During a routine scan of my hard drives with latest update to PCCillin I
found that I had WORM_GIBE.DR
It was in a file in the C:\_RESTORE\TEMP file in this machine running
Windows ME.
How did it get there, I ask myself. A bit of research reveals that it
travels as an email attachment to one of those bogus Microsoft Security
Warning emails. I got one about a week ago, but did not open it or the
attachment. I looked at the attachment extension. I think it was
.html. Not sure now, though. Definitely did not open it. Eudora 5.1.
Good ol' PCCillin could not clean, delete, or quarantine the file. I could
not delete it because one cannot delete stuff from the Restore file, at
least as far as I know.
Norton's web site told me to disable system restore function and gave me a
GIBE cleaner. I ran the cleaner in safe mode and got rid of the virus.
And, BTW, when I was fooling with the files in the RESTORE\TEMP folder, the
virus would move from file to file after I scanned the containing
file. Very weird, at least to me.
I have a vague idea that System Restore saved the virus file along with
other files during the last change to the C drive. But, where did it find
the virus file to save? Could I have downloaded it along with
a program? Recently I downloaded an upgrade to Snood, but I ALWAYS scan
downloaded .exes for viruses.
Please give me your thoughts.
Robert Humble
"Hold No Punches.." Rode brings you great shareware/freeware
programs with his honest opinions in this weekly column.
http://freepctech.com/rode
|