A Win2K PC, all MS updates installed.
It was infected with a lot of spyware/malware, I was able to get rid of most of it that I found. There is one that is stuborn, but I'm not even sure what it is. It could be a virus, too, but Norton is not picking it up either. Have scanned with Ad-aware and Spybot to get rid of other spyware, but this one hasn't been detected.
In the HKEY_Local_machine\software\microsoft\windows\currentVersion\Run reg key there is a string that resembles this:
2J7LDZM2F9@NER C:\WINNT\system32\<random characters>.exe
I delete the key from the registry and in about 2 seconds, a new string will appear in the RUN key. The exe is named different things when I delete the key and run it agian.
Here are some of the names that I am getting now:
I'm pretty sure there were some other names not listed here that were showing up before, I will post them as I see them. They have all been showing up with the same name, "2j7ldzm2f9", but I thought that was different before too, before I started logging them. I could be wrong about that.
Can anyone tell me what is causing this?