During a routine scan of my hard drives with latest update to PCCillin I
found that I had WORM_GIBE.DR
It was in a file in the C:\_RESTORE\TEMP file in this machine running
Windows ME.

How did it get there, I ask myself.  A bit of research reveals that it
travels as an email attachment to one of those bogus Microsoft Security
Warning emails.  I got one about a week ago, but did not open it or the
attachment.  I looked at the attachment extension.  I think it was
.html.  Not sure now, though.  Definitely did not open it.  Eudora 5.1.

Good ol' PCCillin could not clean, delete, or quarantine the file.  I could
not delete it because one cannot delete stuff from the Restore file, at
least as far as I know.

Norton's web site told me to disable system restore function and gave me a
GIBE cleaner.  I ran the cleaner in safe mode and got rid of the virus.

And, BTW, when I was fooling with the files in the RESTORE\TEMP folder, the
virus would move from file to file after I scanned the containing
file.  Very weird, at least to me.

I have a vague idea that System Restore saved the virus file along with
other files during the last change to the C drive.  But, where did it find
the virus file to save?  Could I have downloaded it along with
a  program?  Recently I downloaded an upgrade to Snood, but I ALWAYS scan
downloaded .exes for viruses.

Please give me your thoughts.

Robert Humble

      "Hold No Punches.." Rode brings you great shareware/freeware
        programs with his honest opinions in this weekly column.
                       http://freepctech.com/rode