed for that to happen. Especially since, given my professional experience in enterprise system integration, I know better than to 'wing it'. :-o

 

One final thing - perhaps I should post this elsewhere or separately - how would I confirm my system is 'OK'? Is there some way to compare present to a past backup or restore point? I really prefer not to go 'backwards' with a restore of a backup or to a prior restore point. I have no idea how that would affect my system and what changes I might lose. :confused

 

bruzote, if in deed you ran Combofix, a quarantine folder named "Qoobox" would exist. I would run a chkdsk and then use the computer as normal and see if all goes well before trying anything else except maybe running Ccleaner.

http://www.majorgeeks.com/CCleaner_Standard_d5125.html

 

Simplest to restore the system to a time /date before the CF fracas.
Let us know how that goes. Do this in safe mode, to have AVG remain dormant.

Don't think you have run CF as its graphics are unmistakable and can take a while to run depending on data to scan and infections if any.

Cheers..

Edit to add: With a restore no data is lost, only updates to Windows and programs beside any software added.

 

Thanks for your feedback.

There is no Qoobox folder, so I guess my memory was right and I did not run ComboFix.

I'm happy to see that the strange link to "My Computer" has gone away without my having to delete it. I've rebooted two times since I posted last and somewhere in that time the link disappeared. I have not run my CCleaner scan, but the system already seems to be fine. (I'll run CCleaner anyway.)

If I find anything, I'll let you all know. If I don't comment again, it's because I found nothing.

Thanks so much for your support.