October 3rd, 2003, 07:24 PM
i seem to have picked this up from somewhere :/
Nortons knows it's there but cannot delete it.
it tells me either it cannot delete/fix the file or it does not have permission to access the file.
i have booted 3 times since it has been detected and each time it is in a different place.
the above link gives advaice etc on how to remove and says:
"5. Deleting the value from the registry
CAUTION: Symantec strongly recommends that you back up the registry before making any changes to it. Incorrect changes to the registry can result in permanent data loss or corrupted files. Modify the specified keys only. Read the document, "How to make a backup of the Windows registry," for instructions.
Click Start, and then click Run. (The Run dialog box appears.)
Then click OK. (The Registry Editor opens.)
Navigate to the key:
In the right pane, delete the value:
Exit the Registry Editor."
but that registry entry is not there.
any ideas as to why Nortons doesn't delete the file?
and also ideas on how i can delete this virus?
ty in advance
October 3rd, 2003, 07:31 PM
I may get clobbered for this suggestion, but when I run into that situation, first of all, check and see if it is running in taskmanager (I've had some that don't show up here though)
Next step, is i go into explorer and search for every instance of the .exe file and rename to .ded (for dead bug!!) . Then reboot. If you have gotten every instance of it, you should get some kind of eror message on startup that "xxx.exe" is missing.
From there on, you should be able to delete all instances of the now renamed .ded file.
I think it is also worth noting that you should disable system restore before starting this to prevent it from "finding" itself in the backup, and reinstalling itself.
But that's just my 2 bits.... good luck.
October 3rd, 2003, 08:46 PM
You might try booting in safe mode, then running you AV scan? Make sure tha AV is up to date first.
This sometimes works, as the scumware does not load up and protect itself.
You might also try searching for "Hijack This" v1.97. It shows you what is running on your machuine, and is less likely to be "nobbled" than task manager.