I have AVG 6.0 running, when I log off the system and leave it with the log-on screen displayed, after a few minuits I get a message from AVG saying "virus detected - worm, sddrop" gives location as "C:\system volume information\_restore{E86A136A-2DB2-4500-A053-2B90558E4F9E}\RP29\A0012557.EXE" and tells me to run AVG for Windows to remove it. I run AVG doing a full system check and it finds nothing. I tried custom test and pointed it to system volume information folder, still nothing. I tried running AVG in DOS but HDD formated NTFS and not recognised in DOS.
I dont know if it is related, but Sygate Firewall keeps telling me that svchost.exe is attempting to contact remote computer or is being contacted, whenever my broadband conection is active, different messages such as:

File Version : 5.1.2600.0 (xpclient.010817-1148)
File Description : Generic Host Process for Win32 Services (svchost.exe)
File Path : C:\WINDOWS\system32\svchost.exe
Process ID : 0x2D0 (Heximal) 720 (Decimal)

Connection origin : remote initiated
Protocol : TCP
Local Address : 81.107.203.9
Local Port : 135 (EPMAP - Location service - Dynamically assign ports for RPC)
Remote Name :
Remote Address : 81.107.200.156
Remote Port : 4816

Any help greatly appreciated.

Matt

Matt, the worm is in your "system restore" files. No antivirus program can clean/delete/quarantine items in those files. You need to turn off "system restore"(My Computer>Properties>System Restore Tab) and then restart your computer. Then run you scan with AVG and if the system is clean, you can turn "system restore" back on. I recommend you set it to 4% instead of the default 12% if you have a large harddrive to save drive space. Take care and all the best!

You can try Trojan Remover 6.16 this program is a 30 days trial freeware, but fully updated of the most recent trojan's signatures. The program works independantly of all windows system, and is able to go to the "system restore files", just read well the "helpme" file in order to use correctly the two scans embaded into the program, one to check any malicious signature in the memory, second one to hunt, detect, neutralize or eradicate the worm hidden in your hard drive....
Good luck

Cheers capt & imp, followed inst., and (tuch wood)seem to have eradicated worm.
Turned off system restore and re-ran AVG - nothing found. dwnl'd Trojan remover - nothing found. so suspect worm was just laying dormant in system restore.(wish I'd done in reverse order).
I'm still worried by the fact that Windows Update and IE would not run although they were listed in task manager, after scans, until I rebooted, and I'm still getting mssgs from Sygate That svchost.exe is attempting to access the network, Have turned off Windows Auto Updates etc. don't know whats causing this.
Tell me about "HighjackThis" - If I post a log here can anything in it be used for mallicius purposes?

Thanks again Matt.