I have seen this a couple of times on our networked PC's that I look after at work (about 30 PC's and about 40 users). The easiest way I have found to get rid of them was by hand, finding the program and the registry entries and in safe mode removing both. Can be time consuming but eventually always removable. chris ----- Original Message ----- From: "Sean Breheny" To: "Microcontroller discussion list - Public." Sent: Saturday, February 21, 2009 11:20 AM Subject: Re: [TECH] Help finding a virus >I had an interesting experience recently when a coworker brought his > PC over to the engineering area for us to fix it. It turned out that > he not only had a LOAD of viruses and spyware, but his antivirus > program itself was a virus. In other words, he had no antivirus > installed and one time he (or one of his kids) must have clicked on > one of those fake "your PC is infected!" ads and it installed a fake > AV program. It ALSO installed a fake Windows Update program. The fake > AV program was an obvious fake to anyone with moderate technical > knowledge (i.e., it popped up windows which were JPG images always > showing the same files infected) but the fake Windows Update was > actually quite good and it took us a while to figure out that it was > fake. > > Sean > > > On Fri, Feb 20, 2009 at 4:19 PM, cdb wrote: >> I can't say I'm a great expert on this, but something I've found over >> time is, if using a MS OS, then some virii like to hide in the system >> restore area if enabled, and can respawn themselves from there and >> operate quite happily from this location. >> >> The only way I've found to really delete them is to start up in safe >> mode run any anti everything tools, delete the system restore >> archive(s) (I always have sys restore disabled on my own systems) hunt >> down any strange files that seem to hook into Windows Services and >> delete and remove anything in registry and then reboot. I also >> occasionally uninstall the firewall and virus checker utility and then >> re-install a clean copy (disconnected from the WAN/LAN naturally). >> >> Is it possible for some one to have rewritten the firmware in your >> router and 'updated' it remotely? I know my router allows for external >> upgrading to be enabled. >> >> Colin >> -- >> cdb, colin@btech-online.co.uk on 21/02/2009 >> >> Web presence: www.btech-online.co.uk >> >> Hosted by: www.1and1.co.uk/?k_id=7988359 >> >> >> >> >> >> >> -- >> http://www.piclist.com PIC/SX FAQ & list archive >> View/change your membership options at >> http://mailman.mit.edu/mailman/listinfo/piclist >> > -- > http://www.piclist.com PIC/SX FAQ & list archive > View/change your membership options at > http://mailman.mit.edu/mailman/listinfo/piclist -------------------------------------------------------------------------------- No virus found in this incoming message. Checked by AVG - www.avg.com Version: 8.0.237 / Virus Database: 270.11.2/1963 - Release Date: 02/20/09 19:22:00 -- http://www.piclist.com PIC/SX FAQ & list archive View/change your membership options at http://mailman.mit.edu/mailman/listinfo/piclist