Need to get rid of the Malware again (Outerinfo, Internet speed monitor, etc)

[green tea]

Ok, Kaspersky's still scanning, but I just came back to my pc and Avast detected a virus. Here's what it says..

A Virus Was Found!
File name: C:\System Volume Information\_restore{D172B5C7-37F3-42FE-B932     (I can't read rest of the file name since the window's small)

Malware name: VBS:Malware-gen
Malware type: Virus/Worm
VPS version: 080502-0, 2008-05-02

Available actions
Move/Rename, Delete, Repair, Move to Chest

Recommended action: Move to chest.

Can I just delete this??

[evilfantasy]

Let Kaspersky finish and post the log.

That Avast warning will be taken care of easy enough. Just wait fo rkaspersky to finish.

[green tea]

Oh, thanks for the quick response.

So should I just leave the Avast window open, or select "No Action"?? (Next to the No Action button, there's a note saying that "if you press the 'No Action' button, the malware will NOT be activated."

It looks like Kaspersky was scanning that same vbs file as well, and it's stuck there. The duration progress is the only thing changing while everything else is the same.

[evilfantasy]

No problem. C:\System Volume Information\_restore{D172B5C7-37F3-42FE-B932 is an isolated area from the rest of Windows so it can't do any harm.

[green tea]

Evil, please read my above post. I modified it to add some new info

[evilfantasy]

Give it a little more time and see if it progresses any. If it is stuck we will do some clean up and try again. It may just be on a large system file.

[green tea]

Ok, I'll wait another 20 minutes and see if anything changes.

I'm worried about tomorrow. Seems the viruses attacked on two Saturdays in a row. Has there been any reported incidents like that, where the viruses come back every week?

[evilfantasy]

Real-time Virus Reporting - Last 24 hours

http://www.bitdefender.com/site/VirusInfo/realTimeReporting/

[green tea]

Ok, it's been about 50 minutes (at least) since Kaspersky has been on the same file and not progressed in the scanning. I really think it stopped when the Avast window popped up.

Do you still want me to wait, and if so, how much longer?

[evilfantasy]

No go ahead and exit out of it and lets clean up.

Download OTMoveIt2 by OldTimer OTMoveIt2.exe and place it on your desktop. (unless you already have it installed)

1. Double click OTMoveIt2.exe to launch it.
Vista users right click and choose Run As Administrator
2. Click on the CleanUp! button.
3. OTMoveIt2 will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access.
4. Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?)
5. Once complete exit out of OTMoveIt2

Set a New Restore Point to prevent possible reinfection from an old one
Note: The restore point is what Avast flagged as infected. This will clear all infections from there.
Setting a new restore point AFTER cleaning your system will enable your computer to roll-back to a clean working state if needed.

• Go to Start > Programs > Accessories > System Tools and click System Restore
  
• Choose the radio button marked Create a Restore Point on the first screen then click Next Give the Restore Point a name then click Create.
  
• The new restore point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
• Next go to Start > Run and type Cleanmgr
  
• Click OK
  
• Click the More Options Tab.
  
• Click Clean Up in the System Restore section to remove all previous restore points except the newly created clean one.

.
Let me know how things are now.

[green tea]

Before I run OTmoveit, do I do anything about the window with the Avast warning.

[evilfantasy]

If it gives an option to move it to the vault or delete it then either one of those will be fine.

[green tea]

Ok, I chose Delete, instead of the Move it to the chest.

Will start OTMoveIt2 now

[green tea]

Finally able to reboot to normal mode without any problems, logged in and load desktop without problems, and have everything functional.
....
Here's what happened earlier. I finished OTMoveit and was prompted to reboot. I did that and rebooted to normal mode. Upon logging in, the Disk Monitor message popped up: "failure: Create Service, Error_Service_Exists"  I have NO CLUE why it appeared but closed it. Avast and Winpatrol was running but the Internet Connection said it was unplugged. Had to restart again.

This time, avast icon looked like it was lagging, and after a couple slow spin, it froze. The entire desktop froze and I couldn't do anything. Had to reboot, and it was basically an alternation between -- frozen desktop  or desktop with everything running except the internet. Along the way, I had trouble rebooting as well... after the window load screen, it would say "no signal" and the pc rebooted.

So now I'm wearing about having to shut down the machine too much.

[green tea]

Also, after logging in and seeing everything working, I created a new restore point.

But here's my worry. When we removed all the viruses two week ago, I created a new restore point on 4/23. Then a couple days later on Saturday 4/26, the viruses hit. I tried to go to system restore, but only saw a restore point created on 4/26 at exactly the time the viruses entered my pc. Couldn't find the restore point I created at all.

Is that normal? Would I be able to go to my latest Restore Point if that happened?