Greetings:
Go to one or both sites and perform scan(s) to find and delete the virus.
http://security.symantec.com/ssc/not...enid=sym&plfid
=23&pkj=AFQVPJUIYCZRWEJGSSK
http://www.pandasoftware.com/home/
Hope this helps.
-------------------Original Message------------------------
"RMB" <(E-Mail Removed)> escribió en el mensaje
news:186cb01c41b40$a23d74d0$(E-Mail Removed)...
> I have this virus which shuts down Norton antivirus and
> firewall. I have 6 corrupted files: windows\winlogon.exe,
> windows\system\service.exe, windows\systme32\fservice.exe
> wincom.exe wininv.dll and winkey.dll. I cannot delete
> the .dll files, even in safe mode as I am denied access.
> I am told that the virus exists in the winkey.dll file.
> I can delete the fservice and sservice, but they are
> regenerated inmmediately(not so under safe mode, but once
> reboot normal and they are there again). Registry changes
> noted by norton and sophos I have found and deleted, but
> they too are immediately replaced upon exiting registry,
> again even under safe mode. Have noted no infestation (or
> odd changes) of win.ini or system.ini files. In the
> registry I notice that the HK
> Root\htafile\shell\open\command is modified with a
> mshta.exe file as is the
> HKLM\software\classes\htafile\shell\open\command key and I
> have read that these are 2 common places for virus
> startup.
>
> My questions are (and excuse the small list):
>
> How do I delete the .dll files?
> What is the mshta.exe file that exists in the WIN system
> 32 file and would deleting its reference from the registry
> hurt?
> How can this virus monitor reg changes and fix
> immediately, even in safe mode and can I overcome.
>
> I have windows XP pro with all updates. I appreciate
> anyones assistance on this as Norton to date has not been
> any help.
Similar Threads
