Thanks for the advice. I have eradicated all evidence of this file in
registry, C: drive, etc. Related problem I continue to have is IE
keeps auto loading and transmitting data on a specific port. I have
looked everywhere to stop IE from auto loading. Registry run areas,
autoexec.bat, system.ini, task manager, msconfig, Windows start up
menu specific and all users. Do you have any suggestions?
You've omitted from your list a few other startup axis possibilities...
config.sys, winstart.bat (either in root dir or %windir%),
win.ini, other .ini files, task scheduler, etc. There are many
registry entries that are not obvious.
Try Art's startup axis viewer from
http://www.epix.net/~artnpeg/STARTUP.ZIP
which will show you most of them. I don't know
of any specific ones that are missing.
I don't think auto starting IE is part of the activity of this
worm. You probably have other infections too. Try a trojan
scanner like Spybot Search & Destroy downloadable from
http://security.kolla.de/index.php?lang=en&page=download
(donation ware that specializes in, but is not limited to spyware)
or
Trojan Remover
From:
http://www.simplysup.com/download/trjsetup.exe
(trial version expires after 30 days).
Have you checked/reset the file sharing and/or admistrator
account passwords yet?
A full online AV scan may help identify the culprit as well.
I like
http://www.ravantivirus.com/index.php
To scan your entire pc, you have to use Internet Explorer,
with activeX etc. turned on. From the page shown above,
select Online scan in the menu on the left, then scan
without registering...
Let us know how you make out.
Regards, Dave Hodgins
