Hi everybody, I’m new to this forum and obviously here because I need some help, I’m scrabbling around in the dark and need some enlightenment. Thanks in advance to anyone who gives up their time and expertise to help me.

My sons computer is running windows xp, it has totally slowed right down virtually to a stand still.

I have downloaded avast (professional, I didn’t realise at the time, does it make a difference?) onto a memory stick and have been scanning his computer continually for a week now.

It has managed to scan approx 12 thousand files and keeps finding win32 purityscan bh (tri), in different files, (sorry I haven’t made a note of which files.) I think it must have found at least 20 incidents of it.
Each time it has found the win32purityscan, I have put it in the chest.

With a lot of patience I can get the computer to respond, (by clicking on what I want then going to make a cup of tea.) but it is very, very slow.
I have had a look in control panel in the add/remove and cannot find it there, so can’t delete it that way.

With it taking so long would it be a good idea to stop this scan and download sometime else to try, or shall I sit tight and wait?

I’ve been reading through some other posts and I’m deleting Norton.

The antivirus and firewall that we have is virgin pc guard total, do I also need to turn off the antivirus for avast to work properly?
I’ve just put 4 incidences of the win32 purityscan BH (trj) in the chest, they all say.
C\systemVolume information\restore{_B3253a3a-5cde-46a-912

Two resident AVs is a no no as they can conflict, Norton is particularly bad for leaving remnants even after an uninstall.

A link worth looking at, which is a program removal tool that can remove the remnants of a number of different Norton Programs:
Removing your Norton program using SymNRT

I don’t know if the Virgin firewall, PC Guard Total would also include an antivirus element (though the word total leads me to thinking that), if so at best you should disable that. You may need to uninstall pc guard total reboot and do a custom install without selecting the AV element if it has an AV which you can’t disable.

Any suspect file from the C:\System Volume information folder is better off in the chest, as you don’t want to possibly reinfect your system if you use system restore in the future and it includes that suspect restore point. The reason they are in the C:\System Volume information is that they have in the past been deleted or moves from a system folder, etc. So at worst you just couldn’t use that restore point.

If you can give some examples of the other file names and locations of these other detections.

There is certainly something going on on your system (possibly the multiole VAs on your system fighting for control) as a scan shouldn’t be measured in days but hours. So I would suggest stopping the scan, uninstall Norton and reboot (lets not worry about the other uninstall tool just yet, fingers crossed). Now if pc guard total has an AV, disable it. Then do an avast on-demand scan, but keep the Sensitivity setting at Standard and no Archives, that should be a quicker scan, especially if the other AVs have been removed.

You may have got to a point where your son’s computer is so compromised it might be a bite the bullet time, but we will have to see…

I wouldn’t go jumping around flip flopping between AVs as this could jsu cause more issues with low level drivers having been loaded and left behind to conflict with the next AV.

If you haven’t already got this software (freeware), download, install, update and run it (they are OK with avast), preferably in safe mode and report the findings (it should product a log file).

1. SUPERantispyware On-Demand only in free version.
2. MalwareBytes Anti-Malware, On-Demand only in free version http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe, right click on the link and select Save As or Save File (As depending on your browser), save it to a location where you can find it easily later.

Disable system restore, reboot, then run a scan

Thanks guys, I’ve stopped the scan and it came up with 32 virus’s all as far as I can see the same purityscan jobby.

I’m going to get right on to it now, (once I’ve cooked the clothes, ironed the dog, walked the dinner, put the milk out…

I might be a while, but I’ll get back.
Thanks again

We will be here once you have taken the dog out of the oven and put the dinner to bed.

If it is just purity then do this

Please download the OTMoveIt3 by OldTimer.

[*] Save it to your desktop.
[*] Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
[*]Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

 :Commands
[purity]
[emptytemp]

[*] Return to OTMoveIt3, right click in the “Paste Instructions for Items to be Moved” window (under the yellow bar) and choose Paste.

[*]Click the red Moveit! button.
[*]Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
[*]Close OTMoveIt3

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Add a Hijackthis log to your next post