removing virus. HELP! please...

[Yarek]

I've got information, I have virus Win32:Agent-OWW [trj] in DefLib.sys   C:\Windows\system32

First what  I did: Not Panic, and secondly start Avast and scan all computer. But Avast found nothing. I downloaded Avast Virus Cleaner and scan computer again.
Efect:

Code: [Select]

12/29/2007, 1:46:32 PM
Memory scanning started...
No virus body found in memory.
Memory scanning finished (5,3s).
----------
Files scanning started...
C:\WINDOWS\SoftwareDistribution\EventCache\{7C3FCF89-7B38-4FE7-84A1-7D356BAA77DB}.bin... file could not be scanned!
No virus body found.
Files scanning finished  (365719 files, 0 infected, 3568,8s).
Drives scanned: C: D:
----------
I started Avast, went to quarantine box and found this:



What the hell? How to remove all this shit from my computer?
I've read some post on forum but it is like rocket science. I just want kick off it from my comp.

I appreciate any help.

Thank You.

[Lisandro]

If the file is in Chest, your computer is already cleaned. Chest is Quarantine, safe.
I suggest:

1. Disable System Restore and reenable it after step 3.
2. Clean your temporary files.
3. Schedule a boot time scanning with avast with archive scanning turned on.
4. Use AVG Antispyware; SUPERantispyware and/or Spyware Terminator to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.
5. Test your machine with anti-rootkit applications. I suggest AVG or Trend Micro RootkitBuster.
6. Make a HijackThis log to post here or, better, submit the RunScanner log to to on-line analysis.
7. Immunize your system with SpywareBlaster or Windows Advanced Care.
8. Check if you have insecure applications with Secunia Software Inspector.

[Yarek]

Thank You for Your answer.

If the file is in chest (quarantine), can I delete it? I'm asking, because any time I turn on computer i get information about viruses 

And some more questions:
ad1. how do it?
ad2. like above...

Well, like I said; rocket science...

Thank You

[CharleyO]

***

If you are still getting virus warnings, I suggest you follow Tech's suggestion above ...

1. Disable System Restore and reenable it after step 3.
2. Clean your temporary files.
3. Schedule a boot time scanning with avast with archive scanning turned on.
4. Use AVG Antispyware; SUPERantispyware and/or Spyware Terminator to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.
5. Test your machine with anti-rootkit applications. I suggest AVG or Trend Micro RootkitBuster.
6. Make a HijackThis log to post here or, better, submit the RunScanner log to to on-line analysis.
7. Immunize your system with SpywareBlaster or Windows Advanced Care.
8. Check if you have insecure applications with Secunia Software Inspector.

***

[Lisandro]

If the file is in chest (quarantine), can I delete it? I'm asking, because any time I turn on computer i get information about viruses 

File into Chest (Quarentine) are safe to stay there. There is no rush to delete anything from the Chest, a protected area where it can do no harm. Anything that you send to the Chest you should leave there for a few weeks. If after that time you have suffered no adverse effects from moving these to the Chest, scan them again (right clicking the file inside the Chest) and if they are still detected as viruses, delete them.

This is a precaution because:
a) system files (necessary to boot and use the computer)
b) false positives (clean files that was wrong detected as being infected) could happen from time to time and it's safer not to delete the file, but send them to Chest for further analysis. 

ad1. how do it?
ad2. like above...

If a virus is replicant (coming and coming again), you could follow the general cleaning procedure:

1. Disable System Restore on Windows ME or Windows XP. System Restore cannot be disabled on Windows 9x and it's not available in Windows 2k. After boot you can enable System Restore again after step 3.

2. Clean your temporary files. You can use CleanUp or the Windows Advanced Care features for that.