I have been using avast 4.8 home edition on windows XP (home) SP 2 for a few weeks.
It finds the win32.agent-lvw trojan, and it moves it to the virus chest. After few days the trojan pops up again (quite often after the start up of the pc)and avast clean it again to the virus chest and so on.
This is either being downloaded again or restored by an other undetected or hidden element to the infection.
What is the infected file name, where was it found e.g. (C:\windows\system32\infected-file-name.xxx) ? Check the avast! Log Viewer (right click the avast ‘a’ icon), Warning section, this contains information on all avast detections.
If you haven’t already got this software (freeware), download, install, update and run it, preferably in safe mode. SUPERantispyware On-Demand only in free version, this may be able to detect the hidden or undetected element.
SuperAntispyware worked. It found two hidden trojans downloader and it moved them to the quarantine area. I hope no more troubles will pop ups from that…
Disable System Restore and reenable it after step 3.
Clean your temporary files.
Schedule a boot time scanning with avast with archive scanning turned on.
As you already done, uUse SUPERantispyware and/or Spyware Terminator to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.
The avast detections (file names) certainly look like randomly generated names associated with Vundo, add to that the SAS detection of a Vundo variant, I would say there is another more specific tool should you run.
Double-click VundoFix.exe to run it.
When VundoFix re-opens, click the Scan for Vundo button.
Once it’s done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from “Click the
Scan for Vundo button.” when VundoFix appears at reboot.
A log will be produced which you can post in your next response.
Below is an example of a Vundo infection, though there are many different filenames.