Free Reg cleaner for XP? An AV program that works?

[Karen]

Anyone know of a free GOOD reg cleaner for XP?

Also a good AV program. Seems we have another VIRUS on this PC that once
again got past Norton - which is updated almost every day. This Virus
disabled alt-ctrl-del and msconfig/regedit. We can't find it to remove it
with either Norton or (on-line) McAfee. All suggestions welcome or we'll
have to do another reformat and install the OS once again. :-(

I did a "HijackThis log" but I can't seem to get it posted to the Forum. I
must be doing something wrong. I would rather avoid Forums if possible.
Any other place it can be posted?

PS I ran the also freshly updated Spy-bot, AdAware, CWShredder, BHO demon
and none of them can find or see whatever is attacking this PC.

Thanks

Thanks Karen.....

 

[Bjorn Simonsen]

Also a good AV program. Seems we have another VIRUS on this PC that once
again got past Norton - which is updated almost every day.

see my reply in <or same here at Google:
<http://google.com/groups?&[email protected]>

All the best,
Bjorn Simonsen

 

[Bjorn Simonsen]

This Virus disabled alt-ctrl-del and msconfig/regedit.

Is it XP home or Pro? Don't know if XP home has group policy settings,
check if it does (search windows help from the start menu). It might
be a group policy setting that disable those features have been
enabled. Try this: StarMenu -> RUN, then type gpedit.msc in the RUn
dialog and hit OK). Also make sure you are logged on to Windows as
Administrator, or with an account that have Administrator privileges,
when you try to fix said errors.

I haven't looked now, but some of the same settings can probably be
changed with a tweak manager, such as Tweakui and X-teg/X-setup
<http://www.pricelessware.org/2004/PL2004PROGRAMMING.htm#SystemTweaker>
you might want to try those anyway (in addition to windows own Group
Policy manager (gpedit) if you have it), to see what they list for
your current settings.

All the best,
Bjorn Simonsen

 

[CalamityKen]

Karen typed:

Anyone know of a free GOOD reg cleaner for XP?

Also a good AV program. Seems we have another VIRUS on this PC that
once again got past Norton - which is updated almost every day. This
Virus disabled alt-ctrl-del and msconfig/regedit. We can't find it
to remove it with either Norton or (on-line) McAfee. All suggestions
welcome or we'll have to do another reformat and install the OS once
again. :-(

I did a "HijackThis log" but I can't seem to get it posted to the
Forum. I must be doing something wrong. I would rather avoid Forums
if possible. Any other place it can be posted?

PS I ran the also freshly updated Spy-bot, AdAware, CWShredder, BHO
demon and none of them can find or see whatever is attacking this PC.

Thanks

Thanks Karen.....

Make a folder like C:\EmergencyUtils and make copies of MSConfig.exe,
Regedit.exe and Taskmgr.exe in this folder. Rename them to MSConfig1.exe,
Regedit.com and Taskmgr1.exe You can then run them from this folder.

Post your Complete HijackThis log here.

 

[Karen]

Is it XP home or Pro?

** This is XP-Home. I need something simple and easy to use. Anything
techie-intensive will be worthless to me. I'm hopeless when it comes to
figuring out the technical details of programs. :-( That's not my end of
computing at all.

Don't know if XP home has group policy settings,

check if it does (search windows help from the start menu). It might
be a group policy setting that disable those features have been
enabled.

** I'm the owner and Admin and nothing has been disabled. They just get by
all the protection I have on here.

Try this: StarMenu -> RUN, then type gpedit.msc in the RUn

dialog and hit OK).

** It says windows cannot find it (gpedit.msc).

Also make sure you are logged on to Windows as

Administrator, or with an account that have Administrator privileges,
when you try to fix said errors.

** Do you mean in Safe Mode? It can't find it in this mode.

I haven't looked now, but some of the same settings can probably be
changed with a tweak manager, such as Tweakui and X-teg/X-setup

** What settings?

<http://www.pricelessware.org/2004/PL2004PROGRAMMING.htm#SystemTweaker>
you might want to try those anyway (in addition to windows own Group
Policy manager (gpedit) if you have it), to see what they list for
your current settings.

