Twayne said:
Off the top of my head, none of those files looke like they are part of
XP, meaning they are either parts of the virus or parts of other
programs you have. Most likely they are parts of the virus.
You shouldn't need to replace them. Is everything now functioning OK?
If so, forget about them.
Usually if AV ware has removed a needed system file it will tell you it
had to delete it and that you must replace it. I don't think that
happened, did it?
I think you simply see some of the parts of the virus that were removed.
HTH,
Twayne`
The files the OP mentioned may have been legit backups. *If* the
original system files were infected, then the deletion of the backups
makes sense as the system files were most likely replaced with infected
copies.
Since Avast did not detect the original system files as being infected,
it sounds like a False Positive to me.
Most likely, Avast determined the that the files should be deleted as
per the recent vulnerability reported in IIS, which is what all of the
files except for mplay32.exe, are related to.
** To the poster ** -
You can restore the files *if* Avast just Quarantined them by opening
the Virus Chest. Click on Infected Files in the left frame, then *right*
click each file and choose Restore.
IF the files were deleted and not present in Virus Chest, suggest you
first update Avast to it's latest virus definition file, 090525-0.
Then use System Restore to roll the system back to just before Avast
deleted the files.
Avast should not delete the files again now that the latest defs are
installed.
Also ... you can get a second opinion as to the legitimacy of the files
by having them scanned here:
http://www.virustotal.com/
MowGreen
================
*-343-* FDNY
Never Forgotten
================