I've had a piece of spyware on my computer for almost a week now in the form of a process called wininigo.exe. I don't know what it does, but it slows my ADSL connection down to slower than that of a 28k modem, so it can't be anything good (DOS attacks most likely), and a previous post here confirmed that it is malware. Obviously I kill the process every time I log on, but I want to get rid of it for good. I've run AVG antivirus (no, not just the free editio), ad-aware and spybot s&d, but none of them pick it up. I've tried searching for the executable itself, but to no avail. I've tried deleting every reference to it in the registry, but it just came right on back. Please, help me, this thing has to die!

When you were serching for this thing did you incude hidden files in the search? The wininigo.exe could also be running in conjunction with another ??.exe so when you end the wininigo.exe proccess with "task man" the ??.exe deletes the wininigo.exe and will "give birth" to a new wininigo.exe when you restart your comp. clean out your temp folder and turn off system restore for starters cos when/if you find wininigo.exe and delete it you will create a copy of it in the system restore folder. BO-YAK-ASHA

I found my WinXP Pro registry had been modified (Microsoft Update sections) to run wininigo.exe, root.exe and, in one place, snlogsvc.exe. These appear to be all correlated (ei, identical), with approximately 380KB in size. None of my AV software detected the threat, although I had received warnings that the registry settings were being modified at times, and occasional attempts to connect to a remote server noted when the connection dialog prompt appeared in spite of no other user activity. Using a TDS-3 process scan on root.exe while it was loaded identified it as a trojan (no specific info given). I would kill any processes root.exe or wininigo.exe, delete the affected reg values and then search and delete any files matching *root*.* and *winin*.* that are approximately 380KB in size. Having found some instances in IE's cached files folder, it appears that the exe is downloaded from hacked web sites by some hidden page link referencing the .exe. Tightening IE security settings should help preventing reinfection. Hope this helps.