Win32:Nimda [drp] found, but Virus Cleaner doesn't find it...

[DavideV]

Hi everyone!

Yesterday I have downloaded the Avast! 4 Free Home and just after installed it, I made a deep scan of the pc, without finding viruses.

Today, as the system tried to go in standby mode, the Avast protection gave me a virus alert, telling me that it found signs of Win32:Nimda [drp] malware and suggesting me to completely remove the virus from the system.

So the Virus Cleaner started but... it found no viruses!

May someone help me?

These are the lines taken from the logs:

02/03/2006   13.55.20   1141304120   SYSTEM   1424   Sign of "Win32:Nimda [Drp]" has been found in "C:\System Volume Information\_restore{AA7CAD49-22D0-4F2C-BDA6-EE6B7EE53C2B}\RP58\A0009963.COM\[UPX]" file. 

avast! Virus Cleaner Tool - version 1.0.208 Ansi

Creating log file: C:\Programmi\Avast4\DATA\log\cleaner.log

02/03/2006, 14.11.55
Memory scanning started...
No virus body found in memory.
Memory scanning finished (4,4s).
----------
Files scanning started...
C:\WINDOWS\Temp\Perflib_Perfdata_590.dat... file could not be scanned!
No virus body found.
Files scanning finished  (46341 files, 0 infected, 703,4s).
Drives scanned: C: G:
----------

Thank you!!

Davide.

[igor]

I guess the A0009963.COM file is some antivirus cleaning tool (similar to Cleaner) that doesn't have the virus signatures properly encrypted. I.e. you don't have to worry about it, it's not a real virus.
To get rid of the alert, you'll probably have to emtpy the System Recovery cache.

[Lisandro]

ITo get rid of the alert, you'll probably have to emtpy the System Recovery cache.

Enable and then disable System restore on Windows ME: http://support.microsoft.com/default.aspx?scid=kb;en-us;Q264887
Enable and then disable System restore on Windows XP: http://support.microsoft.com/default.aspx?scid=kb;%5BLN%5D;310405