viruses detected...delete or try to repair?

[DeaKCKS]

I downloaded and ran Avast for the first time.  It detected 7 viruses.  I moved all to the virus chest, but since there is a repair function, when do you know when to attempt to repair or just delete.  I am running on win XP....and below is the info I have from the viruscan

Name                            location                             
A0006322.exe           C:\System Volume Information\_restore
           virus detected was Win32:Trojano-3428

A0007410.exe           C:\System Volume Information\_restore
           virus detected was Win32:RPCexploit

javascript.exe            C:\WINDOWS\system32
           virus detected was Win32:Codbot-Q

mmf32.exe                 C:\WINDOWS\system32
           virus detected was Win32:RPCexploit

SVCHOST.EXE             C:\WINDOWS\system32\wins
           virus detected was Win32:Codbot-Q

TFTP224                     C:\WINDOWS \system32
           virus detected was Win32:Ircbot-LL..

winPE.exe                  C:\WINDOWS\system32
           virus detected was Win32:SdBot-29...

If anyone can advise on if I should just delete these....and/or general info regarding when to attempt to repair over just deleting.....I would be grateful.....thanks in advance

[DavidR]

First do no harm, delete is never a good first decision, move to the chest and investigate as you are doing now.
There is no rush to delete anything from the chest, they can't do any harm there. Anything that you send to the chest you should leave there for a week or two. If after that time you have suffered no adverse effects from moving these to the chest, scan them again (inside the chest) and if they are still detected as viruses, delete them.

viruses in the C:\System Volume Information\ (part of system restore), _restore points are protected by windows and can't be removed in the normal way, you will need to disable system restore and reboot. If after another scan you are then clear you can enable system restore again.

Repair is often greyed out as it isn't available, either the files aren't protected/monitored by the VRDB. Trojans generally can't be repaired (either by the VRDB or avast virus cleaner), because the entire content of the file is malware, so it is either move to chest or delete, move to the chest being the best option (first do no harm). When a file is in the chest it can't do any harm and you can investigate the infected warning.

The VRDB only protects certain files, .exe, dll and other system files, it doesn't protect data files or all files, it is not a back-up program, so there are going to be many occasions where repair won't be an option.

Only true virus infection can be repaired, e.g. when a virus infects a file it adds a small part to it, provided that file is one that avast's VRDB would monitor and you have run the VRDB, then it may be possible to repair the file to its uninfected state.
However, for the most part so called viruses, trojans (adware/spyware/malware, etc.) can't be repaired because the complete content of the file is malicious.

Is your OS up to date, SP2 with all later updates (as RPCexploit would usually mean your OS isn't up to date) ?
Do you have a firewall, if so what ?

[DeaKCKS]

I inherited this computer from a friend recently ....because after her teenage relative downloaded a bunch of stuff off the web.....evidentally picking up numerous viruses...and another relative trying to fix it......all that would happen when you turned it on .....was that you got a black screen....

It hadn't been used for nearly a year when I inherited it ....because she had given up on it being able to be fixed. 

However, I was able to do a destructive recovery and get it running again....so .....in answer to your question at the end of your reply....it only has SP1.....and no firewall on it. After I get these viruse problem fixed....will go to MS updates to download SP2 and any other updates it says I need.....There is also no firewall installed.  I am planning to download one of those as well (ie. Zone Alarm) too. 

I understand your directions for the removing the last 5 viruses listed above.....letting them sit in the virus chest for 1-2 weeks ....rescan again inside the virus chest.....and delete if still detected as viruses....and not suffering no adverse effects from moving them to the chest....

The only question I still have is regarding the two virus' in  C:\system volume information ......I just want to make sure I am doing the steps in the right order......do I first scan the two virus' in question again inside the virus chest.....and if still showing as infected......then disable the system restore......reboot......delete the viruses.......and then enable system restore again.....Let me know if I have the steps out of order or would be doing incorrectly.....thanks for your swift reply  ; )

[DavidR]

Getting rid of some viruses, trojans or malware without an active firewall that also provides outbound protection (not the XP SP2 firewall) will be like fighting an uphill battle. The time on-line to getting infected is counted in minutes. So I would put that high on your priority list. Zone Alarm free (zonelabs.com) works fine with avast and has a reasonably friendly user interface.

1. There is no need to scan the file inside the chest they can do no harm there leave them for the 1-2 weeks no problem, they could more than likely be deleted now, but get into the habit if you send something to the chest.
2. Disable system restore and reboot.
3. Do a full system scan (don't worry about anything in the chest, as 1. above) if that comes up clean, enable system restore. If not let us know.

[CharleyO]

***

Just as an added push to what David said about a firewall, I agree that you need to get one installed pronto! Otherwise, you will never get that computer completely clean. ZoneAlarm Free is usually the easiest and quickest to set up.


***

[DeaKCKS]

Thanks David and Charley for all the advice....will follow the steps both of you gave me and let you know how it goes....wish me luck  ; )   .....thanks  for aaallllllll of your help........Deanna

[DavidR]

Glad we could help, good luck and welcome to the avast forums.

[CharleyO]

***

Welcome to the forums, Deanna.   

Let us know how you get along with the inherited computer.

Please come back often, learn more, and maybe help others.   


***

[DeaKCKS]

Hello again.....so far....I have downloaded .....Ad-Aware and and downloaded/running Avast.....I have downloaded zone alarm (but haven't opened it yet since I was going to download winXP SP2 first.....I know when I download SP2 I will have to uncheck SP2's firewall (which MS website says will be turned on by default)......but what I need to know is......if I have zone alarm running/continually monitoring my computer ......can avast be running/continually monitoring my computer (on access protection) at the same time.....or do I turn it off and only use Avast to scan/remove viruses on a regular basis.....I just didnt know if I could have both Avast and Zone alarm monitoring my computer at the same time.......

thanks again (from the person who just knows enough about computers to be dangerous.... : )  LOL........ Deanna

[DavidR]

avast isn't a firewall so there should be no conflict with the free zone alarm.

I would advise installinf and running ZA NOW, don't wait to upgrade to SP2 and unprotected system can count the time before infection/exploit in minutesa and it will take much longer than that to update your system on-line.

[CharleyO]

***

YES, please install ZoneAlarm Free before doing anything else and especially, as David advised above, before doing a long time download such as SP2. That was the point in my post above ......   

... you need to get one installed pronto!

***