Hi David,
The infected file name is: c:\1u0o8bnq.cmd, which I accidentally deleted after trying to move it to the chest and then repair it.
<snip>
The boot scan is in progress on my new box, so I don't want to interrupt it right now, unless you think that is best. The second instance of win32:Gamona is also reported on screen as: C:\System Volume Information\
_restore(a really long number here)\rp4\A0000184.cmd. Do you think I should disable restore before I try to move this restore file to the chest? Or should I try to repair it?
Based on the name alone and its location I would say it is highly suspect (and probably a good detection) and a google search tends to support that, see
http://virscan.org/report/919544cb2f1da46544fbda853994331a.html.
It may have been deleted as that is what I believe is the detection in the system volume information _restore point. So avast may have been trying to deal with the newly created _restore point, which system restore may have locked the original file whilst this was going on, this is unfortunately supposition on my part. Hopefully the boot-time scan will confirm if it has indeed gone.
If you have a look at the above link you will see many of the other detections have different aliases I think that there may be other elements to this detection.
Trojans generally can't be repaired as the complete file is malicious. I think we can leave system restore enabled for the time being.
If you haven't already got this software (freeware), download, install, update and run it, preferably in safe mode and report the findings (it should product a log file).
1.
SUPERantispyware On-Demand only in free version.
2. MalwareBytes Anti-Malware freeware version
http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe, right click on the link and select Save As or Save File (As depending on your browser), save it to a location where you can find it easily later.