Omigosh!I have the virus from kazaa!it's causing me so much problems!I have the mcfree's virus scan but it wont delete!how do i get rid of this virus once and for all?

kim, make sure your MCAfee is up to date...then follow below if you have Windows ME/XP.. Disabling System Restore Windows ME and XP utilize a restore utility that backs up selected files automatically to the C:\_Restore folder. This means that an infected file could be stored there as a backup file, and VirusScan will be unable to delete these files. You must disable the System Restore Utility to remove the infected files from the C:\_Restore folder. WindowsME 1. Right click the My Computer icon on the Desktop and click on Properties. 2. Click on the Performance tab. 3. Click on the File System button. 4. Click on the Troubleshooting tab. 5. Put a check mark next to 'Disable System Restore'. 6. Click the 'OK' button. 7. You will be prompted to restart the computer. Click Yes. Note: To re-enable the Restore Utility, follow steps one to seven and on step five remove the check mark next to 'Disable System Restore'. WindowsXP Disabling the System Restore Utility (Windows XP Users) 1. Right click the My Computer icon on the Desktop and click on Properties. 2. Click on the System Restore tab. 3. Put a check mark next to 'Turn off System Restore on All Drives'. 4. Click the 'OK' button. 5. You will be prompted to restart the computer. Click Yes. Note: To re-enable the Restore Utility, follow steps one to five and on step three remove the check mark next to 'Turn off System Restore on All Drives'. then run a complete scan of your system... what Symantec (Norton) says about the Benjamin... When W32.Benjamin.Worm is executed, it does the following: It copies itself as C:\%System%\Explorer.scr. NOTE: %System% is a variable. The worm locates the \Windows\System folder (by default this is C:\Windows\System or C:\Winnt\System32) and copies itself to that location. It then adds the \Syscod subkey under the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft It also adds the value System-Service C:\%SYSTEM%\EXPLORER.SCR to the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run This causes the worm to run when you start Windows. How it spreads NOTE: For W32.Benjamin.Worm to spread, it requires that the KaZaA software be installed on the computer. The worm creates the C:\%Windows%\Temp\Sys32 folder. It then changes the KaZaA download folder settings so that this new folder is accessible to other KazaA network users. This allows other KaZaA users to download files from that location. The worm then copies itself into this folder using many different names that are chosen randomly from a list that the worm carries. Here are some examples: * Chterbahn Designer -full-downloader * Acrobat Capture 3.0 -full-downloader * Age of Empires-Games-full-downloader * American Pie 2 -divx-full-downloader * Baseball 2001-Games-full-downloader * Metallica - Blackened * ac dc - Fight For Your Right The worm then displays a fake error message: Finally, it waits in the background for other KaZaA users to download the worm file. recommendations Symantec Security Response encourages all users and administrators to adhere to the following basic security "best practices": * Turn off and remove unneeded services. By default, many operating systems install auxiliary services that are not critical, such as an FTP server, telnet, and a Web server. These services are avenues of attack. If they are removed, blended threats have less avenues of attack and you have fewer services to maintain through patch updates. * If a blended threat exploits one or more network services, disable, or block access to, those services until a patch is applied. * Always keep your patch levels up-to-date, especially on computers that host public services and are accessible through the firewall, such as HTTP, FTP, mail, and DNS services. * Enforce a password policy. Complex passwords make it difficult to crack password files on compromised computers. This helps to prevent or limit damage when a computer is compromised. * Configure your email server to block or remove email that contains file attachments that are commonly used to spread viruses, such as .vbs, .bat, .exe, .pif and .scr files. * Isolate infected computers quickly to prevent further compromising your organization. Perform a forensic analysis and restore the computers using trusted media. * Train employees not to open attachments unless they are expecting them. Also, do not execute software that is downloaded from the Internet unless it has been scanned for viruses. Simply visiting a compromised Web site can cause infection if certain browser vulnerabilities are not patched. removal instructions NOTE: These instructions are for all current and recent Symantec antivirus products, including the Symantec AntiVirus and Norton AntiVirus product lines. 1. Delete the value System-Service C:\%SYSTEM%\EXPLORER.SCR from the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 2. Disable screen savers. 3. Update the virus definitions, restart in Safe mode and run a full system scan. Delete all files that are detected as W32.Benjamin.Worm. For details on how to do this, read the following instructions. To remove the value from the registry: CAUTION: Symantec strongly recommends that you back up the registry before you make any changes to it. Incorrect changes to the registry can result in permanent data loss or corrupted files. Modify only the keys that are specified. Read the document How to make a backup of the Windows registry for instructions. 1. Click Start, and click Run. The Run dialog box appears. 2. Type regedit and then click OK. The Registry Editor opens. 3. Navigate to the following key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 4. In the right pane, delete the following value: System-Service C:\%SYSTEM%\EXPLORER.SCR 5. Click Registry, and click Exit. To disable screen savers: 1. Right-click on an empty area of the Windows desktop and then click Properties. 2. Click the Screen Saver tab. 3. In the Screen Saver section, click the drop-down arrow, and change the screen saver to (None) 4. Click OK. scan for and delete the infected files Tank863

How do you like kazaa now ? Removal tool > http://www.bitdefender.com/download/download.php?file=antibenjamin.exe

good one Norm.... Tank863

Everyone should read what CNET Downloads says about the most popular download at their site. According to CNET Kazaa offers protection for the Benjamin Worm. Man, talk about misrepresentation of a product to the unweary. What a sad commentary when you see someone that has to go through all the time and trouble to remove these nasties from their computer. All the best!

Here's some more instructions. If you don't want to remove it manually then you can download and run The Cleaner to get rid of it. www.moosoft.com Or you can remove it manually. Click start--run--type regedit--ok. Doubleclick on each of these: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run Open the Run key and you should see this value in the right pane: System-Service"="C:\\WINDOWS\\SYSTEM\\EXPLORER.SCR Right click on and delete that entry. Then go here: HKEY_LOCAL_MACHINE\Software\Microsoft After doubleclicking the Microsoft key you should see a 'syscod' Subkey under the Microsoft key. If it's there delete it. Then close regedit and restart the computer. After restarting find and delete a file called Explorer.scr which is the trojan. It should be in the System folder. If it won't delete due to an access denied error then delete it from safe mode. Then delete the whole Sys32 folder in your C:\Windows\Temp folder.

what do you guys suggest other than Kazaa or protection from the Benjamin worm while using Kazaa? If I decided to go with another p2p system, what is the best way to keep all the files I have already downloaded, just click and drag them to that folder?