reply to post by ProudBird
A little more description would be nice.
From what you are describing, it sounds like one of those nifty little java-exploits that likes to monkey with things and inform you that you have a
virus on your computer (and $30 will fix all your problems...).
They often take the name of popular security products in an attempt to fool people into believing they are legitimately representing.
What these nifty little buggers do is use a java exploit to drop a file into your local user directory and modify your registry so that everything you
attempt to do runs through this program. Thus, web browsers open up to "you have a virus!" (no #), and you get pop-ups all the time. It will even
do fun things like disable a lot of your administrator tools.
Now - I have active virus protection, and have still run into problems with these little guys (because, apparently, it was allowing things to still
edit the registry without permission - I've since rectified that problem). I'm not sure what -other- actions it might have been preventing.
However, I found that most/all programs will function correctly if the "run as administrator" flag is used in their execution, as this bypasses the
program (which is set, in the registry, to run everything through).
Simply deleting the file makes things even more fun (presuming you use task manager or something else to track it down; you won't find it by looking
at the programs menu for obvious reasons). Since the registry attempts to run -everything- through that program, Windows doesn't know what the hell
to do when you attempt to run something.
The easiest method I found to fix the problem is delete the file and do a system restore. That corrects the registry edits made and just leaves one
Since correcting my firewall and active settings to be paranoid about registry changes, I've noticed that the java exploit still allows for the
dropping of a file, but can no longer activate it to change registry settings. Although why that hasn't been fixed by now, and why it doesn't show
up in virus scans, is beyond me.
Otherwise... you could have an older form of malware that I've not encountered in some time. It writes itself to the disk in several locations, then
keeps itself in memory. If you kill the active process - it has flagged itself, somewhere, to be re-started (like how Explorer.exe will reset if
killed). The active program continually checks where it was written to, and will write a copy if it is deleted (some will even compare the file to
ensure it isn't a renamed substitute.
Fixing the damage done by those is best left to a tool that patches the registry, as well. But you can kill them by booting into the command prompt
and deleting the file in its various incarnations.