Comodo accurately finds files on my system, infected with Kido/Conficker/Downadup, but is unable to deal with the files. regardless of whether I select quarantine, or remove, the files remain behind and are found continuously.
I’ve tried taking ownership, using several file Shredder utilities, nothing touches these files
Comodo reports the virus as Kido. Researching this I found it also goes by the name Downadup and Conficker.
I had a bit of an outbreak at home and at our Office (5 users)
Everything about the infection matched the classic symptoms of Conficker
Typically the files I am having trouble removing are the autorun.inf files placed in the root of every volume, from where they get into the recycler, and sysvolinfo. Also the randomly named dot vmx files which are left in various locations. See Snip of Event log attached
After repeated scans, reboots etc, I seem to have gotten on top of this, and all the files are finally deleted.
I now occasionally get one popping up, but they now delete gracefully when told to.
This whole exercise has raised the question in my mind of how CIS actually Quaratnies infected files.
There does not seem to be a specific quarantine location ( no ptions to specify where it should be located), so I assume that the CIS locks the file down in situ, to prevent any activity, and then puts entries in the Quarantine Database. Is this correct?
Is there actually a quarantine location into which the infected files are physically moved? If so, where is it?