I can't get rid of a virus I have. Please help. I'm using AVG and when I enter, I got a message tell me I have a Trojan horse Dyfica.H under 'System Volume Information'. But later, when I'm in, and re-scan with AVG, it detect nothing. I try to check under 'System Volume Information', but the I can't get there (can I do it with Command Prompt ?). I used Spybot Search and Destroy, and it cleanup a lot of mess, but it didn't solved this problem. Can anyone help me with it ? Here is my Hijackthis log file: (Anyone know what is the Mixer.exe I have ?) ---- Logfile of HijackThis v1.97.7 Scan saved at 21:36:59, on 14/12/2003 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.exe C:\PROGRA~1\Grisoft\AVG6\avgserv.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\Mixer.exe C:\WINDOWS\System32\LXSUPMON.exe C:\Program Files\Ahead\InCD\InCD.exe C:\WINDOWS\essspk.exe C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\SpywareGuard\sgmain.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\Program Files\AntiVirus\HijackThis.exe O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O3 - Toolbar: &רדיו - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.exe RUN O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O9 - Extra button: Related (HKLM) O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM) O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37955.3735069444 ----

I've had the ".F" variant of that trojan,and AVG fixed/let me fix it everytime.Don't know what tell you about that,but,I will offer you this; Microsoft Knowledge Base Article - 309531 / How to Gain Access to the System Volume Information Folder

Thanks, I see what I can find in it. I think that if my machine is currently cleared from any other virus/Trojan etc (according to the above Hijackthis log). I would simply delete all my restore points under this folder (by disable restore, reboot, enable it and reboot again).

disable restore, reboot, enable it and reboot again rescan