Hi thanks for reply,
Most backup software will be compressing the content, in its compressed state it is benign. Only when the backup is restored would it be uncompressed and even then if it is an infected email attachment, that would have to be run.
Didn't know that. So if I try to open a compressed file and it is infected, Avast! will activate?
I don't know what MS Security window that might be (not something I'm familiar with in XP), but this type of thing is often related to scam/fake security alerts. So it entirely depends on what security software (MS) that you have installed and if the pop-up window is legit for that application.
It was legit: Maybe related to Windows firewall? It was
not helpful - Avast! warns
before the fact: This windows application informed
after the fact (and since the text "Documents and settings" flashed across the screen (despite a negative Avast! full scan) I scanned D and S and found the threats). Plus the date and time of when they "came" was accurate.
I personally wouldn't be looking at exclusion, if as you say this is only scanned/found on a boot-time scan as the boot-time scan isn't something that is run on a regular basis.
Someone suggested a boot scan: I have to find out more about them. But it was certainly more helpful than running combofix.
I don't know who suggested combofix, but this is a powerful tool and one I would say has to be run under guidance. As can be seen from the dell drivers. Normally it would follow using a number of other analysis tools first to get an idea what is on the system and cleaning with targeted fixes and or other tools before breaking out the bigger guns as run on their own it is possible that they could actually make the situation worse.
I was trying to get an answer as to how worried one should be about 4 threats at that time in virus chests (trend and Avast! different systems) and was instructed by a well known message board to run a number of log-generating software. All I wanted to know is whether I could / should use the system. I know the email had not been opened, and AFAIK all infected code was localized.
I assume the positives (both Trend and Avast!) were code (heuristic) and not actual virus / worm... programs.
I was told by some people the only way to deal with the situation (
before the 4 java\cache threats and the 5th email-related code) was to reinstall Windows....
I certainly have learned my lesson about combofix and following directions I am not completely familiar with....
Whilst I don't specifically use mosbackup or any other email backup function, my tbird profile folder and stuff are on a manual mirror.exe tool that I use. I also do weekly drive image backup and these are pretty big up to 3GB or so, so I don't feel the need to scan then as I do my avast Quick scan before running my drive image backup. Those G:\Drive-Images\*.v2i I have excluded.
I am not familiar with the above software: MozBackUp has been a help (especially with TBird)
Finally: I think I learned another lesson: Several days ago: received a 91 kb email: "from FedEx" - the sender and recipient were completely wrong and Fedex confirmed this: I truncate email on the server (download to 3 systems) so I never had the entire message.
I trashed it immediately on 2 systems and forwarded 1 kb (header info) (that had downloaded) to a center for malware. Then immediately deleted it from the server.
I am afraid to run the trash folder through Avast! and for that matter the inbox.
I guess I shouldn't do anything...
I thank you very much for the help! You gave me a lot of information and I am very grateful!
Thanks!