I am running a Dell laptop (Inspiron 4100) with windows xp and dsl. I reformatted the harddrive and reinstalled xp and all my applications three days ago, but it took only 2 days of my kids browing the net for me to get infected again.
Norton antivirus 2004 finds the subject executable and identifies it as an adware.winshow threat but is unable to remove it (delete failure). The "security response" document describes its threat only to change the browser homepage and cause pop-ups, which I am in fact experiencing. When it becomes active, internet explorer goes to
www.lookfor.cc.
NAV shows the path to the executable as the temporary internet files folder, but it will now show there and it cannot be deleted. When configuring the folder to show all hidden files and not to hide system files, the q3567836.exe does not show up. I am new to windows xp, so maybe I dont know how to view and unprotect this kind of file so that I can see and delete it.
I have run through the remove procedure in the samentec security response with no success. None of the keys show up in the registry when looking for them with regedit. My Spyhunter spyware program also does not find it, but NAV always does but fails to delete it.
This question is similar to the prior question "Unable to remove Adware.Winshow" from author Vereecken. It was useful to me but:
- I did not find winshow.dll and therefor cannot delete it.
- I did not find the register keys as listed in the symantec security response
- I disabled windows messanger
- I disabled the internet tool option "enable install on demand" (too late unfortunately)
- I did find the HOSTS file and deleted it.
This appears to be something new, a variant of the old virus. It's not that damaging, but I had to reformat my harddrive to clean up the previous mess, and so lesson learned, I will have to learn how to scan and clean and maintain my system and invest in the uninteresting process just to keep a basic windows system up and running for my kids. God, I miss my Mac. So I might as well draw the line right here with this one and find some way to get rid of it. Any advise?
Thanks to all.
