What do I do? Malware

[DJBone]

Ok, waiting for your feedback.

DJBone

[chris..]

My problem was more complicated because I let avast to deleted usefull working tcpip.sys (not only in restored points) => so I haven't internet connexion anymore.

I don't think you have malware trouble , just use one of antimalware like malwarebytes to be sure , delete old restored points and do an new avast scan.

[Tiggie]

Chris05 Thanks for your reply but I am sorry about your own problem, and there you go helping others! Yes I am going to clean up my restore points as The Hulk and you say, and then run Malwarebites.First I will restore the items from the chest.
I will work on this tomorrow, as I have to be out today.
Tiggie

[Tiggie]

DJBONE  I have cleaned my restore points as  suggested, but what about the files
of which there are two ,still in avasts chest,(untill I find how to get them out) when I do find out do I need to do the cleaning process over again? Perhaps so I would think.
I clicked on"Restore"  within the chest before I ran disk cleanup a Rewrite box appeared and as I was not sure what to do I left well alone.  Do you click on rewrite the file?
I originally asked only about the one file D:\system\volume information\_restore
but the other one is  D:\MiniNT\system32\drivers\tcpip.sys. What is this file used for  and is it very important? And can tell me what to do about it please?
I have downloaded Malwarebytes and done a scan, came up clean .I
 would have liked the files within the chest to have been also scanned, when they are out I will run another scan.
Thankyou for the link which I have saved
I could have sworn I had IE8 but find out via the scan I have 7.
I am sorry about the delay in getting back to you but was not home on Sunday.
Tiggie

[Tiggie]

The Hulk and Chris05 I have cleaned my restore points as you kindly suggested, but could not get the two files out of the Avast chest, I clicked on Restore and when the  Rewrite box came up I did not know if I should click rewrite file  so left it alone, should I have clicked yes ? I downloaded Malwarebytes and did a scan  it came up clean, But I will have to do it again I would think when I get the two files out of the bin.I only asked about one because I only sent one to the avast chest which you know about, then found in the chest D:\MiniNT\system32\drivers\tcpip.sys
There were another two  killit.exe which is not a virus  and C:\hp\bin\processlogger.exe which seems to be a false positive according to my reseach on the net.
Tiggie

[DJBone]

If you have restored them, a copy will be left in the virus chest. You can scan them again by right-clicking and choose "scan". If they aren't infected anymore you can restore them and delete the files from virus chest. tcpip.sys was a false positive some days ago. Read here about it: http://forum.avast.com/index.php?topic=110781.0

DJBone

[Tiggie]

DJBone      third time lucky, I  have downloaded SP3 .
I would think the two files in the avast chest did not get updated, your comments would be appreciated.Please could you tell me if I click on overwrite to restore them as i would like to scan them with Malwarebytes in case Avast has given a false positive or do I move them elsewhere another option in the chest restore.
Please please tell me.
Tiggie

[Tiggie]

chris05
I have updated to SP3 third time lucky.I donot  suppose the two files in the chest got updated I would like to know how to get them out  in restore in the chest do you click on overwrite or move them some place else ? I would like to scan them with Malwarebytes.
Tiggie

[Tiggie]

Pondus please can you tell me how to get my file out of the virus chest.I would like to scan it again with Malwarebytes  in case Avast gave me a false positive I know to click Restore which gives one an option to overwrite or move it.( where to ? )
I have managed to put SP3 on  my pc third time lucky
Please can you help
Tiggie

[Tiggie]

Asyn I have now got  SP3 on my computer.I do not think the files 2 in the virus chest will have got updated When I went into the chest to restore I got an overwrite box up but did not know what option to take as the options were to overwrite or move, would not know where to move anyway.
Iwanted to scan with Malwarebytes in case they were false positives, as two others were.
Curry,s is a big electrical retailer.
Tiggie

[Pondus]

Pondus please can you tell me how to get my file out of the virus chest.I would like to scan it again with Malwarebytes  in case Avast gave me a false positive I know to click Restore which gives one an option to overwrite or move it.( where to ? )

see hw to in reply nr #8 from DavidR
http://forum.avast.com/index.php?topic=87295.msg701625#msg701625

you can then also upload the file(s) to www.virustotal.com and test with 40+ malware scanners

[Tiggie]

DJBone
No  I have not yet rested the files from the chest as when I click"RESTORE" it gives me options either to overwrite or move or ignore etc.Do not know what to do, what do you suggest please. Thank you for the interesting link.
Tiggie

[Pondus]

There were another two  killit.exe which is not a virus  and C:\hp\bin\processlogger.exe which seems to be a false positive according to my reseach on the net.
Tiggie

was it detected as PUP ?
PUP is not a virus, but Possible Unwanted Program.....a program that can be good or bad if abused
so you need to know what it is before you decide to remove/not remove

and this is a factory installed program from hp.... think you find several cases here about the same file if you do a forum search

[DJBone]

Choose overwrite. A copy of the file will be left in the virus chest.

DJBone

[Tiggie]

Pondus .Yes it is a pup and I have read about it in the Forums .Thanks to you.
Thankyou for the link re Davidr,s reply to another member.
Since I have updated to SP3 and downloaded 85 updates  the scan which I have done within the chest on the two files  is reading "no virus"
Thankyou  most sincerely for giving me your time, and I have learn,t a lot.ie search the forum instead of panicking.
And many thanks to everyone who helped me.
Sincerely Tiggie
P.S I am a little more computer savvy now....smile
Just got your most recent post I will overwrite, and one more question, do I delete the copies in the chest
Tiggie