Virus found........Avast does its job again :)

Hiya me again,

Well this am I got notice that a virus was found so my Avast did a boot scan and low and behold this is what it found:

File C:\system volume info__Restore [ela7255E-08C6-43CF-0306-A33Be 4A7 oC41]RP2029\A060684.exe is infected by Win32:ZBot - H] [trj]

Needless to say my awesome Avast grabbed it and advised how to delete it which I did hit Delete All.

Ya know my pc has not been running right for months and I bet this was the reason.

Thanks for the great work and hope this helps all of you by posting the info.

Blessings,
Natalie

Hi Natalie,

If you get that same error again, it’s because that virus is in your ‘System Restore’ area.

C:\system volume info\__Restore [ela7255E-08C6-43CF-0306-A33Be 4A7 oC41]RP2029\A060684.exe is infected by Win32:ZBot - H] [trj]

Even though it looks like it’s gone cause you clicked delete, it’s probably still there. No software can gain access to that area since it’s protected for obvious reasons. The only way to delete any file(s) in ‘System Restore’ area is to turn off System Restore… reboot… then re-enable System Restore.

BTW, it’s always better to move infected files to the ‘chest’ rather than delete just in case you get a ‘false positive’. First, do no harm. That way if the file was detected as a false postive, you can restore it. Any file moved to the chest is disabled so it won’t run.

Hope this helps.

General cleaning procedure could be (including the step 1 explained before in this thread by guestlogin):

  1. Disable System Restore and reenable it after step 3.
  2. Clean your temporary files.
  3. Schedule a boot time scanning with avast with archive scanning turned on.
  4. Use SUPERantispyware and/or Spyware Terminator to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.
  5. Test your machine with anti-rootkit applications. I suggest avast! antirootkit or Trend Micro RootkitBuster.
  6. Make a HijackThis log to post here or, better, submit the RunScanner log to to on-line analysis.
  7. Immunize your system with SpywareBlaster or Windows Advanced Care.
  8. Check if you have insecure applications with Secunia Software Inspector.

Hiya Guys :slight_smile:

Well you are dealing with a total, almost, novice so to disable the Restore is Greek to me. I know how to restore but I really need help with this. How do I begin to do this? Your directions sound fantastic. I am still getting that one screen that I had posted a few days ago also.
Sorry to keep bothering all of you but ya know if I could get a new pc ha ha I sure would right now.

Thanks ahead of time

Natalie

Natalie, in more details:

  1. Disable System Restore on Windows ME, XP or Vista. System Restore cannot be disabled on Windows 9x and it’s not available in Windows 2k. After boot you can enable System Restore again after step 3. To use System Restoration it’s necessary to disable avast! self-protection: avast! settings > Troubleshooting > Disable avast! self-defence module then start a System Restore.

  2. Clean your temporary files. You can use CleanUp or the Windows Advanced Care features for that.

  3. Schedule a boot time scanning with avast. Start avast! > Right click the skin > Schedule a boot-time scanning. Select for scanning archives. Boot. Other option is scanning in SafeMode (repeatedly press F8 while booting).

  4. It will be good if you download, install, update and run SUPERantispyware or Spyware Terminator.
    If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.
    About legit antispyware applications or the bad ones: http://www.spywarewarrior.com/rogue_anti-spyware.htm#sites

  5. If you still detecting any strange behavior or even you’re sure you’re not clean, maybe it will be good to test your machine with anti-rootkit applications. I suggest avast! antirootkit or Trend Micro RootkitBuster for XP/Vista. For XP only: Panda.

  6. Also, if you still detecting strange behaviors or you want to be sure you’re clean, maybe making a HijackThis log to post here and, specially, scan and submit to on-line analysis the RunScanner log would help to identify the problem and the solution.

  7. After you’re clean, use the immunization of SpywareBlaster or, which is better, the Windows Advanced Care features of spyware/adware cleaning and removal.

  8. Finally, when you’re clean, check for insecure applications with Secunia Software Inspector to update insecure applications and avoid reinfection.

I will follow your instructions. Thanks again for being so patient. I will keep you posted

Natalie