I've been plagued by a NASTY Trojan that is there even when I reformat and recover my disk!!! This is driving me nuts. Found the following task running, then also saw it in the Registry under LOCAL_MACHINE >> Software.... Then while I was looking, the Registry was LOCKED for that item (which had a LOT of folders), and afterward, it had disappeared, been renamed somewhere. File size is 36,864 bytes. From Sys Info yr.exe c:\program files\yahoo!\yip2\hp\encwar\program\yr.exe 0xfffe36b1 32 Not Available Not Available Not Available 2000, 6, 1, 3 36.00 KB (36,864 bytes) Not Available Any clues? I can't find ANYTHING on yr.exe, yahoo! (with exclamation), or encwar

run a scan at www.housecall.antivirus.com or www.pandasoftware.com

Did you try going to Safe Mode to yank out the registry entries?

Is there any board where I could post my entire System Information Report (or significant sections of it) to have someone look and see what could be going on here? Housecall.com was jammed by the trojan when I tried to run it. I managed to finally delete the "yr.exe" file and remove it from the registry, but I'm afraid there are other copies with other names, and of course the thing always restores itself when restarting. Have tried looking into the Registry and deleting items from the "RUN", "RUN-", "RUN Services" areas, etc, but I think there are SO many entries in there that need to be deleted, and this thing is INSIDIOUS about changing the names of the files constantly. It's also insidious because it (or the remote hacker) screws up the hardware settings for my DSL modem and I have to do a software recovery AND reinstall the dsl software every time it gets jammed (at startup). How could this thing still be there even after reformat and recovery? I've wasted at least 2 weeks of my life on this thing and I'm getting tired. From sysinfo, the following were recent [Running Tasks] and [Startup Programs]. (and what the hell is this invisible directory called "c:\progra~1\..."????) [Running Tasks] kernel32.dll c:\windows\system\kernel32.dll kernel32.dll c:\windows\system\kernel32.dll kernel32.dll c:\windows\system\kernel32.dll mprexe.exe c:\windows\system\mprexe.exe mstask.exe c:\windows\system\mstask.exe yr.exe c:\program files\yahoo!\yip2\hp\encwar\program\yr.exe stmgr.exe c:\windows\system\restore\stmgr.exe explorer.exe c:\windows\explorer.exe taskmon.exe c:\windows\taskmon.exe systray.exe c:\windows\system\systray.exe mmkeybd.exe c:\program files\netropa\one-touch multimedia keyboard\mmkeybd.exe hpsysdrv.exe c:\windows\system\hpsysdrv.exe hidserv.exe c:\windows\system\hidserv.exe directcd.exe c:\program files\adaptec\directcd\directcd.exe wmiexe.exe c:\windows\system\wmiexe.exe realplay.exe c:\program files\real\realplayer\realplay.exe keybdmgr.exe c:\program files\netropa\one-touch multimedia keyboard\keybdmgr.exe kernel32.dll c:\windows\system\kernel32.dll aoltray.exe c:\program files\america online 7.0\aoltray.exe osd.exe c:\program files\netropa\onscreen display\osd.exe mmusbkb2.exe c:\program files\netropa\one-touch multimedia keyboard\mmusbkb2.exe waol.exe c:\program files\america online 7.0\waol.exe spool32.exe c:\windows\system\spool32.exe tapisrv.exe c:\windows\system\tapisrv.exe rnaapp.exe c:\windows\system\rnaapp.exe ddhelp.exe c:\windows\system\ddhelp.exe winmgmt.exe c:\windows\system\wbem\winmgmt.exe backweb.exe c:\program files\backweb\backweb\program\backweb.exe helpctr.exe c:\windows\pchealth\helpctr\binaries\helpctr.exe regedit.exe c:\windows\regedit.exe pstores.exe c:\windows\system\pstores.exe [Startup Programs] America Online 7.0 Tray Icon c:\progra~1\americ~1.0\aoltray.exe -check MoneyAgent c:\program files\microsoft money\system\money express.exe Taskbar Display Controls rundll deskcp16.dll,quickres_rundllentry ScanRegistry c:\windows\scanregw.exe /autorun TaskMonitor c:\windows\taskmon.exe PCHealth c:\windows\pchealth\support\pchschd.exe -s SystemTray systray.exe LoadPowerProfile rundll32.exe powrprof.dll,loadcurrentpwrscheme Hidserv hidserv.exe run Keyboard Manager c:\program files\netropa\one-touch multimedia keyboard\mmkeybd.exe HPScanPatch c:\windows\system\hpscanfix.exe MMTray hpsysdrv c:\windows\system\hpsysdrv.exe Delay c:\windows\delayrun.exe HPStart c:\hp\hptguide\hpstart.wsf Adaptec DirectCD c:\progra~1\adaptec\directcd\directcd.exe Tour c:\windows\wincool.exe /30m RealTray c:\program files\real\realplayer\realplay.exe systemboothideplayer LoadPowerProfile rundll32.exe powrprof.dll,loadcurrentpwrscheme SchedulingAgent mstask.exe *StateMgr c:\windows\system\restore\statemgr.exe Yahoo HP Reminder 1.0 c:\program files\yahoo!\yip2\hp\encwar\program\yr.exe

When you did the format, did you use the WRITE ZEROS to drive function? SUSPICIOUS TASKS: yr.exe c:\program files\yahoo!\yip2\hp\encwar\program\yr.exe backweb.exe c:\program files\backweb\backweb\program\backweb.exe That's way too many tasks running. START UP SUSPICIOUS: Yahoo HP Reminder 1.0 c:\program files\yahoo!\yip2\hp\encwar\program\yr.exe also, too many starting, as you should review and stop many of them. If you can't run an online scan or use your own scanning software, then you may find a likely complex registry hack to rid yourself of this, but me, I would start over and reformat, thus making sure it will be gone.