Solved detected but can't be removed

Posted on 2003-11-20
Last Modified: 2013-11-16
I have Norton system works with the latest virus list available (11/19/03)
Lately I have been getting an error message from Norton telling me it has found a virus.

So far it has given me two different paths:
c:\windows\system\sleep.exe       and
c:\documents & settings\jms\local settings\...\apdl[1].exe

when i follow norton's recommended solution to removing the virus it does not find anything. I have turned off stystem restore and started up in Safe mode -- I have even scanned the exact files -- but it does not find anything.
I have also downloaded trojan remover and hijack this -- neither of these programs finds anything.

Could someone please shed some light on this -- as I know I must have something (not to mention all the popups that appear when starting the internet).
Question by:jsnyn
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 49

Expert Comment

ID: 9789504

Author Comment

ID: 9789841
yes - those are the directions i have followed. problem is norton does not find anything -- even though when i start ie, norton will occasionally give me an error message telling me that i have the virus detected but it could not repair the file.
LVL 18

Expert Comment

ID: 9789910
see if HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{79FA9088-19CE-715D-D85A-216290C5B738}\InProcServer32 exists in the registry and delete it if it does
Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.


Author Comment

ID: 9789970
thanks for the help chicagoan - but i do not find that file in the registry
LVL 18

Expert Comment

ID: 9790052
tried deleting rather than repairing?

Author Comment

ID: 9790178
Well - i thought about deleting the sleep.exe file - but wasn't sure if that was an important file -- do you know?
LVL 13

Expert Comment

ID: 9795620
Sleep.exe allows you pc to go into standby mode. It's not part of windows, so its safe to delete it.
Apdl[1].exe looks really suspicious - this is definately not part of windows.

After checking, APDL is a Automatic Porn DownLoader program - so i would delete this also.
LVL 18

Expert Comment

ID: 9796478
If a executable file's been inserted by the malware, you can't repair it.
You can repair data files usually... .doc.xls, etc.
You can always rename a suspicious file until you've had an opportunity to compare it to a known copy.
LVL 24

Expert Comment

ID: 9800916
Consider also scanning registry for those names, but look in the keys for running at startup. Delete any in task manager before HD and rebooting. Worst case, revert to prior registry configuration, or simply reInstall the OS, for that often takes less time than debugging unless you want to get into forensics. Don't forget to grab also a personal firewall like sygate or zonealrm that can block and quickly identify the activity of these "auto" background wares, which can get you a better idea of where they came from in the first place. I think Sleep pgm is downloadable, if you want to check that.

Expert Comment

ID: 9829480
Delete the APDL and overwrite the sleep.exe with a fresh copy.
Reinstall your spyware/trojan remover and update them.
You may want to enable OS (eg:XP) firewall too other than external firewall programs.
End some of your suspicious system processes especially if they do not belong to system.

As for pop ups, personally I use pop-up stopper to block it. Its free =)

Expert Comment

ID: 9835339
Another thing you might try is booting the pc to dos and manually deleting those files....If you find them there.  If you get an access denied message trying to do that it's likely that the virus files are read only (many viruses are) and you can take care of that using the attrib command ex.

attrib -r apdl[1].exe


del apdl[1].exe

Expert Comment

ID: 9841923
try this software, it's really good.. and free

Accepted Solution

cdhill earned 125 total points
ID: 9949965
This may be overly simplistic, but have you looked in your quarantine?  I have found that Symantec AV puts things safely into quarantine but will continue to give you warnings until you deal with the quarantined item.  Searching for the item in the path given is always fruitless, and some have mistaken these warnings false positives because of it.  Unfortunately the warning doesn't actually say that the item is in the quarantine.  You may have already done this, but if not it might be worth the 20 seconds it takes.

Featured Post

Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Many old projects have bad code, but the budget doesn't exist to rewrite the codebase. You can update this code to be safer by introducing contemporary input validation, sanitation, and safer database queries.
Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question