What do I do? Malware

[Tiggie]

My system is XP Windows home edition sp2.Compact presario AMD Processor.
I have done a full scan with Avast and sent a high threat to the Chest.
The threat is as follows; Win32Malware-gen  File name is D:\...\A00093532.sys .Please how do I deal with this?
Your help would be dearly appreciated, I am not really computer savvy.
Thankyou
Tiggie.

[Pondus]

you already have.....you sendt it to chest

[DJBone]

And you should also update your WinXP to SP3 to receive security updates!

DJBone

[chris..]

File name is D:\...\A00093532.sys

Is this file in d:\system volume information ?
To my mind it's tcpip.sys from restauration point.

[Tiggie]

Thankyou, Pondus and DJ Bone, yes its safe in the chest but should I delete it or is it a file which is needed , if so how can one clean it?
I wanted SP3 but when I tried to install it I was told I had not got the resources .
I must mention I recently downloaded Opera and Safari, but took Safari off today after reading it was known to not be secure as other browsers. I wonder if that is how I got the malware.
I also have on my pc Superanti spyware. I use windows firewall.
Chris05
Thankyou too . I don,t know if this file is d\system volume information.I just copied out what Avast showed me.Is there a way I can find out?
Tiggie

[Asyn]

I wanted SP3 but when I tried to install it I was told I had not got the resources .

That's not possible, if your current XP install is legit.

[Tiggie]

Asyn, Thankyou.
Yes my version of xp windows will be legit as I bought it from Currys.
Tiggie
 

[Asyn]

Yes my version of xp windows will be legit as I bought it from Currys.

No idea who 'Currys' is..!!?? But if your XP is legit you should update to SP3 ASAP..!!!

[Tiggie]

Chris 05
Chris you are right, I have just seen inside the avast virus chest and see A0093532.sys that the original location is  D:\System Volume information\_restore\D Last changed 25.07.2001.
I see three more infected files in the chest   Killit.exe  original location  C:\hp\bin  last changed 16.9.1999.
ProcessLogger.exe original location C:\hp\bin last changed 24.01.2003
tcpip.sys  original location  D:\MiniNT\system32\drivers.
This p.c is a hewlett packard.
Can I be helped please.?
Tiggie

[TheHulk]

just clean windows restore points from disk cleanup that will remove it off

[chris..]

I don,t know if this file is d\system volume information.I just copied out what Avast showed me.Is there a way I can find out?

You can see more about "\...\" avast showed you in your "virus chest" information.

As I had issue yesterday with "tcpip.sys" avast showed me 3 "A000xxxx.sys" Win32Malware-gen corresponding "tcpip.sys" from my 3 restored points.

So be careful before to let avast to delete this file.

Of course it's strange you can't update SP3 even if I don't think it's the cause of the malware (if it's really a malware)
Maybe you'll have to test with malwarebytes to be sure...

Edit sorry for this post a little late 
yes you can clean old windows restore point

[DJBone]

To be sure you haven't any further malware on your system follow this guide and attach the logs: http://forum.avast.com/index.php?topic=53253.0
A malware specialist will help you if you're infected.

DJBone

[Tiggie]

The Hulk thankyou,
I have looked at disk cleanup and presume its under"Remove Restore Points " would I be right? and I would need to click on restore from the avast chest  before doing the disk cleanup.
Please have you any advice on the other things in the virus chest?
Tiggie

[Tiggie]

Chris05 what did you do with this same problem.
I will download Malwarebytes. and have another go at downloading sp3 especially after doing disk cleanup.

Tiggie

[Tiggie]

DJ Bone, I will do as you suggest. I  have been lucky over the last 10 years, happily sailing along, but now sp2 is not supported along with an older system I suppose anything can happen.
I am told that I need to take off IE8 ,delete ? if I am to try to get sp3 on once again.
Tiggie