If you get that same error again, it’s because that virus is in your ‘System Restore’ area.
C:\system volume info\__Restore [ela7255E-08C6-43CF-0306-A33Be 4A7 oC41]RP2029\A060684.exe is infected by Win32:ZBot - H] [trj]
Even though it looks like it’s gone cause you clicked delete, it’s probably still there. No software can gain access to that area since it’s protected for obvious reasons. The only way to delete any file(s) in ‘System Restore’ area is to turn off System Restore… reboot… then re-enable System Restore.
BTW, it’s always better to move infected files to the ‘chest’ rather than delete just in case you get a ‘false positive’. First, do no harm. That way if the file was detected as a false postive, you can restore it. Any file moved to the chest is disabled so it won’t run.
General cleaning procedure could be (including the step 1 explained before in this thread by guestlogin):
Disable System Restore and reenable it after step 3.
Clean your temporary files.
Schedule a boot time scanning with avast with archive scanning turned on.
Use SUPERantispyware and/or Spyware Terminator to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.
Well you are dealing with a total, almost, novice so to disable the Restore is Greek to me. I know how to restore but I really need help with this. How do I begin to do this? Your directions sound fantastic. I am still getting that one screen that I had posted a few days ago also.
Sorry to keep bothering all of you but ya know if I could get a new pc ha ha I sure would right now.
Disable System Restore on Windows ME, XP or Vista. System Restore cannot be disabled on Windows 9x and it’s not available in Windows 2k. After boot you can enable System Restore again after step 3. To use System Restoration it’s necessary to disable avast! self-protection: avast! settings > Troubleshooting > Disable avast! self-defence module then start a System Restore.
Schedule a boot time scanning with avast. Start avast! > Right click the skin > Schedule a boot-time scanning. Select for scanning archives. Boot. Other option is scanning in SafeMode (repeatedly press F8 while booting).
Also, if you still detecting strange behaviors or you want to be sure you’re clean, maybe making a HijackThis log to post here and, specially, scan and submit to on-line analysis the RunScanner log would help to identify the problem and the solution.
After you’re clean, use the immunization of SpywareBlaster or, which is better, the Windows Advanced Care features of spyware/adware cleaning and removal.
Finally, when you’re clean, check for insecure applications with Secunia Software Inspector to update insecure applications and avoid reinfection.