I am using Windows ME. My virus detect program (McAfee) detected the unwise.exe file in C:\windows as a trojan virus, but couldn't clean or delete it. I copied it to a temp file and deleted it nder DOS, and when AI restartede came up with the problems Andrew did; so I copied the file back from the temp folder and it restarted ok. I looked at the F-Secure page and it says that unwise.exe is not a virus (extract below): F-Secure Computer Virus Information Pages: Unwise ... There is no virus by this name, but we occasionally get support queries about this when people find a file called UNWISE.exe from their Windows directory. ... I did a search on unwise.exe in my C: drive, and I have a number of thes files which McAfee did not detect as a virus. Can you tell me if unwise.exe is a virus, and if so how I can clean it. Thanks for any help you can give. Mike

Unwise.exe is often the uninstall for programs but I found this at the Norton site Backdoor.NetTrojan

Thanks for the info. I downloaded the instructions from Symantec - basically they are as follows: a. Click Start, and then click Run. (The Run dialog box appears.) b. Type regedit, and then click OK. (The Registry Editor opens.) c. Navigate to each of these keys: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\ HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce HKEY_CURRENT_USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run HKEY_CURRENT_USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunServices HKEY_CURRENT_USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce NOTE: Some of the keys may not exist on your system. d. In the right pane, delete the value: WinLoader %windir%\UNWISE.exe a. NOTE: This value may vary. Look for any value that refers to the files detected as Backdoor.NetTrojan. b. Navigate to the following key: HKEY_LOCAL_MACHINE\Software\CLASSES\txtfile\shell\open\command c. In the right pane, double-click the value: winampold d. Copy the contents of "Value data:", then click OK. e. In the right pane, double-click the value: (Default) f. Paste the text from "winampold" into the "Value data:" text box. g. Repeat steps f through i for each of the following keys: HKEY_LOCAL_MACHINE\Software\CLASSES\exefile\shell\open\command HKEY_LOCAL_MACHINE\Software\CLASSES\batfile\shell\open\command HKEY_LOCAL_MACHINE\Software\CLASSES\comfile\shell\open\command HKEY_LOCAL_MACHINE\Software\CLASSES\piffile\shell\open\command HKEY_LOCAL_MACHINE\Software\CLASSES\giffile\shell\open\command HKEY_LOCAL_MACHINE\Software\CLASSES\htmlfile\shell\open\command HKEY_LOCAL_MACHINE\Software\CLASSES\jpegfile\shell\open\command HKEY_LOCAL_MACHINE\Software\CLASSES\Word.Document.8\shell\open\command h. Exit the Registry Editor. Windows Me: If you are running Windows Me, the Windows Me file-protection process may have made a backup copy of the Win.ini file that you are to edit. If this backup copy exists, it will be in the C:\Windows\Recent folder. Symantec recommends that you delete this file before continuing with the steps in this section. To do this: Start Windows Explorer. Browse to and select the C:\Windows\Recent folder. In the right pane, select the Win.ini file and delete it. It will be regenerated when you save your changes to the Win.ini file in step f. Click Start, and then click Run. Type the following, and then click OK. edit c:\windows\system.ini (The MS-DOS Editor opens.) NOTE: If Windows is installed in a different location, make the appropriate path substitution. In the [boot] section of the file, look for a line similar to the following: shell = Explorer.exe %windir%\UNWISE.exe If it exists, delete everything to the right of Explorer.exe. When you are done, it should look like: shell = Explorer.exe Click File, and then click Save. Click File, and then click Exit. Reboot the computer. I followed these instructions, but found that I could not delete the values - they appear to delete, but if you return to check they are still there. In the instructions for Windows ME, I looked for the win.ini file in the C:\windows\recent folder, and there was no win.ini Can you advise me of any way I can delete the values in the nominated registry keys? Another query - the instructions for Windows ME say "Browse to and select the C:\Windows\Recent folder. In the right pane, select the Win.ini file and delete it. It will be regenerated when you save your changes to the Win.ini file in step f.". However Step f refers to the system.ini file rather than the win.ini file - is this correct? I'd very much appreciate any help! Mike