Win32: Trojan-gen

Hello!

Today I was playing a game on the internet with a statistic program and a program that shows statistics on the screen as the game is going.
And suddenly it popped the following window saying that I have Win32: Trojan-gen and pointing towards C:\Documents and Settings\User\Local Settings\Application Data\Xenocode.…\drwtsn32.exe so I deleted it. And the program that shows statistics went off
Now I am running some scans on my computer and when I move the file into the cage it says there is the same virus in C:\Program Files\Alwil Software\Avast4\DATA\moved\drwstn32.exe.vir.

So I did a full scan once and it found like 7 Win32 Trojan-Gens and 3 or 4 of them were found in C:\System Volume Information_restore{ some numbers }
Now I am doing a second scan and C:\Program Files\Alwil Software\Avast4\DATA\moved\drwstn32.exe.vir popped up again

Tell me what should I do please?
my avast is 4.8 Personal Version

First, deletion isn’t really a good first option (you have none left), ‘first do no harm’ don’t delete, send virus to the chest and investigate.

Second, it doesn’t look like you are actually sending the file to the chest, a) the moved folder isn’t in the chest and b) the .vir suffix is appended to the file when you use the Move/Rename option rather than Move to the chest.

The drwtsn32.exe is a legit file name, though this is a common tactic by malware, but it isn’t in the correct location for the legit file, so the detection appears to be good.

  1. So upon detection select ‘Send to Chest’ and not Move/Rename as this seems to be your problem relating to the drwtsn32.exe.vir file.

  2. The same for those found in the C:\System Volume Information_restore points, send to the chest - Infected Restore Points - There really is little benefit in chasing a detection in the system volume information folder. It is only there because it had previously been deleted or moved from the system folders and this is a back-up created by system restore.

  • Worst case scenario it isn’t infected and you delete it, you can’t use that restore point in the future, not much of a loss and the older the restore point is the less of an issue it is.

  • So if there is any suspicion about a restore point then it is best removed from the system volume information folder or it could bite you in the rear at some point in the future when you use system restore if it included that restore point.

  1. There is no rush to delete anything from the chest, a protected area where it can do no harm. Anything that you send to the chest you should leave there for a few weeks. If after that time you have suffered no adverse effects from moving these to the chest, scan them again (inside the chest) and if they are still detected as viruses, delete them.