Malke,
Thanks for the response. It's not my system, but one I'm working on. Just so
you know I have been in this business for many years, was an MVP a few years
back, but do to family obligations had to give it up. Years ago would
download Viruses and take them apart to see how they worked. so I'm not a
novice :>)
Quote:
Quote:
Quote:
>>>Your computer is infected and the methods you've used will not clean
>>>it.<<<
As I said the executable is gone, the process is disabled, I just need to
remove the Branch from the Registry. This system at one time was infected,
but not now. I've worked in the Registry for many years, but this is a first
that I cannot remove something, any other thoughts as to why it can't be
removed?.
--
All the best,
SG
ALEX NICHOL
(1935-2005)
http://www.aumha.org/alex.htm
You will never be forgotten my friend
"Malke" <malke@xxxxxx> wrote in message
news:uBHYxGTgIHA.2004@xxxxxx
Quote:
> SG wrote:
>
> (snippage) Quote:
>> C:\Users\User\AppData\Local\Temp\FLBPKKMMZXYZ.exe
>>
>> This rouge process is listed is Services. I have managed to Disable it,
>> however I'd like to remove entirely. I found it in the Registry, but I
>> cannot find a way to remove it. I've done everything I know even in the
>> Safe Mode and it will not let you delete, modify or whatever.
>> It has no Dependencies listed, the Service and Display names are the same
>> "FLBPKKMMZXYZ"
> Quote:
>> The one thing I did do before trying to remove from it the Registry was
>> delete the file from AppData\Local\Temp. Could this be preventing me from
>> removing the Registry entry? I wouldn't think so, but it may be the first
>> time in my life I was wrong :>)
>
> Your computer is infected and the methods you've used will not clean it.
>
> Go through these general malware removal steps systematically -
> http://www.elephantboycomputers.com/...moving_Malware
>
> Include scanning with David Lipman's Multi_AV and follow instructions to
> do
> all scans in Safe Mode. Please see the special Notes regarding using
> Multi_AV in Vista.
>
> http://www.elephantboycomputers.com/page2.html#Multi-AV - instructions
> http://tinyurl.com/yoeru3 - download link and more instructions
>
> When all else fails, run HijackThis and post your log in one of the
> specialty forums listed at the first link above (not here, please).
>
> Not all tools used will work in Vista and you will need to run them
> elevated. If you are unable to remove the infection by following the
> general steps, register at one of the HijackThis forums as suggested.
>
> Standard disclaimer: I can't see and test your computer myself, so these
> are
> just suggestions based on many years of being a professional computer
> tech;
> suggestions based on what you've written. You should not take my
> suggestions as a definitive diagnosis. If you can't do the work yourself
> (and there is no shame in admitting this isn't your cup of tea), take the
> machine to a professional computer repair shop (not your local equivalent
> of BigComputerStore/GeekSquad). Please be aware that not all local shops
> are skilled at removing malware and even if they are, your computer may be
> so infested that Windows will need to be clean-installed. If possible,
> have
> all your data backed up before you take the machine into a shop.
>
> Malke
> --
> MS-MVP
> Elephant Boy Computers
> www.elephantboycomputers.com
> Don't Panic!