Yet Another System Restore virus....?

[Voldy]

So I've seen quite a few threads regarding the virus similar to the one that was found on my own computer, but I'm still a bit confused about it.

Avast! found Win32:Zlob-BYO (a Trojan) on my computer, in the folder C:\System Volume Information\_restore{numbersandletters}\morenumbersandletters.  I put it in the Quarantine about a month ago, and actually, since then, I've experienced a problem.  When I put my computer into Hibernate mode, and start it up again, it says that some error occurred, and I have to "Delete Restoration Data" or something, and essentially, my session on the computer is lost.  Now, this doesn't always happen, and I'm not sure if I should delete the virus, restore it, somehow clean the file....Help?

Thanks. =)

[Lisandro]

I suggest:

1. Disable System Restore and reenable it after step 3.
2. Clean your temporary files.
3. Schedule a boot time scanning with avast with archive scanning turned on.
4. Use SUPERantispyware, MBAM or Spyware Terminator to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.
5. Test your machine with anti-rootkit applications. I suggest avast! antirootkit or Trend Micro RootkitBuster.
6. Make a HijackThis log to post here or, better, submit the RunScanner log to to on-line analysis.
7. Immunize your system with SpywareBlaster or Windows Advanced Care.
8. Check if you have insecure applications with Secunia Software Inspector.

[Voldy]

Thanks a ton for your quick response.  Bear with me, though, because this'll probably take me a while to go through. XD

First off, how do I go about cleaning my temporary files?

[DavidR]

Firstly the infected restore point should have absolutely nothing to do with the issue you are reporting with hibernation. The C:\System Volume Information\_restore points are inert until you have system restore restore it.

The most likely instance is an infected file in the system folders having been removed and a restore point being created.

Secondly the "Delete Restoration Data" it is referring to is I believe the hiberfile.sys (sorry can't recall the correct name I don't use hibernate) not any restore point/s. Regards any loss of session data, just ensure that anything you are working on is saved and close applications normally before deleting the hiberfile.sys file.

So I fell the detection is unrelated to this problem.

[Voldy]

Oh, okay then. 

So now how do I clean my temporary files?  Clean them up as in, delete them?

[gspt]

not sure what virus I've got but it seems to be in the boot memory and after booting up and logging in it goes to saving your settings and hangs on the log off screen and will not logg onto windows not even in safe mode and it got worse after I did scan boot and when it detected a virus I selected to put in chest and it said drive was full and i haven't been able to log into windows at all what can i do??

[Lisandro]

So now how do I clean my temporary files?  Clean them up as in, delete them?

You can use CleanUp or the Windows Advanced Care features for that.

I selected to put in chest and it said drive was full and i haven't been able to log into windows at all what can i do??

Difficult to say, but, maybe, using the CD of XP or Vista DVD will allow you to repair your Windows installation.

[Voldy]

First of all, thanks for all the programs that were recommended.  I downloaded many of them, and they are quite amazing, especially Advanced Windows Care.

Now that all of that is out of the way, back to the actual virus....Uh, is it safe for me to just delete the trojan?  It's been in the quarantine for a long time, so can I just delete it?  Thanks.

[FirstOfMay]

I'm getting the same virus/adware alert!  It's driving me crazy because when I try to do anything with it, it says the object/file doesn't exist.  Very strange.