When I first detected a virus I had alot of files that were marked as private
or hidden I guess. Thats how they showed up in the attributes and everytime
I ran anykind of scan it couldn't read them it just said access denied. I
tried to go back and make them all not private. I probably messed something
up. I was wrong about my system being clean, check out my running processes
right now. Trend reported that they had deteted and fixed a W32/Codbot-AC!
located in the WUAPI. Exe file. Does that mean that they deleted the
WUAPI.exe file? It is still here running along with MediaGateway that I have
never seen . I also found 2 registry files in my documents that were names
wuapiii.
I appreciate your time Mr. Lipman, I am trying to avoid erasing my
harddrive. If I kill the process it doesn't go away. I ran all the scans
again and none of them detected it or the MediaGateway.
RUNNING PROCESSES
csrss.exe 404 C:\WINDOWS\system32\csrss.exe Client Server Runtime Process
5.1.2600.0. © Microsoft Corporation. All rights reserved.
Explorer.EXE 1228 C:\WINDOWS\Explorer.EXE Windows Explorer 6.00.2800.1106.
© Microsoft Corporation. All rights reserved.
iexplore.exe 1556 C:\Program Files\Internet Explorer\iexplore.exe Internet
Explorer 6.00.2800.1106. © Microsoft Corporation. All rights reserved.
lsass.exe 484 C:\WINDOWS\system32\lsass.exe LSA Shell (Export Version)
5.1.2600.1106. © Microsoft Corporation. All rights reserved.
MediaGateway.exe 1392 C:\Program Files\Media Gateway\MediaGateway.exe Media
Gateway 2, 0, 0, 0. Copyright 2005
PrcView.exe 1528 C:\Documents and Settings\Terri\My
Documents\Unzipped\PrcView\PrcView.exe Process Viewer Application 3.7.3.1.
Developed by Igor Nys, 1995-2003
services.exe 472 C:\WINDOWS\system32\services.exe Services and Controller
app 5.1.2600.0. © Microsoft Corporation. All rights reserved.
smss.exe 340 C:\WINDOWS\System32\smss.exe Windows NT Session Manager
5.1.2600.1106. © Microsoft Corporation. All rights reserved.
svchost.exe 660 C:\WINDOWS\system32\svchost.exe Generic Host Process for
Win32 Services 5.1.2600.0. © Microsoft Corporation. All rights reserved.
svchost.exe 732 C:\WINDOWS\System32\svchost.exe Generic Host Process for
Win32 Services 5.1.2600.0. © Microsoft Corporation. All rights reserved.
svchost.exe 800 C:\WINDOWS\System32\svchost.exe Generic Host Process for
Win32 Services 5.1.2600.0. © Microsoft Corporation. All rights reserved.
winlogon.exe 428 C:\WINDOWS\system32\winlogon.exe Windows NT Logon
Application 5.1.2600.1106. © Microsoft Corporation. All rights reserved.
wmiapsrv.exe 1916 C:\WINDOWS\System32\wbem\wmiapsrv.exe WMI Performance
Adapter Service 5.1.2600.0. © Microsoft Corporation. All rights reserved.
wuapi.exe 1536 C:\WINDOWS\System32\wuapi.exe wuapi.exe
YPager.exe 1764 C:\Program Files\Yahoo!\Messenger\YPager.exe YPager.exe

"David H. Lipman" wrote:

> From: "Teri" <Teri@discussions.microsoft.com>
>
> | I have Adaware and Spybot installed already. My system right now I believe
> | is clean. Its got something to do with the file attributes. Read only or
> | Hidden are the only 2 options and neither one is checked on any of these. Is
> | that correct?
>
> I'm sorry... You lost me.
>
> The file attributes on what ?
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm
>
>
>