Can Vundo live in system restore?

Hello to all. Last weekend, largely due to perusing excellent advice from the archives of this forum, I cleaned an infection of the Vundo trojan from my wife's laptop running Win XP. It seemed to have defeated Avast so after running the removal tool and verifying from the HijackThis log that it was gone, I uninstalled Avast and installed AVG. I ran two versions of the tool, Symantec's and VundoFix - both verified the trojan was gone.

Everything has been fine all week until today. AVG detected a new threat and identified it as a trojan installer. It "healed" the threat but in the logs it says that it is in a system restore folder and cannot heal it. However the trojan does not appear to be active, everything is working fine.

I did not delete the system restore point before running the vundo removal tool. It appears that maybe somehow the trojan got into the system restore folder, AVG can't remove it, but it can't act (maybe until that restore point is used).

My question is, can a trojan somehow get into the system restore files? Should it just be a matter of removing the system restore point, running the removal tool to ensure it does not reside on the drive, and then making a new system restore point?

Thanks for any help.

Dell Inspiron 1405
Win XP MCE
AVG - Adaware - Spybot
PC Tools Firewall Plus
Mozilla Firefox

(The system had Norton AV until last week when it expired - thats how the trojan got in there in the first place I suppose)

 

Thanks, I'm going to try it tonight.

 

Cool, trojan gone...It was living in the system restore files just waiting for the day when I would use system restore...


Avast anti-virus did not detect it. AVG did.