** I'm the Admin and owner.

All the best,
Bjorn Simonsen

Karen........

 

[Karen]

Karen typed:

Make a folder like C:\EmergencyUtils and make copies of MSConfig.exe,
Regedit.exe and Taskmgr.exe in this folder. Rename them to MSConfig1.exe,
Regedit.com and Taskmgr1.exe You can then run them from this folder.

** I will do this ASAP. The worm/virus (which nothing seems to find) had
disabled these. I will "copy them" them from WExp.

Post your Complete HijackThis log here.

** Here it is:

Logfile of HijackThis v1.97.7
Scan saved at 7:46:46 AM, on 4/15/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\System32\SYSTEM2.EXE
C:\Program Files\DIRECWAY\BIN\dpcstart.exe
C:\PROGRA~1\DIRECWAY\bin\dpcproxy.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\DIRECWAY\bin\dpcnav.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Documents and Settings\Owner\Local Settings\Temporary Internet
Files\Content.IE5\T3VJPXSE\HijackThis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.heartoftn.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://us8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://srch-us8.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://us8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://srch-us8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://srch-us8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://us8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://srch-us8.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyServer = http=127.0.0.1:83
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program
files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} -
C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [MSConfig]
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [QD FastAndSafe]
C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [System Terminal] SYSTEM2.EXE
O4 - HKCU\..\RunOnce: [System Terminal] SYSTEM2.EXE
O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O4 - Global Startup: Dpcstart.lnk = C:\Program
Files\DIRECWAY\BIN\dpcstart.exe
O8 - Extra context menu item: &Google Search - res://c:\program
files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &ieSpell Options - res://C:\Program
Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: &WordWeb... -
res://C:\WINDOWS\wweb32.dll/lookup.html
O8 - Extra context menu item: Backward &Links - res://c:\program
files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program
files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Check &Spelling - res://C:\Program
Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Si&milar Pages - res://c:\program
files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program
files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: ieSpell (HKLM)
O9 - Extra 'Tools' menuitem: ieSpell (HKLM)
O9 - Extra 'Tools' menuitem: ieSpell Options (HKLM)
O12 - Plugin for .bcf: C:\Program Files\Internet
Explorer\Plugins\NPBelv32.dll
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) -
http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4351/mcfscan.cab
O17 -
HKLM\System\CCS\Services\Tcpip\..\{4027C9D0-ABA5-4111-A56F-387EEC5C221D}:
Domain = direcway.com
O17 -
HKLM\System\CCS\Services\Tcpip\..\{4027C9D0-ABA5-4111-A56F-387EEC5C221D}:
NameServer = 66.82.4.8

 

[CalamityKen]

Karen typed:

** Here it is:
C:\Documents and Settings\Owner\Local Settings\Temporary Internet
Files\Content.IE5\T3VJPXSE\HijackThis[1].exe

_Important:_ Create a folder on the _C:_ drive called _C:\HJT._
You can do this by going to My Computer (Windows key+e) then double click on
_C:_then right click and select _New_ then _Folder_ and name it _HJT._
Move HijackThis.exe into this folder.
When you run HijackThis from C:\HJT folder and have it "Fixed checked" it
will create a backup file of modifications to use if restore is necessary.

Start HijackThis and tick the boxes next to all these, then close _all_
browser and explorer windows, and tell HijackThis to "Fix checked."

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://us8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://srch-us8.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://us8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://srch-us8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://srch-us8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://us8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://srch-us8.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyServer = http=127.0.0.1:83
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)

Install IE-SPYAD and SpywareBlaster updated regularly to prevent infection.
http://www.staff.uiuc.edu/~ehowes/resource.htm#IESPYAD
http://www.javacoolsoftware.com/spywareblaster.html

 

[Bjorn Simonsen]

** I'm the owner and Admin and nothing has been disabled.

Malicious software (virus/worm/trojans etc) could have done that for
you, changed some vital settings in your windows config. Users,
including your self, could also have done it - unknowingly, clicking
where they should not have clicked, answered Yes when they should have
answered No - and so on. Not saying you did, just saying anything is
possible.

