I know the cf-comm is riddled with computer gurus so I was hoping someone might be able to help me.
I seem to be infected with a virus that nothing seems to find. Before the new year I noticed in task manager that I was getting extra instances of iexplore.exe running. If I had two IE's running there would three instances, sometimes four. It seemed pretty benign and for the most part I would just close the extra ones and ignore the problem. However after coming back from the holidays I was unable to open IE. It would tell me that Internet Explorer could not be found when I would click the icon. I did some Googling and after doing some reading and searching found an errant registry entry. In HKEY_LOCAL_MACHINE > SOFTWARE > Microsoft > Windows NT > CurrentVersion > Image File Execution Options I found an entry for iexplore.exe. In the entry there is a key for Debugger and the value is C:\WINDOWS\system32\klomp.exe. I delete the entry and can run IE again. When I run IE the entry is re-added and IE breaks again. If I rinse and repeat I can get IE to work but every time it adds the entry. I've searched my registry for "klomp" and can't find it anywhere else. I've run multiple full scans with Symantec Corporate Edition (it's my work compy and that's what the company has) and it doesn't find anything. It has updated virus defs. However when I run IE Symantec pops up and tells me it's identified Trojan.Vundo and removes klomp.exe from the windows/system32 folder. I've run HouseCall from TrendMicro and it doesn't find anything. I've also downloaded and run the Trojan.Vundo removal tool from Symantec and it tells me that Vundo isn't on my system. Any ideas? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-community/message.cfm/messageid:283957 Subscription: http://www.houseoffusion.com/groups/cf-community/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.5
