a.exe problem and question about System Restore

Hello all. I just had a new hard drive put in my PC about a month ago and immediately created a 'System Restore Point'. I have XP Home and am using Avast anti virus, Zone Alarm Firewall (free version for both)

Last night I believe my PC got some kind of worm. My Zone Alarm kept saying that 'a.exe is trying to access the internet.' I did a google search and noticed that was associated with many types of worms. If you google, "a.exe removal" you will see that one site claims it's 'coolwwwsearch' yet CWshredder doesn't find anything. One site thought it was the
W32.Erkez@mm worm yet the W32.Erkez@mm Removal Tool by Symantec didn't find anything. Nothing found a problem.
Here is what I have used to try to resolve this:

W32.Erkez@mm Removal Tool by Symantec
CWshredder
Ad-Aware
Spybot S&D
A2 (Squared)
Avast
Microsoft AntiSpyware
and around the same time my problem started I tried the low rated, 'Advanced Spyware Remover' (which seemed to have false positives)
None of these worked.

The action I took was to "Find Files or Folders' and searched for a.exe but I couldn't delete it because it was in use. I ended the a.exe running process but as soon as I would end it, it would start running again. I finally did it fast enough to delete before it restarted but I suspect my problems are not over.
Surely my registry has been changed.
But what was it? Is it still there? Why is nothing detecting it? Did I resolve the problem?
_____________________________________________________________
2) My 2nd question is regarding system restore. Usually at this point of a suspected infection/computer problem, I follow the 'READ & RUN ME FIRST Before Asking for Support' thread which has me turn of System Restore. Every time I turn off system restore, I lose that restore point. I would hate lose the restore point I created after I got a new hard drive and started fresh.
Is there anyway to turn off system restore without losing previous restore points.

Any help/thoughts would be greatly appreciated.

 

Thanks.
That's a shame that the restore points are lost but that's cool that we do not need to turn it off unless we find the malware.


I'll go through the updated instructions but I can't imagine the other tools finding something the one's I listed couldn't.

If anyone has any suggestions as to what a.exe is associated with and what could repair any remove remains of it and repair any damage done, I would appreciate it. Apparently, a.exe is at a high distribution level right now.

 

Thanks for the help. Ewido did surprise me and helped me out. It found,
+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
(Whatever that is)
_______________________________
Wintaskspro looked like a good program and I wouldn't mind purchasing 'premium protection' but I don't know if I should buy that one, the premium version of Ewida or something else. Right now, Ewida and Spysweeper are being launched at 'start-up'. Since both are shareware, I am not sure how much good they are doing as a 'running process'.?!?

Anyway, thanks again for the help. (I hadn't realized how much updating had been done on the 'READ & RUN ME' thread.)

 

I think I will disable Spysweeper then and keep tying Ewido since it was the one that found malware.

I am not having problems with a.exe trying to access the internet.
My only symptom is that when I click on a link, the computer takes 10 to 15 seconds before it opens it.....almost as though a program is pre-inspecting the link. Maybe that will stop after I disable SpySweeper.

Thanks again!

 

Okay. I'll install it now. (Spysweeper) I do have MS Antispyware running so I guess I will uninstall Ewido for now.

I did update and run Ewido (The day I started this thread)

Right now I am trying to figure out why no site is recognizing Sun Java. Maybe I need to reinstall it. I couldn't find the part of the Read Me First thread where it had me install it.

 

Yes, things seem to be running better. I'll know more tomorrow when I am more active on the www.