worm-spybot question

I have a worm/spybot on my computer that AVG continually removes. The only difference is that the last number changes.
Can I locate the infected file and remove it with the information that AVG gives me? When I look for it I can't find it's location.

I've included the report in the hopes that someone can help me.
If you need more info ask and i'll do the best that I can.


Testing C:\ serial 2456-1EF2
Testing D:\ serial F074-F298
D:\Documents and Settings\All Users.WINNT\Application Data\Microsoft\NETWORK\Downloader\QMGR0.DAT Cannot open; not checked!
D:\Documents and Settings\All Users.WINNT\Application Data\Microsoft\NETWORK\Downloader\QMGR1.DAT Cannot open; not checked!
D:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.dat.LOG Cannot open; not checked!
D:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT Cannot open; not checked!
D:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\WINDOWS\UsrClass.dat.LOG Cannot open; not checked!
D:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\WINDOWS\USRCLASS.DAT Cannot open; not checked!
D:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.dat.LOG Cannot open; not checked!
D:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT Cannot open; not checked!
D:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\WINDOWS\UsrClass.dat.LOG Cannot open; not checked!
D:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\WINDOWS\USRCLASS.DAT Cannot open; not checked!
D:\Documents and Settings\BOBS\NTUSER.DAT Cannot open; not checked!
D:\Documents and Settings\BOBS\NTUSER.DAT.LOG Cannot open; not checked!
D:\Documents and Settings\BOBS\Local Settings\Application Data\Microsoft\WINDOWS\USRCLASS.DAT Cannot open; not checked!
D:\Documents and Settings\BOBS\Local Settings\Application Data\Microsoft\WINDOWS\UsrClass.dat.LOG Cannot open; not checked!
D:\System Volume Information\_restore{C9F75713-B641-41FB-95DD-0FB93089CE47}\RP556\A0134233.EXE repaired
D:\System Volume Information\_restore{C9F75713-B641-41FB-95DD-0FB93089CE47}\RP556\A0134234.EXE repaired
D:\System Volume Information\_restore{C9F75713-B641-41FB-95DD-0FB93089CE47}\RP556\A0134235.EXE repaired
D:\System Volume Information\_restore{C9F75713-B641-41FB-95DD-0FB93089CE47}\RP556\A0134236.EXE repaired
D:\System Volume Information\_restore{C9F75713-B641-41FB-95DD-0FB93089CE47}\RP556\A0134237.EXE repaired
D:\System Volume Information\_restore{C9F75713-B641-41FB-95DD-0FB93089CE47}\RP556\A0134238.EXE repaired
D:\System Volume Information\_restore{C9F75713-B641-41FB-95DD-0FB93089CE47}\RP556\A0134239.EXE repaired
D:\WINNT\SYSTEM32\CONFIG\SYSTEM.LOG Cannot open; not checked!
Testing F:\ serial 2C6D-AD09

Test finished, duration 00:48:46.3 s
245282 objects tested, 7 found infected

Thanks in advance.

 

Disable System Restore, reboot, then enable it and reboot. Your system keeps pulling it out of there, this will get rid of it.

 

in the process of doing it now.

thank you.


it appears that was all that needed to be done.

 

these files r back again. Is there a way to permanantly remove them?

 

If infected files are getting back into system restore after disabling it and rebooting, then your system is still infected or reinfected. Do this online scan. Then update AVG, disable system restore and reboot, then run AVG. When it's done, re-enable system restore.

 

i've completed the process. when I did the online scan it listed some files. It did not remove them or/and I could'nt print them. When I ran AVG it did not find any virus's. I guess i'll just see what happens. If I need to do anything else let me know.

thanks

I am going to use the autoclean setting, which I may not of had on.

 

You might want to check the scan settings for AVG. By default it does not scan all files, usually document & sheets, program files. The online does all files by default.