Virus / worm halp prz

[altwight]

"C:\System Volume Information\_restore{B9ED256F-0C3D-4618-87AD-ED478029830F}\RP70\A0012879.exe";"Virus identified Worm/Autoit.ELP";"Moved to Virus Vault"

"C:\System Volume Information\_restore{B9ED256F-0C3D-4618-87AD-ED478029830F}\RP70\A0012879.exe";"Virus identified Worm/Autoit.ELP";"Infected"

"C:\System Volume Information\_restore{B9ED256F-0C3D-4618-87AD-ED478029830F}\RP70\A0012881.exe";"Virus identified Worm/Autoit.CTL";"Infected"

"C:\System Volume Information\_restore{B9ED256F-0C3D-4618-87AD-ED478029830F}\RP70\A0012882.exe";"Virus identified Worm/Autoit.FKN";"Infected"

"C:\System Volume Information\_restore{B9ED256F-0C3D-4618-87AD-ED478029830F}\RP70\A0012883.exe";"Virus identified Worm/Autoit.DKX";"Infected"

"C:\System Volume Information\_restore{B9ED256F-0C3D-4618-87AD-ED478029830F}\RP70\A0012880.exe";"Virus identified Worm/Autoit.DKW";"Infected"

"C:\System Volume Information\_restore{B9ED256F-0C3D-4618-87AD-ED478029830F}\RP70\A0012905.exe";"Trojan horse Generic13.XR";"Infected"


Resident shield with AVG picked these up while I was doing a virus scan last night. I can't seem to delete them.

Also spyware doctor (trial version so basically useless) picked up these 2 from the same folder

"Trojan-downloader.bagle!ct"
"Trojan.agent.B!ct"

Whenever I click remove all infected items with AVG all but the bolded one is removed which says cannot be removed. It's pretty obvious the bolded infection is the main downloader because I'm getting multiple alerts every so often after I delete the baby files.

[Spekkio]

Disabling System Restore to remove viruses
this should at least give you an idea of why you're having trouble. read it and come back if you have questions.

[Kriz]

ComboFix A guide and tutorial on using ComboFix
MalwareBytes Malwarebytes.org
CCleaner CCleaner - Home

And you'll be good to go, I bet. CCleaner won't get rid of any viruses or anything, but will clean up registry and temp files and give you a nice UI to your startup items.

[altwight]

Neither combofix or malwarebytes found it in a scan.

[Mafai]

its because your PC isnt actually infected, your system restore files are.

simply disabling and re-enabling system store will get rid of it, but keep in mind this deletes all your restore points.

[altwight]

Ah I don't even use system restore. Are you absolutely positive that will get rid of it and it will have no chance at doing anything to my comp I won't know about.

[Mafai]

Ah I don't even use system restore. Are you absolutely positive that will get rid of it and it will have no chance at doing anything to my comp I won't know about.

yes im sure. it will simply delete your restore points. if you never plan on using it you can actually keep it off to free up some disk space, but thats up to you.

[Norellicus]

Window system restore is pretty useless anyway since any of the changes it records are easily reversed simply via a recovery console/last known good config.

[Kayu]

try cureit(doesnt need install)
Download Dr.Web CureIt! Free anti-virus scanner, cures computers viruses.
if it fails go for
:: NORMAN :: Antivirus | Firewall | Network security

[Mafai]

do people even read before recommending something?

his AV isnt having a problem with anything.

the system restore files were infected and they are protected by the OS so they cannot be changed, so he simply needs to disable system restore and re-enable it (if he wants to)

[altwight]

i can't scan it manually. it's in or was in system restore folder which is not accessable

[Kriz]

do people even read before recommending something?

his AV isnt having a problem with anything.

the system restore files were infected and they are protected by the OS so they cannot be changed, so he simply needs to disable system restore and re-enable it (if he wants to)

It's true, I just gloss over the topic. I would think a good cleaning just to make sure nothing was left was good too.

Taken from the first response- how to disable Sys restore

"If using the default Start Menu, click Start | Control Panel | Performance and Maintenance | System. Select the System Restore tab and check "Turn off System Restore"."

Looks like AVG cleaned it as best it could