Many Many Infected Files!! What to Do?

Hi, I have some problems lately with my computer. I deleted Mcafee and installed Avast home edition 4.7. I deleted mcafee because not one anti virus can find eveything.

:o Wow :o Avast found alot.

Here is what Avast found; I did put all of them in the chest;

Infected files;

A0431570.exe C;\system volume information_restore… win32:VB-EKA [trj]
A0431852.exe C;\system volume information_restore… win32:VB-EKA [trj]
A0431859.exe C;\system volume information_restore… win32:VB-EKA [trj]
A0432205.exe C;\system volume information_restore… win32:VB-EKA [trj]
A0432217.exe C;\system volume information_restore… win32:VB-EKA [trj]
A0432258.exe C;\system volume information_restore… win32:VB-EKA [trj]
A0432261.exe C;\system volume information_restore… win32:VB-EKA [trj]
A0432266.exe C;\system volume information_restore… win32:VB-EKA [trj]
A0432273.exe C;\system volume information_restore… win32:VB-EKA [trj]
A0435678.exe C;\system volume information_restore… win32:VB-EKA [trj]
A0435690.exe C;\system volume information_restore… win32:VB-EKA [trj]
A0435731.exe C;\system volume information_restore… win32:VB-EKA [trj]
A0435734.exe C;\system volume information_restore… win32:VB-EKA [trj]
A0435739.exe C;\system volume information_restore… win32:VB-EKA [trj]
A0435746.exe C;\system volume information_restore… win32:VB-EKA [trj]

System Files;

kernal32.dll C;\windows\system32
winsock32.dll C;\windows\system32
wsock32.dll C;\windows\system32

Can you tell me what to do about these? Should I remove them or leave them in the chest? ???

I am using Windows XP service pack 2.

For spyware/adware I use;

Webroot Spysweeper, Ad-aware 2007, Spyware Blaster.

For Anti-virus I use;

Avast! version 4.7 home edition & WindowsZones.

Others;

Webroot Window Washer

Thanks for any help. :slight_smile:

First the files in the System Files section of the chest are back-up of important system files, leave them alone.

You have done the right thing, ‘first do no harm’ don’t delete, send virus to the chest and investigate.

There is no rush to delete anything from the chest, a protected area where it can do no harm. Anything that you send to the chest you should leave there for a few weeks. If after that time you have suffered no adverse effects from moving these to the chest, scan them again (inside the chest) and if they are still detected as viruses, delete them.

The stuff from the C:\System Volume Information folder are probably old infected files from system folders saved by system restore. The C:\System Volume Information folder is a part of the system restore function and as such is protected by windows, the only really effective way to clean infected _restore points is to disable system restore and reboot.

This will clear ALL _restore points. Once you have disabled system restore, reboot, scan your PC again and if clear enable system restore (this will create a clean restore point).

If avast has been able to successfully remove these no problem, but personally if the system volume information folder is suspect, any future use of the system restore function could reinfect your system, so it is probably to be doubly sure and clear it out as above.

I did a scan on the infected files while in the chest; they still show infected. Should I go ahead and delete them. Then do the restore thing to get rid of the infected files in the restore?

Thanks.

File into Chest (Quarantine) are safe to stay there. There is no rush to delete anything from the Chest, a protected area where it can do no harm. Anything that you send to the Chest you should leave there for a few weeks. If after that time you have suffered no adverse effects from moving these to the Chest, scan them again (right clicking the file inside the Chest) and if they are still detected as viruses, delete them.

This is a precaution because:
a) system files (necessary to boot and use the computer)
b) false positives (clean files that was wrong detected as being infected) could happen from time to time and it’s safer not to delete the file, but send them to Chest for further analysis. :wink:

Disable System Restore on Windows ME or Windows XP. System Restore cannot be disabled on Windows 9x and it’s not available in Windows 2k. After boot you can enable System Restore again.
This will delete the infected files.