I have a virus that Norton AntiVirus can not get rid of.  I have tried
Ad-ware and Norton in safe mode and disabling System Restore and
nothing.  It's in C;|Windows\system32\jgs593.dll.  Help

---

Request for Question Clarification by sublime1-ga on 17 Jul 2006 21:22 PDT

henryken...

You probably already know that a search for that specific filename
is fruitless. Even if Norton or AdAware can't remove it, do they
recognize it at all, and do they give you any clues as to its name
or other details? Without something more to go on, it will be very
difficult to assist you.

One option I can suggest is to obtain a program which will delete
that spedific file on reboot. Here's a freeware shell extension
which will do that for you:
http://www.snapfiles.com/get/removereboot.html

Let me know if this resolves your problem, or what else you can
tell me that might assist me in helping you further...

sublime1-ga

---

Clarification of Question by henryken-ga on 19 Jul 2006 07:17 PDT

sublime1 & storm - thanks for responding.

Norton Antivirus recognizes it as a high risk virus.  Object name is
C:\windows\system32\jgs593.dll and the virus name is Downloader.  I
followed Norton's instructions to delete it, i.e., turn off system
restore, in safe mode, update virus definitions, re-scan and delete. 
However, when I tried to delete it came back with it can't as the
program is in use, close other programs.

I tried snapfiles, but when i rebooted it came back with Run-time
error "70", Permission denied. Also, went to Microsoft and ran their
program to find malicious files on Windows XP and it found nothing. 
Will probably try Kaspersky online scanner tonight, if I feel like
sitting in front of that damn computer.  I have tried 3 other
programs, not sure of exact names, Ad-ware, Spyware and the other
program opens files in use so you can delete all.  None have worked.

---

Request for Question Clarification by sublime1-ga on 19 Jul 2006 16:47 PDT

henryken...

Usually you receive the error that the file cannot be accessed because
it is in use due to the fact that you're booting normally, which allows
startup scripts to launch those processes. Starting in Safe Mode by 
pressing the F8 key just as Windows is starting (while the screen is
still black) will bypass your startups and allow you to delete the
file manually, even.

A more advanced picture of exactly what's going on can be created
by downloading and running  HijackThis - preferably after a clean
normal boot, before you open any other programs:

Download HijackThis (freeware) here:
http://www.merijn.org/downloads.html

You can then post the log it produces here or on the following
pages for analysis (if you don't know what to look for, post
them here):

http://www.exelib.com/hijack

http://www.hijackthis.de/en

http://hjt.networktechs.com/

This will allow us to ferret out any other files associated with
your problem that may be recreating the problematic file(s).

HJT also has a delete on reboot function built in.

Let me know where this takes you...

sublime1-ga

---

Clarification of Question by henryken-ga on 21 Jul 2006 06:52 PDT

Great!  I was able to find the two offending files on HJT and then
deleted it on the reboot.  Thanks so much for your help.  Question
answered.

henryken...

Thanks very much for confirming my responses as your answer. I'll 
repost them here for the sake of future readers.

-----------------------------------------------------------------

You probably already know that a search for that specific filename
is fruitless. Even if Norton or AdAware can't remove it, do they
recognize it at all, and do they give you any clues as to its name
or other details? Without something more to go on, it will be very
difficult to assist you.

One option I can suggest is to obtain a program which will delete
that spedific file on reboot. Here's a freeware shell extension
which will do that for you:
http://www.snapfiles.com/get/removereboot.html

---

Usually you receive the error that the file cannot be accessed because
it is in use due to the fact that you're booting normally, which allows
startup scripts to launch those processes. Starting in Safe Mode by 
pressing the F8 key just as Windows is starting (while the screen is
still black) will bypass your startups and allow you to delete the
file manually, even.

A more advanced picture of exactly what's going on can be created
by downloading and running  HijackThis - preferably after a clean
normal boot, before you open any other programs:

Download HijackThis (freeware) here:
http://www.merijn.org/downloads.html

You can then post the log it produces here or on the following
pages for analysis (if you don't know what to look for, post
them here):

http://www.exelib.com/hijack

http://www.hijackthis.de/en

http://hjt.networktechs.com/

This will allow us to ferret out any other files associated with
your problem that may be recreating the problematic file(s).

HJT also has a delete on reboot function built in.


-----------------------------------------------------------------

I'm glad that helped!

sublime1-ga

Researcher gave easy instructions for an inexperienced user.

Hi henryken-ga,

Try online virus scaner: http://www.kaspersky.com/scanforvirus

in addition to my previous answer:

If you can check your file for viruses follow this link: 
http://www.kaspersky.com/scanforvirus

if you can check your system for viruses follow this link:
http://www.kaspersky.com/virusscanner 
and press "Kaspersky Online Scanner" button. 
The Kaspersky Online Scanner uses Microsoft ActiveX technologies to
scan your computer for malicious code. The scanner uses MS Internet
Explorer to scan your machine while online.

its not a virus, it's a spyware...they recreate themselves under
different names so you can't find them on norton.

henryken...

Thanks very much for the 5-stars and the rating!

sublime1-ga