My Norton Antivirus program has detected two adware programs, but refuses to take any steps to delete them. Considering that the programs listed are \WINDOWS\sysdll.reg and \WINDOWS\winlogon.exe, the reluctance seems reasonable to me. However the adware programs appear to be creating problems in my system, and I'm not sure how to deal with them. Would the Windows System Restore be able to swap them with the uninfected versions, and if so, would there be any other
serious side effects to consider. (I've never used system restore and would like to determine potential problems before using it.)
I'd only use System Restore as a last resort. If your system isn't too
far gone, I'd download and execute the following programs:
Spybot Search & Destroy (
http://www.safer-networking.org) - I think the
current download has the latest definitions, but you might want to hit
"update" before you do anything else. Once you've downloaded and run
it, set it to "Immunize" and it will block a lot of malware.
Lavasoft AdAware (
http://www.lavasoftusa.com/) - only the paid version
of this is automatic. I'd stick with the free version for now.
Download it, hit "update" to get the latest definitions, then run it.
The winlogon.exe in the WINDOWS folder is a fake. The real one lives in
WINDOWS/SYSTEM32. Take a look
I'd imagine it's the same with sysdll.reg, if it's supposed to be there
at all.
The program CWShredder also comes highly recommended for severe
infestations of CWS, although I've never used it. You can find it at
http://www.thespykiller.co.uk. They're under a lot of Denial of Service
attacks lately (blocking adware... DOS attacks... Hmmmmmm...), so I'd
only use this if I had to. Do NOT go to the original site - merijn.org
for it - that one appears to have been taken over. My hosts file won't
let me see anything on it, so I suspect it's been redirected.
Of course, none of the above advice means anything unless you have all
of your MS Critical Updates and your antivirus program is up-to-date and
running. That comes first. I'd also make sure I had a firewall
running.
Hope this helps!
~ Rosanne