As Corrine says, those folders are perfectly normal. Qoobox is part of Combofix, and we'll delete it in the following steps. We can finish up here, as there are no longer any signs of a rootkit on board your system. As said before, it looks like most the infection was dealt with before posting - however ComboFix took out the last significant piece. The instructions below contain clean up steps for Combofix, as well as some general information to help protect your system.
Disconnect from the internet and disable your AntiVirus temporarily.
Go to Start -> copy/paste
the following single line command into the Search box and press Enter:
This will uninstall ComboFix. It will also implement some cleanup procedures and reset System Restore points.
Re-enable your AntiVirus now. Reconnect to the internet at your leisure.
Any other downloaded tools can simply be deleted.
To help protect your computer in the future I recommend that you follow these steps and look into the following free programs:
It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by Trojans and viruses. Please go to Microsoft and download all the critical updates to help prevent possible re-infection.
You need an antivirus that is continually updated and a good firewall. In Windows Vista and 7, the Windows inbuilt firewall is usually sufficient, but XP users are recommended to have a good 3rd party firewall. However, be very wary with any security software that is advertised in popups
. They are not only usually of no use, but often have malware in them. If you ever have doubts about the legitimacy of an anti-spyware or anti-virus program, it is best to post your question in our General Security forum.
Remember never to install more than one AntiVirus program as they will conflict with each other.
- WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam, and helps to protect your computer against online threats when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
- Green to go
- Yellow for caution
- Red to stop
WOT and has an add-on available for all major browsers.
- Winpatrol is heuristic protection program, meaning it looks for patterns in codes that work like malware. It also takes a snapshot of your system's critical resources and alerts you to any changes that may occur without you knowing. You can read more about Winpatrol's features here. The Plus Version has more features, and you can read Winpatrol's FAQ if you run into any problems.
- MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer. Windows Vista users see here, and Windows 7 users see here. Note that if you use a company provided HOSTS file you should not use the MVPS HOSTS file.
- ERUNT will create daily complete backups of your computer's Registry. Whilst System Restore does the same thing, a corrupt registry file may prevent Windows from booting & this effectively renders System Restore unavailable by simple means. With ERUNT, you're able to restore the damaged Registry.
Vista/Windows 7 users - see this link for proper setup of Erunt Automatically Backup your Windows Vista Registry daily using ERUNT - The Winhelponline Blog
Last of all, you may wish to read the following article to avoid infection in the future: