How do I know it's safe to delete?

[alyssa1025]

I just ran avast! for the 1st time & it found 8 infected files on my pc.  I just need to know how to tell if it's safe to delete them? ie. Are they a system file? Some are .exe files & a few are .dll. Thanks

[mauserme]

Hi alyssa.  Welcome to the forum.

Its always better to put the files in quarantine rather than deleting them right away.  They can do no harm there and you can always retrieve them later if you need them.  Scan them again in a couple weeks;  if they're still indicated as malware and your computer is running OK you could delete them then.

But what are the file names?  If you post this and the name of the malware some may be easily recognizable as things you don't want.

[DavidR]

Deletion isn't really a good first option (you have none left), 'first do no harm' don't delete, send virus to the chest and investigate.

What is the malware name, the infected file name, where was it found e.g. (C:\windows\system32\infected-file-name.xxx) ?

These help us to get a better idea if there is anything else you need to do.
What is your OS ?

[alyssa1025]

Thanks for the quick reply. I am currently running Windows XP Pro. Is there a way to copy & paste the virus info onto a message here? All of the info is too much to type

[mauserme]

You could capture a screen shot with Faststone.  Here's a link

http://www.faststone.org/FSCaptureDetail.htm

EDIT:  After you save the screen capture to your hard drive, upload it to Image Shack

http://imageshack.us/

and post a hotlink to the image.

[alyssa1025]

here is the screenshot of the chest with the infected files



thanks!

[mauserme]

The first 5 entries are in system restore points.  The only way to truly delete these is to turn off system restore and reboot.  You can turn system restore on again afterwards.

The bottom 3 entries refer to Spytech Keycaptor.  There is information about it here

http://www.processlibrary.com/directory/files/nostealth/

and here

http://www.auditmypc.com/process/ntinvisible.asp

I would need to research it a little before giving advice but I won't be able to do that until tomorrow morning (Chicago time).  Maybe someone else can give some help in the mean time.

[alyssa1025]

thanks so much I appreciate it.

[Spiritsongs]

   Hi Alyssa :

     I am concerned you have the Keylogger program "SpyAgent" on your computer;
     a visit to www.spywareguide.com revealed :
    "Commercial Monitoring Software    Danger Level 4 " . With more specific info :

    "Removal tools: List of products that detect/remove/protect against SpyAgent:

Pro User: X-Cleaner
Regulatory Compliance: Greynet Enterprise Manager
 
 
Category Description: Programs designed to monitor user activity. May be used with or without consent. Because it is sold commercially, many anti-virus vendors do not detect them. The most common form of a commercial monitoring tool comes in the form of a keystroke logger, which intercepts keystrokes from the keyboard and records them in a log. This can then be sent to whoever installed the software, or keylogger, onto the machine. Some Commercial Monitoring Software may take screenshots, or video and send the information to an outbound connection.
Official Description: This application records keystrokes, logs website visits, applications run, logs internet connections made, logs files and documents viewed, view logs via e-mail, records AOL/AIM/MSN/Yahoo/ICQ, logs passwords entered, records windows viewed, records web mail, like Hotmail and screenshots of user activity.
   
Properties:  Allows remote connect
 Autostarts/Stays Resident
 Captures Screenshots
 Connects to the internet
 Logs keystrokes
 Sends mail
 Stealth Tactics "

  It is best NOT to have a program like this on your computer;the
 "Infected Files" log you posted implies it has been there since  2002 !
  If the purpose is to "monitor" children, there are SAFER programs
  to have on the computer. It is NOT good when one of the features
  of a program is "defeat spyware detectors", as I saw on the program's
  website .
 

[mauserme]

It is best NOT to have a program like this on your computer ...

Agreed - its not a program most people would want.

Since the path its installed to is the default location its not the stealthiest of installations.  Based on this there is a possibility the uninstaller is available in Add or Remove Programs in the Control Panel (excluding the uninstaller is an option during installation if stealth is desired).  If its there run it to see if any program remnants or registry values can be removed.

And to answer your original question, I would remove the first 5 items in system restore.  I would also remove the final 3 if an uninstaller is available in Add or Remove Programs and it will run.  If there is no uninstaller or there is but it will not run correctly I would leave those 3 items in quarantine for a couple weeks to make sure their removal hasn't caused any probelms on your computer.  If all is running well after 2 weeks then delete them.