My Symantec anti-virus keeps hitting on the same .htm file, located in IE's cache directory:
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\09YBC1I7\badfile.htm
(where the 09ybc1i7 is random, and "badfile.htm" is not really the file's name).
Each time it hits, Symantic deletes not only the file, but the entire subdirectory.
But it keeps coming back - except the subdir name changes.
After some digging I have found that it is Google Desktop that is recreating the subdir and file each time it starts (and apparently at other times as well, but I haven't figured out the trigger).
I have gone through Google Desktop's browsing history log, and used the provided tool to "remove" the browsing events related to the infected web site from GD's index.
But still the thing keeps coming back.
So, the question: Where else might GD be hiding a copy of this file to recreate it from?
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\09YBC1I7\badfile.htm
(where the 09ybc1i7 is random, and "badfile.htm" is not really the file's name).
Each time it hits, Symantic deletes not only the file, but the entire subdirectory.
But it keeps coming back - except the subdir name changes.
After some digging I have found that it is Google Desktop that is recreating the subdir and file each time it starts (and apparently at other times as well, but I haven't figured out the trigger).
I have gone through Google Desktop's browsing history log, and used the provided tool to "remove" the browsing events related to the infected web site from GD's index.
But still the thing keeps coming back.
So, the question: Where else might GD be hiding a copy of this file to recreate it from?
