Combofix removed the following file C:\WINDOWS\system32\taskmgr.com whiich is known to install programs (possibly using setup.exe) - that item may no longer occur as a result, now.



I suspect that XoftSpy is the running process (real-time protector?) that is interfering with combofix in NORMAL MODE. You likely would normally need to disable or end that running process when running some other scanning tools. I remain unconvinced that it is an effective tool amongst much better alternatives.



You may also want to check out the following files at 'VirusTotal'. The first item has a few known bad variations. The other two (2) are almost always found to be good files. They all have the same installation time/date stamp:
2006-11-30 10:49 146,432 --a------ C:\WINDOWS\REGEDIT.COM
2006-11-30 10:49 146,432 --a------ C:\WINDOWS\R.COM
2006-11-30 10:49 135,680 --a------ C:\WINDOWS\system32\T.COM

Hi,

Those three files check out as clean at the Virus Total website.

I left my computer online all night last night and there is no reoccurrence of 'setup.exe' in any of the root folders as I type this.

Do you think that combofix could have done the business??

I'll monitor the computer today and see if the nasties return but I would say that this is the longest that I've been without them showing up....

The setup.exe and autorun.inf files are back!

I've run setup.exe through the Virus Total website and here are the results...

AntiVir - no virus found
Authentium - W32/Methodbod.gen2
Avast - no virus found
AVG - no virus found
BitDefender - DeepScan:Generic.Horst.DCE2E387
CAT-QuickHeal - no virus found
ClamAV devel- - Trojan.Medbot-98
DrWeb - no virus found
eSafe - suspicious Trojan/Worm
eTrust-InoculateIT - no virus found
eTrust-Vet - no virus found
Ewido - no virus found
Fortinet - no virus found
F-Prot - W32/Methodbod.gen2
F-Prot4 - W32/Methodbod.gen2
Ikarus T - no virus found
Kaspersky - no virus found
McAfee - no virus found
Microsoft - no virus found
NOD32v2 - no virus found
Norman - W32/Horst.gen14
Panda - Suspicious file
Prevx1 - no virus found
Sophos - Mal/Behav-080
Sunbelt - no virus found
TheHacker - Trojan/Horst.gen
UNA - no virus found
VBA32 - MalwareScope.Trojan-Proxy.Horst.1
VirusBuster - no virus found

As you can see, a lot of the antivirus programs don't even recognise it....

Any ideas on my next move?

Many thanks

There is not much known or documented about the identified possible infection names:

BitDefender - DeepScan:Generic.Horst.DCE2E387

Try running the Bit Defender online scan:

Bit Defender:
http://www.bitdefender.com/scan8/ie.html
Turn off any Popup Blockers before accessing the site.
Save the log and post it here. Let it clean/cure/delete all it finds.