To your questions, I only meant to point in direction with my post (as
in - the problem might not be a virus as such, but something else,
related to your config. But as said, malicious software could also be
involved, for example by having changed your config behind your back)
Anyway, if you are unfamiliar with XP's own configuration options,
where to look and what to look for, and you need detailed help with
that, I can only suggest you ask in a more appropriate group - where
such questions are on topic and the help hopefully more qualified,
such as for example,
<microsoft.public.windowsxp.help_and_support>
<microsoft.public.windowsxp.newusers>
<microsoft.public.windowsxp.general>

Btw I looked in one of those group just now and found a message that
deals with the Ctrl+Alt+Del not working thing, w/some links to known
threats that can cause this behavior:
<http://google.com/groups?&as_umsgid=#[email protected]>

In addition to the virus scanners you have tried, you could also try
Stinger, a free standalone scanner - as in; no need to install it,
just download and then run it (dbl-click the downloaded exe file).
It deals with only the most recent and wide spread threats. Including
the two threats (W32/Klez and W32/Yaha@MM) mention in the post I
linked to above. Get it here: <http://vil.nai.com/vil/stinger/>

<quote>
Stinger is a stand-alone utility used to detect and remove
specific viruses. It is not a substitute for full anti-virus
protection, but rather a tool to assist administrators and users
when dealing with an infected system. Stinger utilizes next
generation scan engine technology, including process scanning,
digitally signed DAT files, and scan performance optimizations.
</quote>

All the best,
Bjorn Simonsen

 

[JRC]

Hi Karen, you can try this as a removal tool
http://www.avast.com/i_idt_171.html As for an AV program, I'd love to see
you get rid of Norton and install the free version of AVG. I've been trying
this program out and so far it hasn't caused any problems. It's called
regseeker from Hoverdesk. http://www.hoverdesk.net/freeware.htm

--
John
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
"The trouble with doing something right the first time is that
nobody appreciates how difficult it was."
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''

| Anyone know of a free GOOD reg cleaner for XP?
|
| Also a good AV program. Seems we have another VIRUS on this PC that once
| again got past Norton - which is updated almost every day. This Virus
| disabled alt-ctrl-del and msconfig/regedit. We can't find it to remove it
| with either Norton or (on-line) McAfee. All suggestions welcome or we'll
| have to do another reformat and install the OS once again. :-(
|
| I did a "HijackThis log" but I can't seem to get it posted to the Forum.
I
| must be doing something wrong. I would rather avoid Forums if possible.
| Any other place it can be posted?
|
| PS I ran the also freshly updated Spy-bot, AdAware, CWShredder, BHO demon
| and none of them can find or see whatever is attacking this PC.
|
| Thanks
|
| Thanks Karen.....
|
|

 

[Karen]

Malicious software (virus/worm/trojans etc) could have done that for
you, changed some vital settings in your windows config. Users,
including your self, could also have done it - unknowingly, clicking
where they should not have clicked, answered Yes when they should have
answered No - and so on. Not saying you did, just saying anything is
possible.

## OK...

To your questions, I only meant to point in direction with my post (as
in - the problem might not be a virus as such, but something else,
related to your config. But as said, malicious software could also be
involved, for example by having changed your config behind your back)
Anyway, if you are unfamiliar with XP's own configuration options,

## I am truly unfamiliar with XP-Home it having 99% of my experience with
W95 & W98SE. :-(

where to look and what to look for, and you need detailed help with
that, I can only suggest you ask in a more appropriate group - where
such questions are on topic and the help hopefully more qualified,
such as for example,
<microsoft.public.windowsxp.help_and_support>
<microsoft.public.windowsxp.newusers>
<microsoft.public.windowsxp.general>

## Yes, thanks.

Btw I looked in one of those group just now and found a message that
deals with the Ctrl+Alt+Del not working thing, w/some links to known
threats that can cause this behavior:
<http://google.com/groups?&as_umsgid=#[email protected]

## I will check this out. All 3 are not working on my PC - I did make an
emergency folder, copy them there and rename them by adding a 1 so they can
be used.

