A net buddy just picked up a virus off Kazaa. His home page changed to %65... I had him run highjack this and when he went to IM the result log to me my antivirus blocked it. The antivirus did not identify the threat just said the log was infected.
Had him install and run AVG latest download. It found an infected file "C:\windows\addcls.exe". AVG can not remove the file.
I suggested he try removing it in safe mode but in the mean time I could not find any reference to a virus/worm that infects/creates this particular file. My web search says the closest hit is an ATI program. The guy never had an ATI Vid card.
Ideas, comments etc.
BTW the reason he got infected. He did not install his antivirus because he thought zonealrm took care of that... Sigh.
PS Yes I have told him he needs a firewall and antivirus a hundred times.
Had him install and run AVG latest download. It found an infected file "C:\windows\addcls.exe". AVG can not remove the file.
I suggested he try removing it in safe mode but in the mean time I could not find any reference to a virus/worm that infects/creates this particular file. My web search says the closest hit is an ATI program. The guy never had an ATI Vid card.
Ideas, comments etc.
BTW the reason he got infected. He did not install his antivirus because he thought zonealrm took care of that... Sigh.
PS Yes I have told him he needs a firewall and antivirus a hundred times.