I wiped and reloaded my hard drive a few weeks ago because I could not get rid of several trojan viruses after running multiple scans with 10 different scan programs. After reloading my OP, I downloaded all necessary updates from MS, bught and installed Avast, installed Windows System Care 3.2, and all has been fine until last week.

Avast picked up either 1 trojan in 2-3 objects or 2-3 trojans on my main computer, and at lest one in a flash drive that basically crashed.

The trojan(s) on my main computer were caught on a boot time scan and deleted, but I did not turn off system restore prior to running it. I have run several boot time scans since, plus several WSC scans, and none have found anything. At the suggestion of syth, I downloaded malwarebytes scan, and it foud the following:
Rootkit.agent.V

2 objects in system restore
1 object in syst 32
1 object in MSSP3

I have done nothing with the viruses and need advice ASAP!

Should I turn off system restore and then delete the files?

Yes, turn off system restore, until we’re done cleaning this up.

As for the other items, were you able to remove them with Malwarebytes?

Just to clarify, the virus is in the following places:
2 objects in C:System Volume Information_system restore{4B1A . . .
1 object in C:WINDOWS\system32\drivers\wadv07nt.sys
1 object in C:WINDOWS\Service Pack Files\i386\wadv0 . . .

I have done nothing. The scan finished and I read the results and posted. I still have the results window open and wanted to get advice before I select an action

I just turned off system restore, but how will that affect a virus that is embedded in IT???

By turning off system restore, it effectively DELETES all system restore files. Since the virus is in one of those system restore files, it will be removed as well.

I have done nothing. The scan finished and I read the results and posted

Please have Malwarebytes remove the entries.

Then, as I said in your other post, I would suggest downloading hijackthis, running a scan, and posting a log here.

I would wait a moment. Two people have reported this,today it may be a false positive. Can you upload the file to virus total

http://www.malwarebytes.org/forums/index.php?showtopic=13369&hl=wadv07nt.sys

http://www.malwarebytes.org/forums/index.php?showtopic=13368&hl=wadv07nt.sys

http://www.virustotal.com/

What file? The infected ones??? They have been removed.

good catch micky.

So I didn’t have a virus in 4 files???

But those are reporting one file. My scan found 4. Well, its done, anyway.

So what does a false positive mean?

Keep your eye on the links I posted,if this is a false positive,you can restore the files from quarantine. if you have accidently removed a legit file,I do not know what consequences this will have.As long as they are quarantined they can be restored.Just wait and watch the mbam forum

EDIT a false positive is a false alarm,a mistake.I DID NOT say it was, I said it may be.You will have to waitand see.I would have uploaded the files for further examination ( virus total )

Okay, well, I downloaded hijackthis and am about to run it. I will check back when it is finished.

This is so much fun, and to think I thought I’d never have THIS much fun again.

Well, I have a readout but I can’t post it as it exceeds max length for a post.

I think it is clean. How can I post the read out?

When you go to write a post, click the “Additional Options” button to the left of the “Post” button.

Then upload it as an attachment.

This is so much fun, and to think I thought I'd never have THIS much fun again

Yeah, we never said this was fun, but hopefully once you’re all fixed up, avast should be able to prevent these things from happening in the future!

Restore the files, update MBAM to 1921 run a scan. This is a FP

http://www.malwarebytes.org/forums/index.php?showtopic=13369&hl=wadv07nt.sys

Okay, here goes. Do I need to try to restore files or would it be safer to go to MS and download them?

You need to open MBAM go to quarantine click only the files we are talking about then click restore

Okay, only 2 of the 4 are there. The two files that were in the system restore are gone. Should I restore these and upload them to the mbam forum to be checked? I am just really paranoid about reinstalling a virus!

According to the forum link wadv07nt.sys is a FP. I do not believe you are restoring a virus, but a legit file.Besides if MBAM caught it once, it would catch it again.But as you can see from the forum link the person who uploaded the file DID NOT DELETE and now after updating MBAM the threat no longer exists, because MBAM have fixed the issue

But what about the system restore files that were marked as infected and are no longer visible in the quarantine folder?

So I should restore the one file with the extention wadv07nt.sys, but leave the other?

Well, both of the files left in quarantine have the wadv07nt.sys extention.

So should I restore these and run the scan again?