In addition to the virus scanners you have tried, you could also try
Stinger, a free standalone scanner - as in; no need to install it,
just download and then run it (dbl-click the downloaded exe file).
It deals with only the most recent and wide spread threats. Including
the two threats (W32/Klez and W32/Yaha@MM) mention in the post I
linked to above. Get it here: <http://vil.nai.com/vil/stinger/>

## I just downloaded it and it's running now. Norton and McAfee found
nothing on second scans today.

<quote>
Stinger is a stand-alone utility used to detect and remove
specific viruses. It is not a substitute for full anti-virus
protection, but rather a tool to assist administrators and users
when dealing with an infected system. Stinger utilizes next
generation scan engine technology, including process scanning,
digitally signed DAT files, and scan performance optimizations.
</quote>

All the best,
Bjorn Simonsen

## Thank you kindly for your help.....

FS...........

 

[Karen]

Karen typed:

** Here it is:
C:\Documents and Settings\Owner\Local Settings\Temporary Internet
Files\Content.IE5\T3VJPXSE\HijackThis[1].exe

_Important:_ Create a folder on the _C:_ drive called _C:\HJT._
You can do this by going to My Computer (Windows key+e) then double click on
_C:_then right click and select _New_ then _Folder_ and name it _HJT._
Move HijackThis.exe into this folder.
When you run HijackThis from C:\HJT folder and have it "Fixed checked" it
will create a backup file of modifications to use if restore is necessary.

Start HijackThis and tick the boxes next to all these, then close _all_
browser and explorer windows, and tell HijackThis to "Fix checked."

======================================
OK, I am printing this and my husband and I will see if this helps. So far
removing some spyware/scumware (BingoGamer?), tracker cookies and a
Key-logger didn't help at all. :-(

Karen............

 

[Karen]

click
======================================
OK, I am printing this and my husband and I will see if this helps. So far
removing some spyware/scumware (BingoGamer?), tracker cookies and a
Key-logger didn't help at all. :-(

=======================================
Nope - the problem remains and no evidence of a virus, Trojan, or worm is to
be found. After being scanned numerous times all tracker cookies, spyware
and scumware have been removed and there is no difference. What else can
cause these things (regedit/msconfig/taskmonitor) to FAIL? We dread yet
another reformatting and 18 to 20 hours of reinstalling everything again.
System-Restore NEVER worked on this PC.

Karen....

 

[Karen]

Hi Karen, you can try this as a removal tool
http://www.avast.com/i_idt_171.html As for an AV program, I'd love to see
you get rid of Norton and install the free version of AVG.

* I downloaded this already as far as I know and it found - NOTHING. I just
downloaded it again and will run it as soon as I long off. I'll let you
know if it finds anything this time. Is THIS the Av program you're calling
AVG?

I've been trying

this program out and so far it hasn't caused any problems. It's called
regseeker from Hoverdesk. http://www.hoverdesk.net/freeware.htm

* I'll try it. When I had W98SE my old PC always ran better after I ran
regclean. I don't know if the same is true for WXP-Home. I'll let you
know. )

Karen....

 

[Karen]

Hi Karen, you can try this as a removal tool
http://www.avast.com/i_idt_171.html As for an AV program, I'd love to see
you get rid of Norton and install the free version of AVG. I've been trying
this program out and so far it hasn't caused any problems.

** This AV program didn't find anything either, and yet the problem
persists. According to all the AV programs we've already run, there is no
known viruses etc. on this PC.

It's called

regseeker from Hoverdesk. http://www.hoverdesk.net/freeware.htm

** The Regcleaner I used with W98SE was different. It FIXED the registry
by itself and left a backup file in it's folder. This one gave me a list of
almost 600 keys that I was supposed to choose from (????) and I haven't a
clue which should be deleted (fixed?) or kept. Also it unzipped in the zip
program (Ultimate Zip) and didn't say where a backup would go. I didn't see
a choice. UZ doesn't ask where to unzip your downloads. A little too
technical for me - thanks.

Karen....

