Carl Zeilon wrote: > At 03:05 PM 8/26/2004, you wrote: > >> Drop the box into safemode with networking and then do an upgrade to >> the AV program. Also, download Lavasoft's Adaware. I had to fight a >> spyware issue on my in-laws computer. Quick rundown of steps taken: >> >> -Reboot into networked safe mode. Upgrade AV program. >> -download and install Lavasoft's adaware >> -reboot into safe mode (non-networked) and do full AV scan/clean >> -reboot into safe mode again >> -Run Adaware and fix/delete everything it lists >> -reboot and should be okay > > > Pretty close to what I've been doing as well. I run AdAware first, then > SpyBot , PestScan, then Hijack This! I've found I need all 4 to get > good results. > > >> I've found that PestScan and Spybot are completely worthless. >> >> On Thu, 26 Aug 2004 12:24:45 -0500, Carl Zeilon <pclinux at charter.net> >> wrote: >> > I've been cleaning several machines very successfully in the last >> weeks. I >> > now have one that is stumping me. Both PestScan & Norton 04AV (Hard to >> > believe!) are showing files in Windows\Downloaded Program Files. These >> > were not detected by SpyBot or AdAware. I don't see any listing in my >> > Hijack This log either. This is the directory that contains the >> active X >> > controls. There appear to be no such files, hidden or otherwise. I >> > deleted everything just for fun, but both programs still show files >> > present. Using Search for the specific files shows nothing anywhere >> on the >> > drive. Any suggestions? > > > I'm still stumped, where are these files? Are they somehow in the > Registry but not in the actual folder? > Try this (WARNING: THIS MAY, AND PROBABLY WILL, BREAK SOMETHING): Open a command prompt (no this will NOT work with any other windows editor, it must be in a DOS environment. a knoppix cd would work too.) Type in: edit "c:\windows\downloaded program files\desktop.ini" The file should look something like this (example from Win2kPro): [.ShellClassInfo] CLSID={88C6C381-2E85-11d0-94DE-444553540000} Write those lines down, or save the file somewhere else for backup. Delete those lines. Save the file. TADA!! The files will be visible from Windows Explorer now. Some of the files can be deleted, and if there are any "CONFLICT.X" folders they can be safely deleted too. Any OCX or DLL files should be unregistered before deleting. Unregister them with: "regsvr32.exe /u PATH_TO_OCXFILE" Restore the desktop.ini file to what it was before you messed with it. Shutdown the machine. Pray. Reboot the machine. That should let you kill anything in that folder with whatever methods you like. NOTE: Be careful with desktop.ini files. Windows Explorer will read a desktop.ini file in any folder. It is used to tell Windows Explorer to give up control of that folder (and sometimes all sub folders) to whatever program or dll or whatever the information in the desktop.ini file tells it to. If you want to see them in use, boot to knoppix and see what shows up with a 'find -type f -name "desktop.ini"' search, and see what each of them does. PERSONAL NOTE: I'd like to extend a thank you to the list, because of the help I've received from here and other sources, I've been able to run a much more tech friendly os. Dealing with obscure issues like this is no longer a weekly chore. Chris Frederick _______________________________________________ TCLUG Mailing List - Minneapolis/St. Paul, Minnesota Help beta test TCLUG's potential new home: http://plone.mn-linux.org Got pictures for TCLUG? Beta test http://plone.mn-linux.org/gallery tclug-list at mn-linux.org https://mailman.real-time.com/mailman/listinfo/tclug-list