Malwarebytes picked this one up on my laptop. It's my 1st "bad" Trojan. Thankfully it has not yet hit my desktop via home network. It got past ZA & AGV free. (I'm now switching to Avira & Comodo). Laptop is running XP SP3 Home Edition, C:\ drive not partitioned.


I've spent 1 1/2 days cleaning/scanning with:
Malwarebytes
CCleaner
SuperAntiSpyware
RootRepeal
MGtools
Combofix

Once laptop appears to be clean, I need to rerun some of those last progs and post logs just to be certain.

I left System Restore On so that would get cleaned as well. (Hope that was the right thing to do, figured turning if off just left Trojan in there?)

I just re-ran Malwarebytes and it's showing something different now, all entries appears to be in System Restore, results below.

My question is
1) should I go ahead and let Malwarebytes remove these files, or should I do it manually in Safe Mode? (I've read that Malwarebytes migtht not be able to effectively delete due to lack of Adminst permission to access these particular files?)
--------------------------------------------
Malwarebytes' Anti-Malware 1.44
Database version: 3648
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18372

1/29/2010 7:18:03 PM
mbam-log-2010-01-29 (19-17-12).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 166932
Time elapsed: 1 hour(s), 2 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{717DED14-B9DD-4C52-8322-6043B9687C5A}\RP418\A0061933.sys (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{717DED14-B9DD-4C52-8322-6043B9687C5A}\RP418\A0061971.com (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{717DED14-B9DD-4C52-8322-6043B9687C5A}\RP418\A0062045.sys (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{717DED14-B9DD-4C52-8322-6043B9687C5A}\RP418\A0062069.com (Trojan.Agent) -> No action taken.
---------------------------------------------------

TIA!
Kat