This is my first time on any forum, so please excuse my naiveness.
My computer is infected with Win32:Spyware-gen. It seems like its a worm, because it travels from file to file. Below is the brief of my efforts:
- Computer started acting weird.
- Tried to scan with 4.8, but would get at C:\SWSETUP\WLASST\Disk1
- Tried to excluded the above, it would get stuck on C:\SWSETUP\WLA2
- Tried Boot-Scan it found a file (don’t remember the location) and corresponding file in system Restore and moved it to chest.
- I tried scanning the chest file and found no infection.
- Restored the files and deleted the chest.
- Boot-Scanned, again it found the worm was in MSWORKS\Tutor… and system restore (diff than before).
- This time I deleted them.
- Boot-Scanned, everything looked clean. But the computer was still acting weird. Shutdown was v. slow, Startup and login were slow.
- Figured out the reason it was getting stuck was something in the system volume information folder which had MountPointRemoteDatabase and Tracking.log.
- Deleted the FOLDERs, rebooted. Everyting was recreated. Again deleted it. rebooted again it was recreated. This time when I tried to access it was denied. That told me that the folder was now secure. I ran the scan and it went through clean.
- I downloaded AVAST 5 and ran a boot scan and it caught the win32:spyware-gen. This time a different file. I told boot-scan to delete it (What ahppen if you ask it to repair, can it really do it). After this delete the scan came up clean. I just ran boot-scan again.
- I don’t know how to set the boot-scan to move everything to chest. Can you please tell me how?
- The reason for posting the post is, is this malware going to keep poping here and there. I am new to this and don’t know much only that it has a lot of variants.
- Can some one please explain. Thanks.
