I'm having this problem with a continuous reapearing virus and I can't seem to get rid of it.It always pops up when I'm connecting to the internet.I think it has something to do with my yahoo messenger since I always get this warning during the time my messenger is making a connection.I reinstalled the yahoo messenger a couple of times but that doesn't help.Did a virusscan with system restore disabled and that didn't help either.It's not harming my system(I think) or at least it hasn't done that yet but I'm getting kinda bored of deleting it all the time.
Anybody ever heard of this one and knows a way to get rid of it for good?
http://www.uploadit.org/files2/181103-av-virus.jpg

It sounds like this (http://securityresponse.symantec.com/avcenter/venc/data/backdoor.lithium.html) maybe what you have :huh:

Originally posted by ZaZu@18 November 2003 - 06:30
It sounds like this (http://securityresponse.symantec.com/avcenter/venc/data/backdoor.lithium.html) maybe what you have :huh:
maybe,but I forgot to mention that there are times it only shows up after I restarted my comp for the second time.
What i'm trying to say is that if I start my comp(internet),let's say 8 times in a week,it only reports me this virus 4 times(in other words every second time).
And why does it reapear since I've deleted it for like a hundred times?

saw zazu's link, looks a hell of alot like what you got
use that page to help you clean your registry out, and you might have to manually delete the file it shows in your windows directory (if your AV wont do it)

get a better resadent AV
I like avg
http://www.grisoft.com much better than most I have come across

I did the folowing as advised:
Click Start, and then click Run. (The Run dialog box appears.)
Type regedit

Then click OK. (The Registry Editor opens.)


Navigate to the key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run


In the right pane, delete any of the following values:

"Registry Services" = "C:\WINDOWS\SYSTEM\Registry32.exe"
"Shell32" = "Iexplorer.exe"
"Windows Root Account" = "Root32.exe"


Navigate to the key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
RunServices


In the right pane, delete any of the following values:

"Windows Root Account" = "Root32.exe"
"Shell32" = "Shell32.com"


Exit the Registry Editor.

But I didn't come across any of those.Didn't see any values with "Root32.exe or "Shell32.com" :huh:

Originally posted by muchspl2@18 November 2003 - 07:21
get a better resadent AV
I like avg
http://www.grisoft.com much better than most I have come across
looked up a review on sofotex (http://www.sofotex.com/cgi-bin/ls/review.cgi?ID=1839&nh=2) and looks like my AV is good enough to deal with this.It get's a 4 star rating :huh:

your right, its doing such a great job at getting rid of it :rolleyes: