Greetings,
I have a virus that Norton can't find. It has chosen to disable a set of
executables that I happened to be using.
When you double-click, or open, these executables, they appear to do
nothing. I searched the registry and found that they were writing entries
into
HKLM\System\CurrentControlSet\Control\SessionManager\PendingFileRenameOperat
ions
The value was \??\pathtofile and sometimes @\??\pathtofile.
The excutables were odd. eclipse, java.exe, adaware's install exe. Others
seem to be working OK. Eventually, the files disappear.
I can't reinstall the files. It has their names somewhere infects them as
soon as they appear.
I've run the anti-goner tool, and it says I have nothing.
It appears to be riched20.dll based. If I try to delete riched20.dll, it
says I need a password.
I tried going into safe mode and deleting riched20.dll. That worked, but
when I reinstalled it, everything came back. In fact, I saw riched20 in
the RenameFile... registry setting.
Any guesses or help.
Thanks
FAQ
Profile
Private Messages
Log in
