I had the "windows socket error: (10049) on API "connect"" pop-up coming up five times every minute or so whenever I was NOT online, and it would also not allow me to safely shut down my computer. After checking my tasklist I found a strange file called "expiorer.exe." I deleted it and my computer seems to be fine again. However, it's still hidden somewhere on my computer so that every time I start up, I have to delete it again. Apparently it's a backdoor virus... here is the info my friend found on it: http://www.avp.ch/avpve/trojan/backdoor/thething.stm I tried to follow their "fix" directions, but that didn't work. The file is simply not showing anywhere. Next stop will be to try to find it in dos. I'm in NO way computer savvy, so I don't know how it'll go. Any suggestions on how to find things and KILLLLLLL them in dos? (die, you stupid piece of hidden poo!!) Thanks -Kelly

hi mrsbenfolds, here's some info on the trojan the thing: Name: The Thing Aliases: Win32.TheThing.16 Trojan, Backdoor.TheThing.a, Ports: 6000, 6400 (ports can be changed) Files: Thing.zip - 194.000 bytes Thing11.zip - 202,116 bytes Thing1.11.zip - 194,345 bytes Thing112.zip - 175,996 bytes Thing12.zip - 175,729 bytes Theth15.zip - 709,962 bytes Thething15.zip - 711,554 bytes Thing16.zip - 910,077 bytes Things.zip - 4,731 bytes Client.exe - 309,248 bytes Client.exe - 349,184 bytes Client.exe - 468,480 bytes Client.exe - 479,232 bytes Newclient.exe - 927,232 bytes Thing.exe - 33,498 bytes Thing.exe - 51,612 bytes Editsrv1.exe - 346,112 bytes Editsrv1.exe - 641,536 bytes Hello.exe - 8,192 bytes Explorer.exe - Windll32.exe - 34,838 bytes Wsasrv.exe - Ms097.exe - Netxvld.exe - 40,960 bytes Winspc13.exe - Created: May 1999 Requires: Actions: Remote Access / ICQ trojan Version 1.6 autoloads through changes in System.ini and Win.ini.1.5 uses Registry and System.ini to autoload. Versions: 1.00, 1.1, 1.11, 1.12, 1.2, 1.5, 1.6. Not updated any more. Registers: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\version 1.00-1.1:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SessionManager\Known16DLLs\ hope this helps, murve

delete the file open wordpad, type something, save it to the same directory open up that directory rename the file to "expiorer.exe" select it, right click for menu- select properties-check read only Now you have disabled the effects but not the cause. If the virus tries to make a new "expiorer.exe" then it will encounter the read only file and fail. If it check for "expiorer.exe", it finds it but it's just the useless file you made in wordpad. Check your in msconfig, the win.ini file under windows for a load= or run= They should be blank otherwise make them blank. Then go into c:\windows and "read only" the win.ini file. It stops alot of viruses but it also stops you from changing defaults. If your computer is over 1 year old then you may not notice it since you have it the way you want it anyway. Suggest you get a program like "go back" or "backup mypc" (a hard program to get used to but will destroy most viruses by repair)