according to f-secure antivirus there is a trojan horse in C\SYSTEM_VOLUME_INFORMATION\RESTORE\{XXXXXXXXXXXXX XXX}
x= various numbers and letters

however f-secure is unable to delete it, only rename it. the problem is i cant find this specific folder. i assume its a registry file of some sort.

but how do i find it and remove it? anyone know were this folder is?

This is the Windows XP System Restore information.
It is a hidden folder on the drive.
AntiVirus programs are unable to modify/change the content of the System Restore folder.
If it has been infected with a virus then your system will be reinfected anytime you use the System Restore option.
Your only option is to disable System Restore, reboot and re-enable it. You will loose any previously created restore points but that is of little consequence since they are infected.

How to turn off or turn on Windows XP System Restore (http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001111912274039?OpenDocument&src=sec_doc_nam)

You could delete it manually This way you only delete the infected restore point you need to enabnle showing hidden files and folders under folder options also disable use simple file sharing both under tools > folder options > view


then go to c:\ and right click on the system volume folder select properties and select security you will need to add a user to be able to access the folder if your user name is myusername or as its temporary typing in everyone should do just type that in the user to add and ok it now you should be able to access the folder search for the file in question and delete it best to delete the folder its in i.e sr1 tip you can search just the system volume folder by right clicking on it . You might want to remove your access permissions when your done to.

Note run a scan again after this incase its installed anything anywhere else.