Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

Solved detected but can't be removed

Posted on 2003-11-20
Medium Priority
Last Modified: 2013-11-16
I have Norton system works with the latest virus list available (11/19/03)
Lately I have been getting an error message from Norton telling me it has found a virus.

So far it has given me two different paths:
c:\windows\system\sleep.exe       and
c:\documents & settings\jms\local settings\...\apdl[1].exe

when i follow norton's recommended solution to removing the virus it does not find anything. I have turned off stystem restore and started up in Safe mode -- I have even scanned the exact files -- but it does not find anything.
I have also downloaded trojan remover and hijack this -- neither of these programs finds anything.

Could someone please shed some light on this -- as I know I must have something (not to mention all the popups that appear when starting the internet).
Question by:jsnyn
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 49

Expert Comment

ID: 9789504

Author Comment

ID: 9789841
yes - those are the directions i have followed. problem is norton does not find anything -- even though when i start ie, norton will occasionally give me an error message telling me that i have the virus detected but it could not repair the file.
LVL 18

Expert Comment

ID: 9789910
see if HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{79FA9088-19CE-715D-D85A-216290C5B738}\InProcServer32 exists in the registry and delete it if it does
Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!


Author Comment

ID: 9789970
thanks for the help chicagoan - but i do not find that file in the registry
LVL 18

Expert Comment

ID: 9790052
tried deleting rather than repairing?

Author Comment

ID: 9790178
Well - i thought about deleting the sleep.exe file - but wasn't sure if that was an important file -- do you know?
LVL 13

Expert Comment

ID: 9795620
Sleep.exe allows you pc to go into standby mode. It's not part of windows, so its safe to delete it.
Apdl[1].exe looks really suspicious - this is definately not part of windows.

After checking, APDL is a Automatic Porn DownLoader program - so i would delete this also.
LVL 18

Expert Comment

ID: 9796478
If a executable file's been inserted by the malware, you can't repair it.
You can repair data files usually... .doc.xls, etc.
You can always rename a suspicious file until you've had an opportunity to compare it to a known copy.
LVL 24

Expert Comment

ID: 9800916
Consider also scanning registry for those names, but look in the keys for running at startup. Delete any in task manager before HD and rebooting. Worst case, revert to prior registry configuration, or simply reInstall the OS, for that often takes less time than debugging unless you want to get into forensics. Don't forget to grab also a personal firewall like sygate or zonealrm that can block and quickly identify the activity of these "auto" background wares, which can get you a better idea of where they came from in the first place. I think Sleep pgm is downloadable, if you want to check that.

Expert Comment

ID: 9829480
Delete the APDL and overwrite the sleep.exe with a fresh copy.
Reinstall your spyware/trojan remover and update them.
You may want to enable OS (eg:XP) firewall too other than external firewall programs.
End some of your suspicious system processes especially if they do not belong to system.

As for pop ups, personally I use pop-up stopper to block it. Its free =)

Expert Comment

ID: 9835339
Another thing you might try is booting the pc to dos and manually deleting those files....If you find them there.  If you get an access denied message trying to do that it's likely that the virus files are read only (many viruses are) and you can take care of that using the attrib command ex.

attrib -r apdl[1].exe


del apdl[1].exe

Expert Comment

ID: 9841923
try this software, it's really good.. and free

Accepted Solution

cdhill earned 375 total points
ID: 9949965
This may be overly simplistic, but have you looked in your quarantine?  I have found that Symantec AV puts things safely into quarantine but will continue to give you warnings until you deal with the quarantined item.  Searching for the item in the path given is always fruitless, and some have mistaken these warnings false positives because of it.  Unfortunately the warning doesn't actually say that the item is in the quarantine.  You may have already done this, but if not it might be worth the 20 seconds it takes.

Featured Post


Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is written by John Gates, CISSP. Gates, the SNUG President-Elect, currently holds the position of Manager of Information Systems at Lake Park High School in Roselle, Illinois.
What's worse than having your data encrypted by ransomware? Getting attacked by a so-called "wiper," which simply destroys the data and offers you no hope of ever seeing it again.
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question