Hi, I recently had my bank account info stolen and someone attempted to go on a shopping spree, so after taking care of that with the bank, I thought perhaps my info had been stolen electronically. I have McAfee and Zonealarm installed and NoScript on Firefox, so I failed to see how I could really get any sort of a trojan. Then I downloaded and ran Avast! and it found something in my windows restore directory called Win32: Tibs-BOO [trj], and oddly enough it also said it found it in H:\System Volume Information\_restore{47F399C9-6448-49BA-9427-F89ECF8016BD}\RP647\A0299176.exe and I have nothing but data files on that drive, there is not a single program on any drive but C. Here's the log, it claims it can't remove it: 3/24/2008 1:37:02 AM SYSTEM 2000 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004. 3/24/2008 1:37:36 AM SYSTEM 2000 An error has occured while attempting to update. Please check the logs. 3/24/2008 2:40:42 AM Karasu-kun 3636 Sign of "Win32:Tibs-BOO [Trj]" has been found in "H:\System Volume Information\_restore{47F399C9-6448-49BA-9427-F89ECF8016BD}\RP647\A0299176.exe" file. When I searched for this Tibs-BOO, nothing came up except for a few results in French, Chinese and Japanese, no English reports on this specific virus. Also, occasionally, and as I was running AVG Anti-Spyware just now, and it detected the same thing in the same folder, my computer will pause for like 2 minutes or so and then when it restores itself, McAfee will be turned off and needs to be restarted manually. (I'm getting rid of McAfee after it failed to detect what the freeware found.) Anyway, does anyone have any experience with this, what it is and what it does? Could this have compromised my CC info? Normally I would just ask how to clean it, which, how would I if Avast and AVG won't, but I want to know that if I'm putting my new bank info online that I'm not going to be at risk again. I've used this comp with its current setup without reformatting for 2+ years now, don't really engage in any high-risk stuff with executables, and regularly do business online with my card, my banking, purchasing, Paypal, et cetera and I always make sure there's a secure connection I'm dealing with when submitting my info, so I don't know. Any help/words of advice would be greatly appreciated.

Just turn off system restore on your H: drive and reboot, you can go back and turn it back on after you re boot. Righ click My computer then properties then system restore tap. High light the H: drive click settings then, turn off system restore on this drive.