J
JCO
I have a friends laptop that was full of Trojans and a few Virus problems.
I updated his Norton definitions (he hadn't done so since 11/2/04) and I
installed SpyBot. I got rid of everything except one problem. I can't
figure out how it keeps loading.
The system.ini and Win.ini are okay. The HKCU-Run has one item in which
appears to be legitimate. It has to do with the network. There's nothing
in the Start folder that would cause it either.
However, there is a process running and there is a suspicious item in the
HKLM-Run section:
When I do Ctrl-Alt-Del, that I cannot get rid of. It is random letters with
a dot exe. When I delete it, another random letters.exe file is created.
When I check HKLM-Run, there is one item that is running that I can't
identify or find any information on. When I delete it, it reappears too.
The name of that is "CheckRun=something"
When booting in Safe-Mode, I can clear both of these items out with no
problem and they don't come back. When I boot back to normal windows XP,
the problem returns. When I delete the item (process), it re-creates
another instance (process running) and makes an entry in the Registry
(HKLM-Run)
An endless cycle that I can't break up.
What can I do? Where else can it be launching from?
I updated his Norton definitions (he hadn't done so since 11/2/04) and I
installed SpyBot. I got rid of everything except one problem. I can't
figure out how it keeps loading.
The system.ini and Win.ini are okay. The HKCU-Run has one item in which
appears to be legitimate. It has to do with the network. There's nothing
in the Start folder that would cause it either.
However, there is a process running and there is a suspicious item in the
HKLM-Run section:
When I do Ctrl-Alt-Del, that I cannot get rid of. It is random letters with
a dot exe. When I delete it, another random letters.exe file is created.
When I check HKLM-Run, there is one item that is running that I can't
identify or find any information on. When I delete it, it reappears too.
The name of that is "CheckRun=something"
When booting in Safe-Mode, I can clear both of these items out with no
problem and they don't come back. When I boot back to normal windows XP,
the problem returns. When I delete the item (process), it re-creates
another instance (process running) and makes an entry in the Registry
(HKLM-Run)
An endless cycle that I can't break up.
What can I do? Where else can it be launching from?