Win32 Adware-gen again

I have a Dell Dimension 3000 that I just put Avast on. After installing it I did a scan (the computer was restarted after the installation and I opted not to do a boot scan). This only found one infected file:

C:\SystemVolumeInformation\restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP8\A0001514.dll

Now the obvious problem is that the file is in the system volume folder which I have no clue as to what it serves exactly. I am further surprised by how the file is presented in a search. Let me explain. I have for most of my life worked on Win95 and about a year ago I switched to Vista. Vista allows you to do a search of a folder and then even if the folder is hidden you can open it. This works most of the time and I believe it doesn’t mess with the settings of the folder. Regardless… I do a search for this file.

N.B. I am now running under win XP and this has nothing to do with any of my other posts/threads.
So th search is done and I get one result for the file A0001514.dll.
The search results are presented as follows:

Name:
search?hl=en&q=C:\SystemVolumeInformation\restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP8\A0001514.dll
In folder:
C:\Documents and Settings\Gaby\Local Settings\Temporary Internet Files

So which path should I follow the one given by Avast or the one given by the search?
Thank you in advance for the help.

Confused !
has another open post
http://forum.avast.com/index.php?topic=37451.msg314743#msg314743
different problem

Hi wyrmrider.

The thread you posted a link to, has been solve. The thread that I started now deals with another virus (hopefully not) on another computer. I’ve made a post in the thread asking how to mark the thread as solved. Mean while can someone give me some pointers on this problem?

Here is what happened in the mean while. I suspected that if the dll is in:
C:\Documents and Settings\Gaby\Local Settings\Temporary Internet Files
then by deleting the cookies and files from my Internet Explorer I would ultimately delete the file. I did this and indeed the file no longer pop’s up on my search (this is the file search).
However Avast still picks it up in:
C:\SystemVolumeInformation\restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP8\A0001514.dll
Can anyone tell me what this file is and what it does? Also what do you recommend to do?

N.B. I don’t have a recovery CD and from what I understand my Dell system is not the best unit out there in terms of reinstalling the OS.

Thanks in advance.

HI
I thought so
that’s why I posted DIFFERENT PROBLEM
now that that’s clear did you read this stickie- above in this forum
http://forum.avast.com/index.php?topic=10794.0

If I did not get the little thingies on the ends of the link open a new window cut and paste into your browser
Thanks for the E-Mail DavidR - I’ll look at it at work tomorrow

Thank you wyrmrider for the link to the stickie.
I read it and I think I can do what it says with one exception. The whole list of steps is:

“1. clean out your temp. files
2. Disabel system restore to clean out the infected file that’s currently in a system restore file.
3. Reboot your system.
4. Re-enable System Restore if you intend to to continue using it.”

In step 2 it tells me to “clean out the infected file”. Now my question is this. The file was there prior to installing Avast. This means that VBR never got a chance to do a backup (here I presume that VBR backs up everythig… although I’m not sure). So how would it go about cleaning it? Since I’m not certain what it does, can I really erase this?

On another note, C:\SystemVolumeInformation\restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}
has to do with the system restore or could it be one of those files that comes pre-installed with Dell Computers and serves as a recovery partition (by this I mean, if you delete a program that came with the computer you can reinstall it from this folder)?

Thank you for the help.
Cheers.

It stores the necessary info to restore executables (*.exe, *.com) files.
VRDB is not a backup system, the stored information is very small (not the whole files).
Besides, only Win32 executables are processed.
VRDB is a generic method, storing file parts that are often target of virus infections. Actually, VRDB scans all the local hard disks for executable files and stores some info about them. VRDB is not a backup system, the stored information is very small (not the whole files). Besides, only Win32 executables are processed. The VRDB data are stored in \Data\Integ\avast.int

System restore is a Windows function that allows restoration to a previous situation.
Recovery partition is a Dell feature that will start everything from the beginning. It is not stored into the SystemVolumeInformation folder.

Hi there.

Ok…mater solved.
Now what I did is I went on My Computer icon on desktop, right clicked on it and left click Properties. I left click on the System Restore tab and I check the little case next to the “Turn off System Restore”. Once that’s done you click apply. Now when I hit apply, a window pops up saying that by doing so I will stop any more restore points from being created as well as deleting any of the ones that were generated till this point. Click OK.
After this I restart the computer, do a complete scan (at the end of which I get no virus detected of course) and then I use the same procedure listed above with the exception that this time I uncheck the little case next to “Turn off System Restore”.

Thank you for the help.
Cheers.

nice work