 

[JRC]

Oooops, should have been a little more clearer. The cleaning tool is from
Avast anti-virus. I've tried installing Avast AV, and the first scan I do,
it reports a lot of false positives, figured a cleaning tool from them would
do an excellent job. AVG anti-virus is from Grisoft. They offer a pro and a
free version. http://www.grisoft.com/us/us_index.php As many different
scans that you've run, doesn't sound like you have a virus.
--
John
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
A bashful cat makes a proud mouse.
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''

|
| | > Hi Karen, you can try this as a removal tool
| > http://www.avast.com/i_idt_171.html As for an AV program, I'd love to
see
| > you get rid of Norton and install the free version of AVG.
|
| * I downloaded this already as far as I know and it found - NOTHING. I
just
| downloaded it again and will run it as soon as I long off. I'll let you
| know if it finds anything this time. Is THIS the Av program you're
calling
| AVG?
|
| I've been trying
| > this program out and so far it hasn't caused any problems. It's called
| > regseeker from Hoverdesk. http://www.hoverdesk.net/freeware.htm
|
| * I'll try it. When I had W98SE my old PC always ran better after I ran
| regclean. I don't know if the same is true for WXP-Home. I'll let you
| know. )
|
| Karen....

 

[JRC]

The way I've been doing it, is just select all and make sure it has a check
mark beside make a backup before deleting, then I delete everything. So far
no problems.
--
John
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
A bashful cat makes a proud mouse.
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''

|
| ** The Regcleaner I used with W98SE was different. It FIXED the registry
| by itself and left a backup file in it's folder. This one gave me a list
of
| almost 600 keys that I was supposed to choose from (????) and I haven't a
| clue which should be deleted (fixed?) or kept. Also it unzipped in the
zip
| program (Ultimate Zip) and didn't say where a backup would go. I didn't
see
| a choice. UZ doesn't ask where to unzip your downloads. A little too
| technical for me - thanks.
|
| Karen....

 

[Mister Charlie]

I just went thru a few days of grief trying to get rid of a low level
trojan. Don't know where it came from, but AVG (which i trust
implicitly...nothing is perfect) let it thru, then I ran the AV program
it said it 'healed' it, yet it kept reappearing.

I read in googled articles that perhaps windows media player was
responsible and I deleted wmplayer.exe. Finally I was able to get rid
of the damned thing.

I would google for that specific virus and get as much info as possible.
If you haven't already done so...

 

[REM]

see my reply in <news:[email protected]>

"As AV-client I prefer <www.free-av.com> which offers resident
protection, good on trojan/worms also in my experience (found stuff
AVG didn't)"

I tried this one, AntiVir, as Bjorn suggested and it found and removed
my contamination. The darned thing was back when I rebooted though.
This is the third clean reinstall of XP Pro. It appears that some of
my media is infected, but I still have not found the culprit disk yet.

It looks like my initial infection eminated from:

C:\Docume~1\Jimmy\Locals~1\Temp\v3h43ba00796

It then manifested in the protected restore directory.

I ended up running AntiVir, which found and removed the virus from
both locations and then I took my ME boot disk and rebooted to DOS.
I used the deltree command on C:\Docume~1\Jimmy\Locals~1\Temp
and I think I finally got the thing. I've shown clean with AntiVir,
Bit Defender, AVG, A2 and Ewido since.

I was locked down pretty tight and I still don't see how I was
infected in the first place. I hope that you have better luck than I
had in removing the virus.

 

[REM]

"JRC" <[email protected]> wrote:

Hi Karen, you can try this as a removal tool
http://www.avast.com/i_idt_171.html As for an AV program, I'd love to see
you get rid of Norton and install the free version of AVG. I've been trying
this program out and so far it hasn't caused any problems. It's called
regseeker from Hoverdesk. http://www.hoverdesk.net/freeware.htm

We were talking about Regseeker awhile back and there was someone
running Norton that had some problems with Regseeker. I think he was
running Norton Suite, where she is running Norton AV and possibly the
big suite or utilities thing.

 

[REM]

I just went thru a few days of grief trying to get rid of a low level
trojan. Don't know where it came from, but AVG (which i trust
implicitly...nothing is perfect) let it thru, then I ran the AV program
it said it 'healed' it, yet it kept reappearing.

Same here. I was using AVG and Kerio 2.1.5 on XP Pro when I got it.
I see the OP here was using XP also. I'm trying to figure out exactly
how I got the bug. What is common here? Are you using XP?

I read in googled articles that perhaps windows media player was
responsible and I deleted wmplayer.exe. Finally I was able to get rid
of the damned thing.

I did install the media player on the MS Security Update CD...