[purplehawk]

Which online scan are you using?

[kanaloa]

Not even sure of the name of it... but it's working.

[RIP!]

John feel free to holler at me if I can help u in any way.

GL man!

[kanaloa]

Thanks RIP. I'll keep you all posted on that scan... then go from there. I might just reinstall Windows.

[kanaloa]

The scanner is called: Trend Micro

http://housecall.antivirus.com/

[Yappinator]

That Actually is a great online scanner

I always have trend as a Just in case

[RIP!]

Yeah that is one of the scanners that I use. It located the infected files but wasn't able to do anything about them.

Hope it helps you tho John!

McAfee also has a free online scanner.

[kanaloa]

How did you ultimately fix the problem on yours RIP?

[kanaloa]

I'm currently running that scan from another Windows XP installation on that machine. I'm hoping since it's installed on a seperate drive I can delete all those pesky things and not have problems... but i'l have to wait and see.

[RIP!]

John did you see my post on the two tools I end up using?

There is a registry key that trojans modify about 90% of the time, that is what keeps you from being able to stop the running processes and removing the file .... let me get the info on the key for ya. BRB

Ok .... here we go:
In the registry key

HKEY_LOCAL_MACHINE\Software\CLASSES\exefile\shell\open\command

the Trojan changes the (Default) value to:

wmmiexe.exe "%1" %*

This causes the Trojan to run when you run an .exe file.

But what I learned John was that the file name can be just about anything. So just look at that particular key and make sure it reads
"%1" %" with no file name at all.

*I would stop system restore from runing and reboot.*
But before you remove this, if your scanners are finding any files infected. Make sure they aren't running through your task manager (shift-ctrl-esc Processes) dbl click image name to arrange them in Alpha Order, then click the name of the program and then End Process.

(John I know this is basic stuff to you, but it was for others sake)