I'm infected, what are the next steps?

[safely]

first, hi to everybody
after a long time, my avast found an virus on a memory stick and prompted me. I had deleted it from the beginning.
the next day, I had decided for an quick scan, and avast had found another one, the: Win32:Midgare-VD [Trj], and I had made the wrong decision (wrong, because I had read it after on the internet) to delete it, and avast confirmed it action successful.
Another quick scan, had found the same thread into the system volume information\_restore........, means in another place.
For this time I had decided for an boot scan which found another one: INF:AutoRun-Gen [Wrm].
I had decided to send both of them in to the chest. Now I have two garbage in my chest.
The boot scan, were only the C: drive, (I have another two)
After the boot, I have made another quick scan which didn't found anything else.
What should I do now?
Thanks everybody in advance for yours kindly responses.
(I am running Win XP Pro, with Avast Home)
Thanks

[Pondus]

Try this

Malwarebytes Anti-Malware 1.46 http://filehippo.com/download_malwarebytes_anti_malware/
always run update before you scan so you have the latest database
click on the remove selected button to quarantine anything found
please post the scan log here

[Mr.Agent]

Just something that Pondus did not mention if the virus try to keep you of installing Malwarebytes then try to rename the setup so the virus will maybe wont stop it.

[superhacker]

I think avast did the job and protect you if something found by mbam it will be traces behind the virus.
avast! rock

[Mr.Agent]

avast! Home ? I think a more intelligent thing you could pass to the 5.0 version which offer betters covers and scans. Also less hungry on the ressource. Same for XP Pro i hope its SP3 because SP2 isnt supported anymore.

[safely]

yes, it is 5 th vr, and XP SP3
so, why should I quarantine with malwarebytes, when the crap are already in to the avast chest?

[Pondus]

yes, it is 5 th vr, and XP SP3
so, why should I quarantine with malwarebytes, when the crap are already in to the avast chest?

No security program have 100% detection

so you run MBAM for a second opinion.........and quarantine what it find.....if anything
it will not detect what is already in avast! chest as this is a protected area

and post the log please

[superhacker]

But can you post the log here"Of mbam"

[safely]

Thank you Pondus for your imput, I'll do that, and I'll post again what I will find.
Of course with the log file

[SafeSurf]

Hello Safely and welcome to the forum. 

Something else that you do after posting your MBAM log is to install and "vaccinate" your machine against autorun.inf.  It is very easy to do with free Panda USB Vaccine for USB devices:
http://research.pandasecurity.com/panda-usb-and-autorun-vaccine/ and it can be run on any drive on your machine for removable devices.

You are given the option to "vaccinate" your machine, which means to disable autoruns from infecting your machine again, and you can enable it again (although I wouldn't).  Plus you can "vaccinate" any USB/flash or removable device so that it cannot infect your machine.  This type of malware is easily transmittable because many people use USB's.  Even though you have the malware in your Virus Chest now, you can still install this to protect yourself for the future.  I and others use it and it does not conflict with Avast.  You are just adding an extra layer of security to your system.

[safely]

hi, everybody
Thanks for the tip SafeSurf.
Today, I had installed mbam, and run it with its latest data base.
Of course it found another one. Here is the log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4901

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

21/10/2010 13:59:25
mbam-log-2010-10-21 (13-59-25).txt

Scan type: Quick scan
Objects scanned: 138053
Time elapsed: 6 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DRM\amty (Worm.Autorun) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
After mbam found it and finished scanning, I was pointed to clean, but without any restart of the machine.
Though, still can't understand this mbam. Does it deleted this worm, or just moved to quarantine, because now it shows me beeing in quarantine.
So, my question for you guys, is what to do with these three items: two in VC of Avast and one in quarantine of mbam?
Thanks a lot for your help.

[essexboy]

It was just a stray registry key - so no reboot was needed

[safely]

It was just a stray registry key - so no reboot was needed

Thanks, I was thinking about, like superhacker sad in its first post.
But I am still asking you, what to do with these three items (see my previous post)
Is it safe to delete them from quarantine and from VC?
This action wil not damage anything in my OS?
Thanks again

[SafeSurf]

It is always safest to leave things in the Virus Chest (VC) for a good 1 - 2 weeks (we usually recommend 2 weeks) because Avast does updates in the meantime that may fix things that can later be restored if the item was an important file.  Items that are in the VC are safe there and cannot go anywhere or harm your machine.  The same holds true with MBAM; when they are in quarantine, they are safe there, so leave them there.

If Essexboy gives you different advice since he is the expert in malware removal, go with what he says.  I am just suggesting what we as Evang. suggest to users.