I did an online scan (Bitdefender) and it deleted 4 or 5 viruses that I didn't know I had, but it failed to delete Virtumod(C:\WINDOWS\system32\byvtr.dll), though it did detect it. I've tried deleting this file in safe mode, I've downloaded a few utilities that were supposed to delete the file before boot(Eraser, GiPo@Utilities) and that didn't work either.. I've scanned with VundoFix and it either 1. doesn't detect it, or 2. is unable to delete the file.

Anyone have any experience with this virus or have any other ideas? I get explorer errors when ever I open My Computer, My Documents,.. Etc.. Thanks

What i would do is download the following software, update them, then start the computer in safe mode and run these programs. some virus'/trojans etc cannot be removed when windows is in normal mode. download and install the below, update, go to safe mode on your pc and run.

spybot serahc & destroy 1.5 (NEW)
http://www.safer-networking.org/en/...

if you have another anti virus prog then remove before installing this one..
AVG Free
http://free.grisoft.com/

AVG Anti spyware
http://free.grisoft.com/doc/29116/u...

AVG Anti rootkit
http://free.grisoft.com/doc/29116/u...

Lavasoft adaware 2007 free
http://www.lavasoftusa.com/products...

CW Shredder standalone
http://www.intermute.com/spysubtrac...

ATF Cleaner
http://www.majorgeeks.com/ATF_Clean...

Hope this helps..

Go into Safe mode and put an execute/traverse deny permission on the file, then delete the mutha. Then scan your stuff with the above poster's suggestions.

    
 

My blog

How would I go about doing that? Right click, properties?

Thanks for the responses..

I have XP.. I keep reading to right click, the file, go to properties.. go to the security tab.. but I don't see that tab.

http://89.188.16.10/

Been getting pop ups from this address... in Mozilla.. I never get pop ups in moZilla.

And I'm infected with this virus..

Infected with: Generic.Virtumod.0012FA37

I did a google search on 89.188.16.10 and a bunch of stuff came up, but it's info from 8-9 months ago, so I went back and looked at the pop up address and searched it again, but this time used more of the address.. 89.188.16.10/GO

This search turns up results but they are in lagnuages other than English! They are fairly recent problems other people are having but of course, I can't read it. Damn.

You must be in safe mode if you are on XP Home to see that security tab. You click it, then add "everyone" as a group and put a deny permission to read/execute the file for all.

    
 

My blog

All right, thanks, dude. I'll try that.